Infecté par troyens, help!! Résolu/Fermé

Question

Salut,

J'ai eu une attaque importante de virus et de troyens dernièrement et je n'arrive pas à m'en débarasser. AntiVir me trouve les troyens Vundo.gen ou Crpt.PEC2X.gen entre autres (c'est ceux qui reviennent le plus souvent). J'ai utilisé les outils les plus courants (spybot, ad-aware...) mais en vain. Je m'en remet donc à vos yeux d'expert. Voici mon log Hijackthis. Merci d'avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:35:13, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HiJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BEA552E-BD94-480A-B06D-3F719C2D61E1} - C:\WINDOWS\System32\cpg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4C18F7D-3EB5-4A10-A121-A2A274E0923B} - C:\WINDOWS\System32\ljjighe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe  -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\PROPRI~1\MESDOC~1\CURITY~1	racert.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 195.190.118.157
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O18 - Filter hijack: text/html - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - C:\WINDOWS\System32\cpg.dll
O18 - Filter: text/plain - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - C:\WINDOWS\System32\cpg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdm.dll
O20 - Winlogon Notify: wintjs32 - wintjs32.dll (file missing)
O21 - SSODL: System - {3C47C377-9997-4468-9901-723AFC0F06B7} - C:\WINDOWS\system32\system32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

green day · Answer

Salut

 combien as tu d'antivirus ???


Téléchargez VundoFix.exe (par Atribune) sur ton Bureau : 

 http://www.atribune.org/ccount/click.php?id=4

*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera  supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
 * le PC va s'éteindre ("shutdown") :  clique OK
 * Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse stp

++

Elpicador · Answer

Merci pour ta réponse.

Je n'ai qu'un seul antivirus (Antivir Guard) et le firewall ZoneAlarm.

VundoFix m'a bien supprimé la bête (AntiVir ne le détecte plus), voici le log qui le confirme:

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 14:21:27 12/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\ljjighe.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ljjighe.dll
C:\WINDOWS\system32\ljjighe.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ljjighe.dll
C:\WINDOWS\system32\ljjighe.dll Has been deleted!

Performing Repairs to the registry.
Done!



et voilà le log hijackthis:



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:06:55, on 12/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1
avapw32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HiJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BEA552E-BD94-480A-B06D-3F719C2D61E1} - C:\WINDOWS\System32\cpg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4C18F7D-3EB5-4A10-A121-A2A274E0923B} - C:\WINDOWS\System32\ljjighe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe  -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Heth] "C:\DOCUME~1\PROPRI~1\MESDOC~1\CURITY~1	racert.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 195.190.118.157
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O18 - Filter hijack: text/html - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - C:\WINDOWS\System32\cpg.dll
O18 - Filter: text/plain - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - C:\WINDOWS\System32\cpg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdm.dll
O20 - Winlogon Notify: wintjs32 - wintjs32.dll (file missing)
O21 - SSODL: System - {3C47C377-9997-4468-9901-723AFC0F06B7} - C:\WINDOWS\system32\system32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

green day · Answer

ok

 fais les manips de ce lien stp

virus methode preliminaire de desinfection version fr

il reste encore des traces de norton !

++

Elpicador · Answer

J'ai suivi les instructions, voilà ce que ça donne:


J'ai installé AVG antivirus mas pas moyen de faire de mise à jour. J'ai scanné quand même, mais il n'a trouvé que quelques cookies.


Voilà le résultat de l'analyse BitDefender:


Statistics

Time
	

01:24:24

Files
	

212536

Folders
	

1933

Boot Sectors
	

2

Archives
	

6498

Packed Files
	

14322
	

 
	

 

Results

Identified Viruses
	

4

Infected Files
	

6

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

6
	

 
	

 

