Bonjour,
Ci joint mon rapport de highjack this ! quelqu'un pour me venir en aide, mon poste est infecté et inutilisable.
Merci de votre aide,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:19, on 22/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [C:\wuauclt.exe] C:\wuauclt.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe] C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe
O4 - HKLM\..\Run: [\wuauclt.exe] \wuauclt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\wuauclt.exe] C:\wuauclt.exe
O4 - HKCU\..\Run: [\wuauclt.exe] \wuauclt.exe
O4 - HKCU\..\Run: [\explorer.exe] \explorer.exe
O4 - HKCU\..\Run: [\ehsched.exe] \ehsched.exe
O4 - HKLM\..\Policies\Explorer\Run: [C:\wuauclt.exe] C:\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe] C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [\wuauclt.exe] \wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [\explorer.exe] \explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [C:\Documents and Settings\faiza\Application Data\ehsched.exe] C:\Documents and Settings\faiza\Application Data\ehsched.exe
O4 - HKLM\..\Policies\Explorer\Run: [\ehsched.exe] \ehsched.exe
O4 - HKCU\..\Policies\Explorer\Run: [C:\wuauclt.exe] C:\wuauclt.exe
O4 - HKCU\..\Policies\Explorer\Run: [\wuauclt.exe] \wuauclt.exe
O4 - HKCU\..\Policies\Explorer\Run: [\explorer.exe] \explorer.exe
O4 - HKCU\..\Policies\Explorer\Run: [\ehsched.exe] \ehsched.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe] C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\wuauclt.exe] \wuauclt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\svchost.exe] \svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\explorer.exe] \explorer.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\csrss.exe] \csrss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [C:\Documents and Settings\faiza\Application Data\ehsched.exe] C:\Documents and Settings\faiza\Application Data\ehsched.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\ehsched.exe] \ehsched.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [C:\wuauclt.exe] C:\wuauclt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [C:\wuauclt.exe] C:\wuauclt.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {5EDEA7DC-96C2-4F53-8810-31CF8A0946C2} (iFly NetPlayers ActiveX 1.0) - http://81.192.48.83:8075/iFlyNPSX.CAB
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.4.101:8086/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.9.60/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DVH
O17 - HKLM\Software\..\Telephony: DomainName = DVH
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA03A13-11EA-43A9-BF71-C60E1FC2F45B}: NameServer = 212.217.0.1,212.217.0.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DVH
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DVH
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = DVH
O21 - SSODL: C:\Documents and Settings\faiza\Application Data\wuauclt.exe - C:\Documents and Settings\faiza\Application Data\wuauclt.exe - (no file)
O21 - SSODL: C:\wuauclt.exe - C:\wuauclt.exe - (no file)
O21 - SSODL: C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe - C:\DOCUME~1\faiza\LOCALS~1\Temp\wuauclt.exe - (no file)
O21 - SSODL: C:\Documents and Settings\All Users\wuauclt.exe - C:\Documents and Settings\All Users\wuauclt.exe - (no file)
O21 - SSODL: C:\Program Files\Fichiers communs\wuauclt.exe - C:\Program Files\Fichiers communs\wuauclt.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\wuauclt.exe - C:\Documents and Settings\faiza\wuauclt.exe - (no file)
O21 - SSODL: \wuauclt.exe - \wuauclt.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\Application Data\svchost.exe - C:\Documents and Settings\faiza\Application Data\svchost.exe - (no file)
O21 - SSODL: C:\svchost.exe - C:\svchost.exe - (no file)
O21 - SSODL: C:\DOCUME~1\faiza\LOCALS~1\Temp\svchost.exe - C:\DOCUME~1\faiza\LOCALS~1\Temp\svchost.exe - (no file)
O21 - SSODL: C:\Documents and Settings\All Users\svchost.exe - C:\Documents and Settings\All Users\svchost.exe - (no file)
O21 - SSODL: C:\Program Files\Fichiers communs\svchost.exe - C:\Program Files\Fichiers communs\svchost.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\svchost.exe - C:\Documents and Settings\faiza\svchost.exe - (no file)
O21 - SSODL: \svchost.exe - \svchost.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\Application Data\explorer.exe - C:\Documents and Settings\faiza\Application Data\explorer.exe - (no file)
