win32:trojan-gen.{UPX!} Résolu

Question

je suis infectée par ce virus, pas trop experte, mais débrouillardevoici le hijackthis loge..... merci de m'aider à virer cette saleté!Logfile of HijackThis v1.99.1Scan saved at 22:26:42, on 29/03/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\WINDOWS\System32
vsvc32.exeD:\WINDOWS\System32	cpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\ZoneLabs\vsmon.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\System32\wuauclt.exeD:\Program Files\Ahead\InCD\InCD.exeD:\Program Files\QuickTime\qttask.exeD:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXED:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\WINDOWS\System32\RUNDLL32.EXED:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeD:\WINDOWS\System32\ctfmon.exeC:\Program Files\program\soffice.exeD:\Program Files\Logitech\Video\FxSvr2.exeD:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\Program Files\Macrogaming\SweetIM\SweetIM.exeD:\Program Files\Fichiers communs\Real\Update_OBealsched.exeD:\Program Files\MSN Messenger\msnmsgr.exeD:\Program Files\Complete Cleanup Trial\cleant.exeD:\Program Files\CCleaner\ccleaner.exeD:\Program Files\Internet Explorer\IEXPLORE.EXED:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.frR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Updater] D:\Program Files\Carpe Diem\laurie_loge_teen.mpg[1]\CDUpdater.exe CD_UPDATERO4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [Exetender] D:\Program Files\Player Metaboli\GPlayer.exe /schedule 300000 10O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028XXUSO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/Op...O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/6512bd/games/files/1115/popcaploader_v6.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

incognito02 · Answer

Bonsoir Véronique, Dans un premier temps, fait déja tout cela : telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer) (1) ad-aware version 1.06 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite voir demo http://pageperso.aol.fr/balltrap34/adwseflash.zip *** (2) spybot version 1.4 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite voir demo d utilisation http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm *** et aussi ceci (3) CleanUp40.exe http://www.florensac-chasse-trap.com/ section virus/logiciel de securite voir demo http://pageperso.aol.fr/balltrap34/democleanup.htm *** (4) Edwido http://download.ewido.net/ewido-setup.exe Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour. Clique sur scanner puis sur scan complet du système. (5) Relance hijackthis et colle le log ici stp. Bon courage A+

v.ronique · Answer

merci, je suis en train de suivre tes conseils.... à+

v.ronique · Answer

ça y est j'ai fais ce que tu as préconisévoilà le nouvel hijackthid logfileLogfile of HijackThis v1.99.1Scan saved at 01:23:40, on 30/03/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\WINDOWS\System32
vsvc32.exeD:\WINDOWS\System32	cpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\Program Files\Ahead\InCD\InCD.exeD:\Program Files\QuickTime\qttask.exeD:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\Fichiers communs\Real\Update_OBealsched.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\Program Files\Macrogaming\SweetIM\SweetIM.exeD:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\WINDOWS\System32\ctfmon.exeD:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\program\soffice.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Outlook Express\msimn.exeD:\WINDOWS\System32\wuauclt.exeD:\Program Files\ewido anti-malware\ewidoctrl.exeD:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.frR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028XXUSO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - https://onedrive.live.com/O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.htmlO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - https://www.zonealarm.com/O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/Op...O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://i.grab.com/media/6512bd/games/files/1115/popcaploader_v6.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.execomment savoir si mon envahisseur est toujours là, ou non?bonne nuit  ... demain au saut du lit, je re-scanne tout!

aranjuez31 · Answer

Ola todosAu saut du lit :1/copie/COLLE le rapport d'Ewido2/ scan online avec BitDefender sous IntExplo - accepte activXhttps://assiste.com/404_La_page_demandee_n_existe_pas.phpcopie/COLLE le rapport3/ ouvre ton hijackfixe de cette manière(http://pageperso.aol.fr/balltrap34/demohijack.htm)les lignes suivantes :O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - https://onedrive.live.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.... O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - https://www.zonealarm.com/ O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/activex/Op... O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://i.grab.com/media/6512bd/games/files/1115/popcaploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab +O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) +O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe +O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus CX3200] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" +O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1ton rapport sera plus court donc plus facile à lireet Inco sera fera un plaisir de déloger les qques bêtes que je voisremets bien sur un nouvel hijack après cela

v.ronique · Answer

bonjour et mercije scanne avec bitdefender, mais j'ai un petit soucis : trouve pas le rapport ewido! oups! j'ai  seulement trouvé le dossier de quarantaine, que je n'arrive pas à copier coller... un tuyau?