Engines Info

Virus Definitions
	

505909

Engine build
	

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bdcc.qua
	

Infected with: Trojan.StartPage.IG

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bdcc.qua
	

Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bdcc.qua
	

Deleted

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bf44.qua
	

Infected with: Trojan.StartPage.IG

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bf44.qua
	

Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\46b7bf44.qua
	

Deleted

C:\VundoFix Backups\ljjighe.dll.bad
	

Infected with: MemScan:Trojan.Vundo.DLO

C:\VundoFix Backups\ljjighe.dll.bad
	

Disinfection failed

C:\VundoFix Backups\ljjighe.dll.bad
	

Deleted

C:\WINDOWS\secure.html
	

Infected with: Trojan.HTML.SpySheriff

C:\WINDOWS\secure.html
	

Disinfection failed

C:\WINDOWS\secure.html
	

Deleted

C:\WINDOWS\system32\on-line.exe
	

Infected with: Trojan.AVKiller.Delf.B

C:\WINDOWS\system32\on-line.exe
	

Disinfection failed

C:\WINDOWS\system32\on-line.exe
	

Deleted

C:\WINDOWS\system32\secure32.txt
	

Infected with: Trojan.HTML.SpySheriff

C:\WINDOWS\system32\secure32.txt
	

Disinfection failed

C:\WINDOWS\system32\secure32.txt
	

Deleted
	

 
Et voici le hijackthis nouveau:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:46:42, on 13/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1
avapw32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32	askmgr.exe
C:\Hijackthis\HiJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BEA552E-BD94-480A-B06D-3F719C2D61E1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4C18F7D-3EB5-4A10-A121-A2A274E0923B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe  -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
avapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 195.190.118.157
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: NameServer = 192.168.1.1,192.168.1.2
O18 - Filter hijack: text/html - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - (no file)
O18 - Filter: text/plain - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdm.dll
O20 - Winlogon Notify: wintjs32 - wintjs32.dll (file missing)
O21 - SSODL: System - {3C47C377-9997-4468-9901-723AFC0F06B7} - (no file)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

green day · Answer

Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

 http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp.


++

Elpicador · Answer

Voilà le rapport:

SmitFraudFix v2.181

Rapport fait à 22:43:11,39, 13/05/2007
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1
avapw32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\System32\kbdm.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11g USB 2.0 adapter #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: NameServer=192.168.1.1,192.168.1.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: NameServer=192.168.1.1,192.168.1.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: NameServer=192.168.1.1,192.168.1.2


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

ok,

Télécharge clean.zip 
http://www.malekal.com/download/clean.zip 
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 
Ouvre le dossier Clean qui se trouve sur ton bureau. 
Double-clic sur clean.cmd. 
Une fenêtre noire va apparaître, choisis l'option 1 
Poste le rapport qui se trouve ici C:\rapport_clean.txt 


ensuite : 

# Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Double-clic sur clean.cmd. 
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt 

++

Elpicador · Answer

Voilà le premier rapport: 


14/05/2007 a 20:57:19,29 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
 
*** Recherche des fichiers dans C:\Program Files 
*** Fin du rapport ! 


Etant donné que rien n'a été trouvé, je n'ai pas fait la suite...
Dis moi si je me trompe.

Merci.

green day · Answer

Salut

 non, très bien ! où en sont tes soucis ???

++

Elpicador · Answer

Ben je crois que je n'ai plus grand chose, plus d'alerte AntiVir et ma bécane tourne bien. J'attire simplement ton attention sur les quelques lignes du rapport généré par le fix s!ri:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\System32\kbdm.dll" 

kbdm.dll était détecté par AntiVir comme un fichier infecté par le backdoor agent.AC. Ne pense tu pas que je devrais lancer un nettoyage avec s!ri en mode sans ehec?

Merci pour ton aide.

green day · Answer

Effectivement, il y a aussi un autre fichier  qui n'a pu être supprimer :

 C:\WINDOWS\system32\ljjighe.dll
C:\WINDOWS\system32\ljjighe.dll Could not be deleted.



on va essayé autre chose : 

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau: 

http://download.bleepingcomputer.com/sUBs/combofix.exe 
http://www.techsupportforum.com/sectools/combofix.exe 