O21 - SSODL: C:\explorer.exe - C:\explorer.exe - (no file)
O21 - SSODL: C:\DOCUME~1\faiza\LOCALS~1\Temp\explorer.exe - C:\DOCUME~1\faiza\LOCALS~1\Temp\explorer.exe - (no file)
O21 - SSODL: C:\Documents and Settings\All Users\explorer.exe - C:\Documents and Settings\All Users\explorer.exe - (no file)
O21 - SSODL: C:\Program Files\Fichiers communs\explorer.exe - C:\Program Files\Fichiers communs\explorer.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\explorer.exe - C:\Documents and Settings\faiza\explorer.exe - (no file)
O21 - SSODL: \explorer.exe - \explorer.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\Application Data\csrss.exe - C:\Documents and Settings\faiza\Application Data\csrss.exe - (no file)
O21 - SSODL: C:\csrss.exe - C:\csrss.exe - (no file)
O21 - SSODL: C:\DOCUME~1\faiza\LOCALS~1\Temp\csrss.exe - C:\DOCUME~1\faiza\LOCALS~1\Temp\csrss.exe - (no file)
O21 - SSODL: C:\Documents and Settings\All Users\csrss.exe - C:\Documents and Settings\All Users\csrss.exe - (no file)
O21 - SSODL: C:\Program Files\Fichiers communs\csrss.exe - C:\Program Files\Fichiers communs\csrss.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\csrss.exe - C:\Documents and Settings\faiza\csrss.exe - (no file)
O21 - SSODL: \csrss.exe - \csrss.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\Application Data\ehsched.exe - C:\Documents and Settings\faiza\Application Data\ehsched.exe - (no file)
O21 - SSODL: C:\ehsched.exe - C:\ehsched.exe - (no file)
O21 - SSODL: C:\DOCUME~1\faiza\LOCALS~1\Temp\ehsched.exe - C:\DOCUME~1\faiza\LOCALS~1\Temp\ehsched.exe - (no file)
O21 - SSODL: C:\Documents and Settings\All Users\ehsched.exe - C:\Documents and Settings\All Users\ehsched.exe - (no file)
O21 - SSODL: C:\Program Files\Fichiers communs\ehsched.exe - C:\Program Files\Fichiers communs\ehsched.exe - (no file)
O21 - SSODL: C:\Documents and Settings\faiza\ehsched.exe - C:\Documents and Settings\faiza\ehsched.exe - (no file)
O21 - SSODL: \ehsched.exe - \ehsched.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\Application Data\wuauclt.exe - C:\Documents and Settings\Administrateur\Application Data\wuauclt.exe - (no file)
O21 - SSODL: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuauclt.exe - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuauclt.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\wuauclt.exe - C:\Documents and Settings\Administrateur\wuauclt.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\Application Data\svchost.exe - C:\Documents and Settings\Administrateur\Application Data\svchost.exe - (no file)
O21 - SSODL: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\svchost.exe - C:\Documents and Settings\Administrateur\svchost.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\Application Data\explorer.exe - C:\Documents and Settings\Administrateur\Application Data\explorer.exe - (no file)
O21 - SSODL: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\explorer.exe - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\explorer.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\explorer.exe - C:\Documents and Settings\Administrateur\explorer.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\Application Data\csrss.exe - C:\Documents and Settings\Administrateur\Application Data\csrss.exe - (no file)
O21 - SSODL: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\csrss.exe - C:\Documents and Settings\Administrateur\csrss.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\Application Data\ehsched.exe - C:\Documents and Settings\Administrateur\Application Data\ehsched.exe - (no file)
O21 - SSODL: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ehsched.exe - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ehsched.exe - (no file)
O21 - SSODL: C:\Documents and Settings\Administrateur\ehsched.exe - C:\Documents and Settings\Administrateur\ehsched.exe - (no file)
O21 - SSODL: GootkitSSO - {2C795104-A107-44C6-9FF5-A1A26FEEF982} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AXIS Camera Station Service (AxisCameraStation) - Axis Communications AB - C:\Program Files\Axis Communications\AXIS Camera Station2\AcsService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe (file missing)
O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (TmPfw) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe (file missing)
O23 - Service: Service proxy Trend Micro Client/Server Security Agent (TmProxy) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
Afficher la suite