Infection troyan dans win32 driver
Juliane561
Messages postés
21
Statut
Membre
-
ITOKYOPEYA Messages postés 6112 Statut Membre -
ITOKYOPEYA Messages postés 6112 Statut Membre -
Bonjour,
je m'énerve depuis 3 jours avec un #@}# de cheval de Troie qui s'est logé malgré AVG 7.5.
Un coup AVG le trouve dans le dossier systeme32/driver un coup c'est dans la restauration du système.
AVG m'alerte à chaque fois et me dit qu'il répare mais le bourrin revient toujours avec entre 3 et 9 fichiers infectés
J'ai essayer une restauration système a date ultérieure: impossible!!
Et quand j'éteins le pc il m'indique une Dll manquante juste avant l'extinction.
Je vous joins le log pour un coup de pouce.
Logfile of HijackThis v1.99.1
Scan saved at 02:54:13, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwa.dat
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Juliane \Mes documents\Juliane \Hijackthis\Hijackthis Version Française\hijackthis vf.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Juliane\Juliane .exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Juliane Coustumer] C:\Documents and Settings\Juliane \Juliane .exe /i
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.rw.search.ke.voila.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tuyana.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-DFFF3E0A3684}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-DFFF3E0A3684}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c99ea1887aba3c) (gupdate1c99ea1887aba3c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Par avance merci de votre aide car là je vais finir chauve à force de m'arracher les cheveux.--
-Juliane561-
je m'énerve depuis 3 jours avec un #@}# de cheval de Troie qui s'est logé malgré AVG 7.5.
Un coup AVG le trouve dans le dossier systeme32/driver un coup c'est dans la restauration du système.
AVG m'alerte à chaque fois et me dit qu'il répare mais le bourrin revient toujours avec entre 3 et 9 fichiers infectés
J'ai essayer une restauration système a date ultérieure: impossible!!
Et quand j'éteins le pc il m'indique une Dll manquante juste avant l'extinction.
Je vous joins le log pour un coup de pouce.
Logfile of HijackThis v1.99.1
Scan saved at 02:54:13, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwa.dat
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Juliane \Mes documents\Juliane \Hijackthis\Hijackthis Version Française\hijackthis vf.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Juliane\Juliane .exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Juliane Coustumer] C:\Documents and Settings\Juliane \Juliane .exe /i
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.rw.search.ke.voila.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tuyana.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) -
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-DFFF3E0A3684}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-DFFF3E0A3684}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c99ea1887aba3c) (gupdate1c99ea1887aba3c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Par avance merci de votre aide car là je vais finir chauve à force de m'arracher les cheveux.--
-Juliane561-
A voir également:
- Infection troyan dans win32 driver
- Realtek audio driver - Télécharger - Pilotes & Matériel
- Driver canon lbp 2900 - Télécharger - Pilotes & Matériel
- Tous les driver - Télécharger - Pilotes & Matériel
- Double driver - Télécharger - Pilotes & Matériel
- Driver cloud - Télécharger - Pilotes & Matériel
7 réponses
Bonjour,
Déjà:
http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
En suite:
Télécharges:
https://www.commentcamarche.net/telecharger/ 34055379 malwarebytes anti malware
Fais une mise à jour, actives tous des périphériques de stockages (externes compris).
Ferme ton Navigateur, MSN, Messagerie & toutes les autres applications.
Fait 1 scan complet.
Redémarres.
Remplace AVG, par Antivir.
A Firefox - cice n'est fait - ajoute le module-complémentaire NoScript
Déjà:
http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
En suite:
Télécharges:
https://www.commentcamarche.net/telecharger/ 34055379 malwarebytes anti malware
Fais une mise à jour, actives tous des périphériques de stockages (externes compris).
Ferme ton Navigateur, MSN, Messagerie & toutes les autres applications.
Fait 1 scan complet.
Redémarres.
Remplace AVG, par Antivir.
A Firefox - cice n'est fait - ajoute le module-complémentaire NoScript
Yes, ça y est je viens de charger la version 2.0.2 de hijackthis.