Double clique combofix.exe et suis les invites 

Poste le rapport  stp 

++

Elpicador · Answer

Ci-dessous le rapport, je crois qu'il n'a rien trouvé. Est-ce normal si je n'ai lancé qu'une recherche avec S!ri, et pas encore de désinfection? "Propri‚taire" - 2007-05-14 21:29:24 Service Pack 1 ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Propri‚taire\Bureau\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe C:\install.log ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 )))))))))))))))))))))))))))))))))) 2007-05-14 20:34 593,408 --a------ C:\WINDOWS\system32\h323msp.dll 2007-05-14 20:34 552,448 --a------ C:\WINDOWS\system32 tcdll.dll 2007-05-14 20:34 441,344 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-05-14 20:34 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-05-14 20:13 947,472 --a------ C:\WINDOWS\system32\msjava.dll 2007-05-14 20:13 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll 2007-05-14 20:13 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-05-14 20:13 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2007-05-14 20:13 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-05-14 20:13 404,752 --a------ C:\WINDOWS\system32\javart.dll 2007-05-14 20:13 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2007-05-14 20:13 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll 2007-05-14 20:13 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll 2007-05-14 20:13 187,152 --a------ C:\WINDOWS\system32\javacypt.dll 2007-05-14 20:13 172,304 --a------ C:\WINDOWS\system32\jview.exe 2007-05-14 20:13 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2007-05-14 20:13 171,280 --a------ C:\WINDOWS\system32\jit.dll 2007-05-14 20:13 154,384 --a------ C:\WINDOWS\system32\msawt.dll 2007-05-14 20:13 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe 2007-05-14 20:13 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-05-14 20:13 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-05-14 20:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-05-13 22:43 2,466 --a------ C:\WINDOWS\system32 mp.reg 2007-05-13 22:42 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-13 22:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-13 22:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-05-13 18:40 1,006,592 --a------ C:\WINDOWS\system32\esent.dll 2007-05-13 17:47 d-------- C:\WINDOWS\LastGood 2007-05-13 00:20 1,156 --a------ C:\WINDOWS\mozver.dat 2007-05-12 22:46 d-------- C:\WINDOWS\BDOSCAN8 2007-05-12 22:45 d---s---- C:\DOCUME~1\PROPRI~1\UserData 2007-05-12 21:01 d-------- C:\Program Files\CCleaner 2007-05-12 20:55 d-------- C:\WINDOWS\system32\bits 2007-05-12 20:52 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-05-12 20:52 d--h----- C:\WINDOWS\$hf_mig$ 2007-05-12 20:52 d-------- C:\WINDOWS\system32\PreInstall 2007-05-12 20:51 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-05-12 20:51 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-05-12 20:51 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2007-05-12 20:51 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-12 20:33 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-05-12 20:30 d-------- C:\WINDOWS\SoftwareDistribution 2007-05-12 20:29 467,224 --a------ C:\WINDOWS\system32\wuapi.dll 2007-05-12 20:29 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-05-12 20:29 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-12 20:29 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-12 20:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-12 20:29 128,792 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-12 19:54 d-------- C:\WINDOWS\LastGood.Tmp 2007-05-12 19:44 32,256 --a------ C:\WINDOWS\system32 undll32.exe 2007-05-12 19:05 d-------- C:\Program Files\MSN Messenger 2007-05-12 15:34 d-------- C:\Hijackthis 2007-05-12 15:11 d-------- C:\Program Files\Inventel 2007-05-12 14:21 d-------- C:\VundoFix Backups 2007-05-12 13:08 0 --a------ C:\WINDOWS sreg.dat 2007-05-12 12:47 50,360 --a------ C:\WINDOWS\system32\vsutil_loc040C.dll 2007-05-12 12:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-05-12 12:47 d-------- C:\WINDOWS\system32\ZoneLabs 2007-05-12 12:43 d-------- C:\WINDOWS\Internet Logs 2007-05-11 20:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-05-11 20:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-05-11 19:10 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-05-11 19:10 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-05-11 19:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-05-11 18:47 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-05-11 18:47 205 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-05-11 18:47 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2007-05-11 18:47 1,025 --a------ C:\WINDOWS\system32\clauth2.dll 2007-05-11 18:47 1,025 --a------ C:\WINDOWS\system32\clauth1.dll 2007-05-11 18:35 d-------- C:\Program Files\SPSSEVAL 2007-05-11 17:32 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-05-11 17:32 dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-05-11 17:32 dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-05-11 17:32 dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-05-11 17:32 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-05-11 17:32 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-05-11 17:32 d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-05-11 17:32 d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-05-11 17:32 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-05-11 17:20 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-11 16:57 d-------- C:\Program Files\NoAdware5.0 2007-05-11 16:29 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2007-05-11 16:25 81,920 --a------ C:\WINDOWS\system32\W32N50.dll 2007-05-11 16:25 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys 2007-05-11 16:02 d-------- C:\WINDOWS\pss (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-13 18:51:12 -------- d-----w C:\Program Files\eMule 2007-05-12 18:29:53 -------- d--h--w C:\Program Files\WindowsUpdate 2007-05-12 13:17:40 -------- d-----w C:\Program Files\Wanadoo 2007-05-11 17:07:37 -------- d-----w C:\Program Files\Fichiers communs\Real 2007-05-11 16:32:36 -------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-05-11 14:32:23 55,180 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-05-11 14:32:23 426,932 ----a-w C:\WINDOWS\system32\perfh00C.