v.ronique · Answer

voilà le rapport hijackthisLogfile of HijackThis v1.99.1Scan saved at 08:48:36, on 30/03/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\WINDOWS\System32
vsvc32.exeD:\WINDOWS\System32	cpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\Fichiers communs\Real\Update_OBealsched.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\Program Files\Macrogaming\SweetIM\SweetIM.exeD:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\program\soffice.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Outlook Express\msimn.exeD:\WINDOWS\System32\wuauclt.exeD:\Program Files\ewido anti-malware\ewidoctrl.exeD:\Program Files\Internet Explorer\iexplore.exeD:\Program Files\ewido anti-malware\SecuritySuite.exeD:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.frR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028XXUSO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exeET voilà le rapport ewido que j'ai fini par trouver!+ Créé le:		01:22:23, 30/03/2006 + Somme de contrôle:	6F264E2B + Résultats du scan:	[2400] D:\Program Files\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Nettoyer et sauvegarder	D:\Documents and Settings\veronique\Cookies\veronique@com[1].txt -> TrackingCookie.Com : Nettoyer et sauvegarder	D:\Program Files\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Nettoyer et sauvegarder	D:\RECYCLER\NPROTECT\00214317.TXT -> TrackingCookie.Weborama : Nettoyer et sauvegarder	D:\RECYCLER\NPROTECT\00214432.TXT -> TrackingCookie.Weborama : Nettoyer et sauvegarder	G:\Documents and Settings\Veronique\Cookies\veronique@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Nettoyer et sauvegarder	G:\Documents and Settings\Veronique\Cookies\veronique@ehg-dig.hitbox[4].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder::Fin du rapportet enfin le rapport bitdefenderBitDefender Online Scanner     Rapport d'analyse généré à: Thu, Mar 30, 2006 - 10:17:54       Voie d'analyse: C:\;D:\;E:\;F:\;G:\;           Statistiques Temps 01:54:32 Fichiers 386283 Directoires 10327 Secteurs de boot 5 Archives 9561 Paquets programmes 18738      Résultats Virus identifiés 1 Fichiers infectés 2 Fichiers suspects 0 Avertissements 0 Désinfectés 0 Fichiers effacés 2      Info sur les moteurs Définition virus 353840 Version des moteurs AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Analyse des plugins 13 Archive des plugins 39 Unpack des plugins 4 E-mail plugins 6 Système plugins 1      Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées *; Excludez les extensions   Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui        Fichier analysé  Statut G:\WINDOWS\UbiSoft\OSD\Startup.exe Infecté par: Trojan.Win95.Flashkiller G:\WINDOWS\UbiSoft\OSD\Startup.exe Echec de la désinfection G:\WINDOWS\UbiSoft\OSD\Startup.exe Supprimé G:\WINDOWS\UbiSoft\OSD\Client.exe Infecté par: Trojan.Win95.Flashkiller G:\WINDOWS\UbiSoft\OSD\Client.exe Echec de la désinfection G:\WINDOWS\UbiSoft\OSD\Client.exe Supprimé  si j'en crois ce dernier scan, il y est toujours! help

v.ronique · Answer

suis toujours infectée, quelqu'un pourrait il m'aider à éradiquer ce trojan?  merrrciiiiii!