Je te joins le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:36:57, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0
\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0
\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0
\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Juliane \Juliane .exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-
BE1A89362C85} - C:\Program
Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-
9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-
BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-
585B10099BFC} - C:\Program Files\Veoh
Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program
Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe"
/background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh
Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Juliane Coustumer] C:\Documents and Settings\Juliane
Coustumer\Juliane Coustumer.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default
user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites -
https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-
AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-
092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.rw.search.ke.voila.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo
Upload Control) -
http://tuyana.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox
Plug-in) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online
Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object)
-
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
(CPlayFirstDinerDashControl Object) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-
DFFF3E0A3684}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-
DFFF3E0A3684}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}
- C:\Program Files\Logitech\Desktop Messenger\8876480
\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared
Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c99ea1887aba3c)
(gupdate1c99ea1887aba3c) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Je te joins le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:36:57, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0
\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0
\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0
\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Juliane \Juliane .exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-
BE1A89362C85} - C:\Program
Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-
9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-
BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-
585B10099BFC} - C:\Program Files\Veoh
Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering
Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program
Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe"
/background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh
Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Juliane Coustumer] C:\Documents and Settings\Juliane
Coustumer\Juliane Coustumer.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default
user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites -
https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-
AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-
092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.rw.search.ke.voila.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo
Upload Control) -
http://tuyana.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox
Plug-in) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online
Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object)
-
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
(CPlayFirstDinerDashControl Object) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-
DFFF3E0A3684}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0355E8E5-3D5F-4F89-BAE4-
DFFF3E0A3684}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}
- C:\Program Files\Logitech\Desktop Messenger\8876480
\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared
Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c99ea1887aba3c)
(gupdate1c99ea1887aba3c) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Re-bonsoir,
j'ai installé Malwarebytes et fait un scan complet voici sont résultat:
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1983
Windows 5.1.2600 Service Pack 2
15/04/2009 04:34:51
mbam-log-2009-04-15 (04-34-41).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 204246
Temps écoulé: 45 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 136
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\i386si.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\wpv551239013964.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNDC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN53.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN61.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN72.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN69.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN85.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN94.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN87.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN58.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN89.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN97.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN95.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN96.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN98.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAE.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN91.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN57.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN42.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN86.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN88.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN73.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN90.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNEF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAB.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN92.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN99.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN74.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNEC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN80.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN81.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN82.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBE.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN93.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBB.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNED.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNCA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN83.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBC.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> No action taken.
Il y en a une palanquée.
Je reprends la chasse demain, je vais me coucher, merci pour ton aide.
j'ai installé Malwarebytes et fait un scan complet voici sont résultat:
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1983
Windows 5.1.2600 Service Pack 2
15/04/2009 04:34:51
mbam-log-2009-04-15 (04-34-41).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 204246
Temps écoulé: 45 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 136
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\i386si.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\wpv551239013964.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNDC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN53.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN61.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN72.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN69.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN85.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN94.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN87.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN58.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN89.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN97.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN95.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN96.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN98.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNF2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAE.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNC9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN91.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN57.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN42.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN86.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN88.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN8F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN73.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN90.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNEF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAB.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNE4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN4E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN92.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN99.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN9B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN5F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN74.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN7B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNEC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN80.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN81.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN82.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBE.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN93.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAF.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAC.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBB.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNED.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNCA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BND0.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN6A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BN83.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNA9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAA.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNAD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNB4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Juliane Coustumer\Local Settings\Temp\BNBC.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> No action taken.
Il y en a une palanquée.
Je reprends la chasse demain, je vais me coucher, merci pour ton aide.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
c'est ce que j'ai fait fois jusqu'à 6h du matin hors connexion.
AVG se déclenche toujours mais cette fois je mets en quarantaine.
Je vais relancer une dernière analyse de Malwarbyte avant de devoir retourner bosser (oui j'ai une vie de ouf lol).
Merci pour ton aide,je te tiens au courant aussi vite que possible.
c'est ce que j'ai fait fois jusqu'à 6h du matin hors connexion.
AVG se déclenche toujours mais cette fois je mets en quarantaine.
Je vais relancer une dernière analyse de Malwarbyte avant de devoir retourner bosser (oui j'ai une vie de ouf lol).
Merci pour ton aide,je te tiens au courant aussi vite que possible.
Rapide passage entre 2 réunions:
Malwarebyte ne trouve plus d'infection
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1983
Windows 5.1.2600 Service Pack 2
15/04/2009 18:20:33
mbam-log-2009-04-15 (18-20-33).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 204280
Temps écoulé: 45 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
mais AVG se déclenche dès que j'allume internet toujours dans pour troyan dans drivers.
Je bosse jusqu'à 3h du matin j'espère avoir le courage de revenir.
Bonne soirée en attendant.
Malwarebyte ne trouve plus d'infection
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1983
Windows 5.1.2600 Service Pack 2
15/04/2009 18:20:33
mbam-log-2009-04-15 (18-20-33).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 204280
Temps écoulé: 45 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
mais AVG se déclenche dès que j'allume internet toujours dans pour troyan dans drivers.
Je bosse jusqu'à 3h du matin j'espère avoir le courage de revenir.
Bonne soirée en attendant.
merci de ton aide.
Quick zip m'indique que hijackthis.zip n'est pas une archive zip valide et le deuxième lien ouvre sur une page inexistante.
Je viens d'installer Noscript mais pourquoi enlever AVG (dont j'ai payer la licence) pour Antivir?
Et surtout est-ce que dans ce laps de temps je ne risque pas de me retrouver "à poil", sans aucune protection.
Par avance merci de tes directives.