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-03-10 20:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un] "ATIModeChange"="Ati2mdxx.exe" "CARPService"="carpserv.exe" "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" "Desktop Zoom"="C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe -s" "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d" "srmclean"="C:\Cpqs\Scom\srmclean.exe" "TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK" "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s" "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" "hpsysdrv"="c:\windows\system\hpsysdrv.exe" "NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "SManager"="smanager.7.exe" "avgnt"="\"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe\" /min" "Zone Labs Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2002-08-16 00:18 C:\WINDOWS\system32\Ati2mdxx.exe]) "CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]) "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 18:29] "Desktop Zoom"="C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe" [2002-10-09 11:18] "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 08:05] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34] "TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2002-11-07 14:30] "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 07:26] "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:56] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-10 00:42] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-10 00:41] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 14:19] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-19 15:50] "NAV Agent"="C:\PROGRA~1\NORTON~1 avapw32.exe" [2002-03-11 09:46] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SManager"="smanager.7.exe" []) "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-09-22 20:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 04:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-06-14 17:05] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" "MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\wintjs32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\WINDOWS\System32\kbdm.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS asks\Norton AntiVirus - Analyser mon ordinateur.job C:\WINDOWS asks\Symantec NetDetect.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-14 21:32:15 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ?X#B?????????????l|B? ?????? scanning hidden files ... C:\system.sav\CTO.TXT 4096 bytes C:\system.sav\CTOHW.TXT 16 bytes C:\system.sav\DAYLGSAV.reg 320 bytes C:\system.sav\INFO.BOM 8192 bytes C:\system.sav\INFO2.BOM 8192 bytes C:\system.sav\ISLOGCHK.LOG 472 bytes C:\system.sav\REBOOT.ME 48 bytes C:\system.sav\REGDEV.LOG 40 bytes C:\system.sav\REGFLUSH.LOG 4096 bytes C:\system.sav\RmDev.log 12288 bytes C:\system.sav\T55XGB.B22 4096 bytes C:\system.sav\TNXHLC.052 4096 bytes C:\system.sav\TNXXHP.052 4096 bytes C:\system.sav\TNXXHP.B22 4096 bytes C:\system.sav\TNXXIN.B22 4096 bytes C:\system.sav\util C:\system.sav\util\adobe.log 160 bytes C:\system.sav\util\AppEvBk1.old 65536 bytes C:\system.sav\util\ATIRES.EXE 69632 bytes C:\system.sav\util\bootldr.flg 0 bytes C:\system.sav\util\BOOTSEC.NT4 512 bytes C:\system.sav\util\CHECKLOG.EXE 98304 bytes C:\system.sav\util\CIA.INI 69632 bytes C:\system.sav\util\CMDOOBE.CMD 72 bytes C:\system.sav\util\COMPNAME.EXE 32768 bytes C:\system.sav\util\DEFUSER.REG 320 bytes C:\system.sav\util\delcia.flg 32 bytes C:\system.sav\util\deldir.log 4096 bytes C:\system.sav\util\DESKZOOM.log 168 bytes C:\system.sav\util\grnscrn.bto 552 bytes C:\system.sav\util\grnscrn.exe 49152 bytes C:\system.sav\util\infobomg.exe 102400 bytes C:\system.sav\util\INSTALL.LOG 204800 bytes C:\system.sav\util\make_rtr.flg 136 bytes C:\system.sav\util\NbUtil.log 184 bytes C:\system.sav\util\oca.reg 352 bytes C:\system.sav\util\oca_mrk.bat 120 bytes C:\system.sav\util\oobe.min 136 bytes C:\system.sav\util\oobe.wpe 184 bytes C:\system.sav\util\osexclude.txt 216 bytes C:\system.sav\util\PININST.INI 112 bytes C:\system.sav\util\PININST.LOG 160 bytes C:\system.sav\util\POSTOOBE.CMD 400 bytes C:\system.sav\util\POSTOOBE.LOG 24 bytes C:\system.sav\util\postproc.ini 608 bytes C:\system.sav\util\Powerset.log 96 bytes C:\system.sav\util andom.ini 32 bytes C:\system.sav\util\SecEvBk1.old 65536 bytes C:\system.sav\util\SETNAME.EXE 32768 bytes C:\system.sav\util\sleep.exe 36864 bytes C:\system.sav\util\srtool.exe 36864 bytes C:\system.sav\util\sr_on.vbs 4096 bytes C:\system.sav\util\SysEvBk1.old 65536 bytes C:\system.sav\util ouchpad.log 192 bytes C:\system.sav\util\WINDVD.LOG 176 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 55 ******************************************************************** Completion time: 2007-05-14 21:33:08 C:\ComboFix-quarantined-files.txt ... 2007-05-14 21:33