incognito02 · Answer

Bonsoir Véronique,Tu peux nous en dire plus ?A+

incognito02 · Answer

Salut¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked : O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028XXUS Puis redemarre ton pc et remet un hijack thiset fais ceci egalement:Telecharge cecihttps://www.silentrunners.org/Silent%20Runners.vbs Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donneraA+

v.ronique · Answer

bonsoir incognito02, et merci voilà ce que tu as demandé"Silent Runners.vbs", revision 44, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SweetIM" = "D:\Program Files\Macrogaming\SweetIM\SweetIM.exe" ["MacroGaming LTD."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]"LVCOMSX" = "D:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]"LogitechVideoRepair" = "D:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]"LogitechVideoTray" = "D:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]"TkBellExe" = ""D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"OpiStat" = "D:\Program Files\OpiStat\OpiStat\OpiStat.exe" ["NetRatings, Inc."]"gcasServ" = ""D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]"Camera Detector" = "D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun" ["ACD Systems, Ltd."]"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]"SweetIM" = "D:\Program Files\Macrogaming\SweetIM\SweetIM.exe" ["MacroGaming LTD."]"PestPatrol Control Center" = "D:\PROGRA~1\PESTPA~1\PPControl.exe" [null data]"PPMemCheck" = "D:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [null data]"CookiePatrol" = "D:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"  -> {HKLM...CLSID} = "Périphériques Plug and Play universels"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\upnpui.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{058361C0-BF45-11d1-9909-00AA00AE3D8E}" = "Extentions Logimots/Créamots"  -> {HKLM...CLSID} = "Extentions Logimots/Créamots"                   \InProcServer32\(Default) = "XmotsSHExt.dll" ["GOTO Software"]"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"  -> {HKLM...CLSID} = "CloneCD Shell Extension"                   \InProcServer32\(Default) = "D:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {HKLM...CLSID} = "Portable Media Devices"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\program\shlxthdl.dll" ["Sun Microsystems, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"  -> {HKLM...CLSID} = "My Logitech Pictures"                   \InProcServer32\(Default) = "D:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"  -> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"                   \InProcServer32\(Default) = "D:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]Default executables:--------------------HKCU\Software\Classes\.bat\(Default) = (value not set)HKCU\Software\Classes\.cmd\(Default) = (value not set)HKCU\Software\Classes\.com\(Default) = (value not set)HKCU\Software\Classes\.exe\(Default) = (value not set)Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "D:\Documents and Settings\veronique\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "veronique" & "All Users" startup folders:-----------------------------------------------------------D:\Documents and Settings\veronique\Menu Démarrer\Programmes\Démarrage"OpenOffice.org 1.1.3" -> shortcut to: "C:\Program Files\program\quickstart.exe" [null data]D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Logitech Desktop Messenger" -> shortcut to: "D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]{B863453A-26C3-4E1F-A54D-A2CD196348E9}\"ButtonText" = "ICQ Lite""MenuText" = "ICQ Lite""Exec" = "D:\Program Files\ICQLite\ICQLite.exe" [file not found]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Messenger""Exec" = "D:\Program Files\Messenger\MSMSGS.EXE" [MS]Miscellaneous IE Hijack Points------------------------------D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"Missing lines (compared with English-language version):[Strings]: 2 linesRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]C-DillaCdaC11BA, C-DillaCdaC11BA, "D:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]EPSON Printer Status Agent2, EPSONStatusAgent2, "D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]EpsonBidirectionalService, EpsonBidirectionalService, "D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe" [null data]ewido security suite control, ewido security suite control, "D:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]Services TCP/IP simplifiés, SimpTcp, "D:\WINDOWS\System32\tcpsvcs.exe" [MS]TrueVector Internet Monitor, vsmon, "D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\System32\wdfmgr.exe" [MS]Écouteur RIP, Iprip, "D:\WINDOWS\System32\svchost.exe -k netsvcs" {"D:\WINDOWS\System32\iprip.dll" [MS]}Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 153 seconds, including 18 seconds for message boxes)et hijackthisLogfile of HijackThis v1.99.1Scan saved at 14:35:54, on 02/04/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\Program Files\ewido anti-malware\ewidoctrl.exeD:\WINDOWS\System32\nvsvc32.exeD:\WINDOWS\System32\tcpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\ZoneLabs\vsmon.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\WINDOWS\System32\RUNDLL32.EXED:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\Program Files\Logitech\Video\FxSvr2.exeD:\PROGRA~1\PESTPA~1\PPControl.exeD:\PROGRA~1\PESTPA~1\PPMemCheck.exeD:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\Program Files\program\soffice.exeD:\Program Files\Mozilla Thunderbird\thunderbird.exeD:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.frR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exeO4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exeO4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exeO4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028XXUSO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exec'est grave docteur! à bientôtzut, petite erreur, cet hijack a été réalisé sans redémarrerje redémarre et j'envoie le nouveau loga+