green day · Answer

Oui, normal, le nettoyage se fait avec l'option 2 en mode sans echec ! ensuite poste le rapport stp


++

Elpicador · Answer

Voilà, il détecte toujours la ligne kbdm.dll (tout comme comboFix), donc il n'a pas réusi à désinfecter (j'ai quand même posté le rapport de désinfection ci-dessous). Mais bon peut-être est-ce normal: quand j'ouvre system32, je trouve le fichier kbdm.dll.vir, donc AntiVir a réussi à le renommer (ce qui ne veut pas dire qu'il le contrôle totalement non plus). 

En ce qui concerne l'autre fichier, si tu regardes deux lignes en dessous il y a écrit:

 Attempting to delete C:\WINDOWS\system32\ljjighe.dll
C:\WINDOWS\system32\ljjighe.dll Has been deleted! 


donc pas de problème de ce côté là je pense. 





SmitFraudFix v2.181

Rapport fait à 22:00:28,45, 14/05/2007
Executé à partir de C:\Documents and Settings\Administrateur\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A72E112A-165F-4EE0-B5A0-EC894F12F0FC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

ok,

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la ligne en gras qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    
C:\WINDOWS\System32\kbdm.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

++

Elpicador · Answer

Il m'affiche une erreur:

kbdm.dll not found

Quand je le lance avec la ligne:

C:\WINDOWS\System32\kbdm.dll.vir


Il m'affiche:  failed to move...

green day · Answer

Salut

je pense que c'est la syntaxe qui n'est pas bonne ...

essaye avec ceci :

C:\WINDOWS\System32\kbdm.dll 

++

Elpicador · Answer

Salut,

J'ai réessayé comme cela mais ça n'a rien changé.

J'ai alors entrepris une suppression manuelle des registres, puis après une lutte acharnée j'ai enfin réussi à supprimer le dll infecté.

Après redémarage tout se passe bien, pourvu que ça dure... 

Je reposte un Hijack à toute fin utile...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:36:44, on 17/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HiJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BEA552E-BD94-480A-B06D-3F719C2D61E1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4C18F7D-3EB5-4A10-A121-A2A274E0923B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe  -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 195.190.118.157
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Filter: text/plain - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - (no file)
O20 - Winlogon Notify: wintjs32 - wintjs32.dll (file missing)
O21 - SSODL: System - {3C47C377-9997-4468-9901-723AFC0F06B7} - (no file)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

green day · Answer

Salut

ok, est-ce que norton est encore actif ???