v.ronique · Answer

re incognito02, comme promis, voilà le hijackthis log aprés rebootLogfile of HijackThis v1.99.1Scan saved at 23:42:12, on 02/04/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\Program Files\ewido anti-malware\ewidoctrl.exeD:\WINDOWS\System32
vsvc32.exeD:\WINDOWS\System32	cpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\ZoneLabs\vsmon.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\Program Files\Alwil Software\Avast4\setup\avast.setupD:\WINDOWS\Explorer.EXED:\WINDOWS\System32\wuauclt.exeD:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\Fichiers communs\Real\Update_OBealsched.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\WINDOWS\System32\RUNDLL32.EXED:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\Program Files\Logitech\Video\FxSvr2.exeD:\PROGRA~1\PESTPA~1\PPControl.exeD:\PROGRA~1\PESTPA~1\PPMemCheck.exeD:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\Program Files\program\soffice.exeD:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.frR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exeO4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exeO4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exeO4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exepour info, la première tentative de test hijack a planté, la seconde (si dessus reportée)a aboutiebonne lecture, à +

aranjuez31 · Answer

hellofixe cette ligneR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ suite demain

v.ronique · Answer

bonjour inco actin demandée exécutée  nouveau Logfile of HijackThis v1.99.1Scan saved at 18:50:44, on 03/04/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\SYSTEM32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeD:\Program Files\Alwil Software\Avast4\aswUpdSv.exeD:\Program Files\Alwil Software\Avast4\ashServ.exeD:\WINDOWS\System32\drivers\CDAC11BA.EXED:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeD:\Program Files\ewido anti-malware\ewidoctrl.exeD:\WINDOWS\System32
vsvc32.exeD:\WINDOWS\System32	cpsvcs.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\ZoneLabs\vsmon.exeD:\Program Files\Alwil Software\Avast4\ashMaiSv.exeD:\Program Files\Alwil Software\Avast4\ashWebSv.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\System32\LVCOMSX.EXED:\Program Files\Logitech\Video\LogiTray.exeD:\Program Files\Fichiers communs\Real\Update_OBealsched.exeD:\Program Files\OpiStat\OpiStat\OpiStat.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeD:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXED:\WINDOWS\System32\RUNDLL32.EXED:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeD:\Program Files\Logitech\Video\FxSvr2.exeD:\PROGRA~1\PESTPA~1\PPControl.exeD:\PROGRA~1\PESTPA~1\PPMemCheck.exeD:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\Program Files\program\soffice.exeD:\Program Files\Mozilla Firefox\firefox.exeD:\Program Files\Mozilla Thunderbird	hunderbird.exeD:\Documents and Settings\veronique\Bureau\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [OpiStat] D:\Program Files\OpiStat\OpiStat\OpiStat.exeO4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Camera Detector] D:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorunO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exeO4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exeO4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exeO4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\program\quickstart.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exethanksà+

incognito02 · Answer

Bonsoir Véronique,Où en sont tes soucis ? Ton log me parait clean ....A++

aranjuez31 · Answer

slttu utilises la version n° 6.00.2600.0000 d'InternetExplorer !!la dernière connue est n° 6.00.2900.2180donc fais un màj via WindowsUpdatesi tu as un ram sup ou égale à 512 Moil faudrait envisager d installer le sp2de combien est ta ram ?je remarque aussi que tu emploies "gcasServ Giant-antispyware de Microsoft" - Microsoft a sorti , ya peu,  un nouvel antispy bêta plus performant=====où est passé le copain Incognito ???