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank 

O2 - BHO: (no name) - {F4C18F7D-3EB5-4A10-A121-A2A274E0923B} - (no file) 


O15 - Trusted Zone: *.searchmeup.cc
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 195.190.118.157
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Filter: text/plain - {BCB7664F-74C7-4641-BA95-90A8D2A04875} - (no file)

O20 - Winlogon Notify: wintjs32 - wintjs32.dll (file missing) 

ensuite, repasse un coup de ccleaner, et ça sera tout bon !

++

Elpicador · Answer

Ok tout roule. J'ai même désinstallé Norton vu que je ne l'utilisais plus et qu'il la ramenait tout le temps quand même.

Le Hijack final (enfin j'espère):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:53:42, on 18/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HiJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe  -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O21 - SSODL: System - {3C47C377-9997-4468-9901-723AFC0F06B7} - (no file)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

green day · Answer

Salut

 c'est tout bon ;-)

 un petit nettoyage de printemps complémentaire ? ;-)

 Pas de soucis !

@+

Elpicador · Answer

Salut,

Comme prévu j'ai nettoyé un peu mon second PC. A part quelques troyens et adware apparament rien de bien méchant donc pas de quoi faire un topic. Par contre, si une âme charitable (green day par exemple...) veut bien  jeter un oeil à mon hidjack pour confirmation...

Merci beaucoup!!



Logfile of HijackThis v1.99.1
Scan saved at 19:45:06, on 24/05/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Hijackthis\Hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D849D71-BABD-9320-AC43-67A172FD6EC4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28292782de5fac076023/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/7/1448/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer = 192.168.1.1,192.168.1.5
O18 - Protocol: bw+0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Norton AntiVirus Auto Protection (autopro) - Unknown owner - C:\WINDOWS\System32
avap32.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing)
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Loader (Sysload) - Unknown owner - C:\WINDOWS\System32\systems.exe" -service (file missing)
O23 - Service: Windos Video Link (WVL) - Unknown owner - C:\WINDOWS\System32\video_lnk32.exe" -service (file missing)

green day · Answer

Salut :-)

 une petite verif au passage :

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

 http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp.


++

Elpicador · Answer

Voilà pour le scan:

SmitFraudFix v2.186

Rapport fait à 22:51:48,78, 24/05/2007
Executé à partir de C:\Documents and Settings\El picador\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\El picador


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\El picador\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELPICA~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.95.68.238
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{91BAE553-1355-4700-885C-3D5ED02EA435}: DhcpNameServer=212.95.68.238 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer=192.168.1.1,192.168.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF281D12-AB57-44B9-A078-88C1E0AB13D8}: NameServer=80.10.246.1 80.10.246.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{91BAE553-1355-4700-885C-3D5ED02EA435}: DhcpNameServer=212.95.68.238 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer=192.168.1.1,192.168.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{91BAE553-1355-4700-885C-3D5ED02EA435}: DhcpNameServer=212.95.68.238 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer=192.168.1.1,192.168.1.5


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


En fait, tout de même un problème à signaler: de temps à autre helpsvc.exe se lance et me bouffe tout mon uc. Une fois le processus arrêté, tout rentre dans l'ordre, mais c'est quand même gênant...

green day · Answer

Salut

ok,

Télécharge Blacklight (de F-Secure) : 

https://europe.f-secure.com/exclude/blacklight/index.shtml

et sauvegarde le sur ton Bureau. 

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). 

Copie et colle le contenu de ce rapport dans ta prochaine réponse 

++

Elpicador · Answer

Voilà le rapport, mais il n'a rien trouvé. A noté que helpsvc.exe ne s'est pas pointé aujourd'hui. 



05/25/07 19:33:41 [Info]: BlackLight Engine 1.0.61 initialized
05/25/07 19:33:41 [Info]: OS: 5.1 build 2600 ()
05/25/07 19:33:41 [Note]: 7019 4
05/25/07 19:33:41 [Note]: 7005 0
05/25/07 19:34:18 [Note]: 7006 0
05/25/07 19:34:18 [Note]: 7011 412
05/25/07 19:34:18 [Note]: 7026 0
05/25/07 19:34:19 [Note]: 7026 0
05/25/07 19:34:23 [Note]: FSRAW library version 1.7.1021
05/25/07 19:42:10 [Note]: 2000 1012
05/25/07 19:44:46 [Note]: 7007 0

green day · Answer

Salut

voir ici : https://support.microsoft.com/fr-fr/help/839017

++

Elpicador · Answer

Ouaip j'avais déjà vu ça, merci. Comme par magie le processus en question n'apparait plus, donc tout va bien.

Rien à signaler par rapport à mon log hidjackthis?

Merci, à +.

green day · Answer

re

 non, rien de méchant dans le hijack, mise à part des lignes un peu inutiles et des traces de norton:

fixes ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 

O2 - BHO: (no name) - {4D849D71-BABD-9320-AC43-67A172FD6EC4} - (no file)

O18 - Protocol: bw+0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 

O23 - Service: Norton AntiVirus Auto Protection (autopro) - Unknown owner - C:\WINDOWS\System32
avap32.exe" -service (file missing) 


ensuite, repasse un coup de ccleaner  et installe un parefeu !

@+

Elpicador · Answer

Voilà, c'est fait. En principe j'ai désinstaller tout ce qui concerne Norton, donc il ne devrait plus y avoir de traces. Je poste le hidjack tout propre pour la forme (quoique il reste quelques (file missing) vers les lignes O23).

Peux tu me dire à quoi correspondait cette petite centaine d'entrées Logitech?

Dernière chose: AntiVir m'a détecté aujourd'hui le troyen Dldr, et l'a placé en quarantaine sans problème. Connais tu ce troyen et si il est dangeureux?

Enfin concernant le firewall, j'ai déjà essayé d'utiliser ZoneAlarm, mais je le trouve très lourd et il semble parfois incompatible avec certains programmes (echec de connexion, ralentissement). Donc je préfère faire sans quitte à me découvrir un peu.





Logfile of HijackThis v1.99.1
Scan saved at 21:51:14, on 28/05/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Hijackthis\Hijack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28292782de5fac076023/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1448.g.akamai.net/7/1448/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E127F9-6102-4315-97B7-07B4EE6485CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5240FB0-BC5C-4FF7-938A-E8113870BD8D}: NameServer = 192.168.1.1,192.168.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F1101F7D-F129-48DD-96D1-4D0DB6416183} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Norton AntiVirus Auto Protection (autopro) - Unknown owner - C:\WINDOWS\System32
avap32.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing)
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Loader (Sysload) - Unknown owner - C:\WINDOWS\System32\systems.exe" -service (file missing)
O23 - Service: Windos Video Link (WVL) - Unknown owner - C:\WINDOWS\System32\video_lnk32.exe" -service (file missing)

green day · Answer

re

Peux tu me dire à quoi correspondait cette petite centaine d'entrées Logitech? 
 

 pas à grand chose, j'avais un truc détaillé la dessus, je n'arrive plus à remettre à main dessus :/


Dernière chose: AntiVir m'a détecté aujourd'hui le troyen Dldr, et l'a placé en quarantaine sans problème. Connais tu ce troyen et si il est dangeureux?


Il y a tellement de torjan, je ne le connais pas en particulier : mais j'ai trouvé ceci :

http://www.avira.com/fr/threats/section/fulldetails/id_vir/3626/tr_dldr.swizzor.dv.html



fixe ces lignes stp : des lignes m'ont échappés !

O23 - Service: System Loader (Sysload) - Unknown owner - C:\WINDOWS\System32\systems.exe" -service (file missing)
O23 - Service: Windos Video Link (WVL) - Unknown owner - C:\WINDOWS\System32\video_lnk32.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto Protection (autopro) - Unknown owner - C:\WINDOWS\System32
avap32.exe" -service (file missing) 

Cliques sur :

 demarrer < executer < tapes  : services.msc

cherches dans la liste cette ligne et regles la sur "desactivé" 

System Loader 
Windos Video Link
Norton AntiVirus Auto Protection


Enfin concernant le firewall, j'ai déjà essayé d'utiliser ZoneAlarm, mais je le trouve très lourd et il semble parfois incompatible avec certains programmes (echec de connexion, ralentissement). Donc je préfère faire sans quitte à me découvrir un peu.