v.ronique · Answer

bonsoir aranjuezmerci pour tes conseilssi j'en crois les info système, ma RAM n'est que de 384 Mopour ce qui est de l'internet explorer, windows updates ne me préconise aucune mise à jour sinon le pack 2, que je ne peux malheureusement pas installer (absence de clé valide) raison pour laquelle je ne peux pas non plus installer l'antispyware beta 2  :( on m'a conseillé firefox et thunderbird, qui serait un peut plus étanches aux envahisseurs non sollicités.... un avis?as tu un conseil à me donner pour améliorer la sécurité de mon pc? à +   merci

aranjuez31 · Answer

hello v 'roc est un excellent conseilj utilise firefox depuis longtpstu trouveras qques explications ds la bible de sebhttps://sebsauvage.net/safehex.html

v.ronique · Answer

pas encore un étalon,.................... mais un bourricot qui commence à avancer....merci aranjuez    ;)

aranjuez31 · Answer

retu as un bon couple : ZA + Avastj y ajouterais a/- 1 nettoyeur de registre, ex : RegCleanerb/- 1 nettoyeur de cookies,historique, prefetch, temps, fichiers temporaires, etc...... : CleanUp40c/- 3 nettoyeurs de spy, trojans & autres malwares, soit : Spybot+Ad-aware+Ewidod/- 1 bloqueur d'activX : SpywareBlastere/- 1 contrôleur de sites : SiteAdvisorseuls d/ & e/ seraient en résidents - je veux dire par là que je garde les progr ds Mes Docu et les installe pour contrôle 1 fois/sem, ceci pour ne pas surcharger lors du surfautre chose : défrag qd le %ade de dossiers fragmentés atteint le seuil de 10bien évidemment , eviter sites sensibles tels Q, warez & P2Pc est du moins comme cela que je fonctionneqd j ai besoin d un crack, je laisse le soin à un copain de partir à l aventure....ai-je bien répondu à ta question ?

aranjuez31 · Answer

hello v'rtu veux dire que za a disparu de ajout/Suppr ?ou tout simplement désactivé  ?

v.ronique · Answer

encore une petite chose
j'ai fais un scann avec avast....... pas de virus signalé, mais.... il fallait un mais : un bon nombre de fichiers n'ont pas pu être scannés car protégés par un mot de passe....???? un autre non scanné car archive cab corrompue....?
as tu une explication?
que dois je faire de ces fichiers : quarantaine, destruction...

thanks a+

aranjuez31 · Answer

hello

un bon nombre de fichiers n'ont pas pu être scannés car protégés par un mot de passe....????
rien d'anormal en soi, si tu regardes bien ( il y a lgtps que je ne m'interesse plus aux quarantaines , c est sans intérêt) tu trouveras Spybot,ad-aware et autres log anti-malwares dont les codes sont protégés

un autre non scanné car archive cab corrompue....?
pas grave

aprés un scan d antirus , je vide tjrs les 40aines, pas la peine de surcharger l ordi de choses inutiles ou infectées qui sont bloquées

si tu lis l'aide d' avast, ceci y est très bien expliqué
il peut arriver qu'un dossier infecté soit nécessaire au fonctionnement de tel ou tel progr, c est souvent le cas de log chargés en P2P, mais moi je préfère m en passer que de contaminer le reste de la bécane

bis repetita, je vide tjrs sauvegardes ou quarantaines d'antivirus

par contre s il s'agit d une sauvegarde de nettoyeur de registre, j'attends une semaine avant de la virer, le tps de constater que tt fonctionne correctement sans les clefs supprimées

v.ronique · Answer

bonjour aranjuez31merci pour ta patience, et pour tes précieux conseils et au plaisir de déméler mes noeuds avec toi un prochaine fois, qui sais?

aranjuez31 · Answer

hellosi tu n as plus de blems, j en suis content pour toide tte façon, j'ai une box accessible, si besoinhasta luego, chican oublie pas de cocher  " problem résolu "

Win32:trojan-gen.{UPX!} - Page 2

Discussions similaires

Newsletters