Ce n'est pas très sage ! pour ne pas dire : pas sage du tout !!! 
Pourtant ZA est très léger ! à la rigueur change s'en pour un autre ! Sinon  tu n'as pas encore finis de poster ici :)

++

Elpicador · Answer

Ok c'est fait. Reste encore ces trois lignes qui me semblent suspectent:

O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing)
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing)

O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) 

Qu'en penses-tu?


Question Firewall, ça fait plus de trois ans que je fonctionne comme ça et c'est la première fois que je demande de l'aide, pour bien peu de choses en plus (le premier pc que tu m'as aidé à désinfecter n'étant pas le mien). Donc pour l'instant je touche du bois. Je vais quand même réessayer d'en installer un sous-peu pour voir si j'arrive à cohabiter avec. On est jamais trop prudent...


Voilà, merci merci en tout cas, c'est du bon boulot.

green day · Answer

Bien vu !

 les deux dernières, sont aussi des restes de saletés !

O23 - Service: Windows Mini-Notepad (minpad) - Unknown owner - C:\WINDOWS\System32\windows-pad.exe" -service (file missing)
O23 - Service: Monitor (Monitor service) - Unknown owner - C:\WINDOWS\System32\explore.exe" -service (file missing)

O23 - Service: Network Service Manager (NSM) - Unknown owner - C:\WINDOWS\System32
etsvc.exe" -service (file missing) 

même traitement : fixer la lignes, et désactiver le services !
Ensuite, repasse un coup de ccleaner !



Question Firewall  : tu as beaucoup de chance ! j'ai déjà fais l'expérience de me promener sans ... aïe ! :)

@+

;-)

Elpicador · Answer

Bon ben voilà je crois que ce coup ci c'est tout bon.

Merci pour tout, bonne continuation sur ce forum. Et promis, je vais me mettre au firewall, ça fera moins de travail pour les contributeurs...

green day · Answer

Bonne continuation itoo ;-))

@+

Elpicador · Answer

Salut green day,

Après le portable du pote et le pc perso, je reviens avec le portable de papa. A priori pas de soucis non plus, mais n'étant pas un expert...il y a simplement quelques entrées BHO (no name) qui ne m'inspire pas confiance.

Je trouve aussi qu'il y a beaucoup de processus qui tournent, une bonne quarantaine, sont-ils tous indispensables? 

Merci bien, à +.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:25:00, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hidjackthis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0943081e80264ea3998689e63ac0e5b5
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0943081e80264ea3998689e63ac0e5b5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4B62C0F0-DCFF-11D2-91E2-004005195FF7} (EcritMath.EcritMathCtl) - http://perso.wanadoo.fr/nvogel/Dossiers/FichiersPersp/geo/INSTALLATION/EcritMath.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C84D00E9-2E5F-4646-AC84-B58974082878}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

green day · Answer

Salut :-)

 Effectivement, quelques petites bébéttes ... tu devrais te lancer dans la chasse au virus ! :))

fixe ces lignes :

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll 

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  <== celle-ci n'est pas méchante !

ensuite, cherche et supprime le dossier en gras : 

C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll  et le programme su même nom, s'il est présent dans ajout/supprimer un programme !

 ensuite, faire ce petite nettoyage :

 virus methode preliminaire de desinfection version fr

et installe un parefeu s'il n'y en a pas !

@+

Elpicador · Answer

Re,

J'avais déjà fait la méthode préliminaire de désinfection avant de faire appel à toi, et je n'ai eu que des rapports propres. Merci pour ton aide, j'ai désinstaller le prog en question et la ligne BHO vide.

C'est noté pour le part feu...celui de windows est-il suffisant?

à +.

green day · Answer

re

 non ! mets plutôt zone alarme !

++

Elpicador · Answer

Ok...encore merci.

green day · Answer

de rien :)

++

Infecté par troyens, help!!

41 réponses

Discussions similaires