Sujet Précédent Sujet Suivant

Problème trojan i.virus@fp

Résolu/Fermé
Stef - 15 oct. 2007 à 11:17
 stef - 15 oct. 2007 à 17:24
Bonjour,
J'ai un problème avec des fenêtres intempestives et une icone triangle orange dans ma barre de notification. J'ai pu identifier le trojan il s'agit de i.virus@fp. J'ai fait une analyse hijackthis, est-ce que quelqu'un peut m'aider pour l'analyser et me dire ce que je doit réparer.
Merci d'avance.

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:03:57, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cssi\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CC27151-15DB-42D6-9FED-E9F1ACDADA63} - C:\WINDOWS\system32\awvvv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\awttrpq.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\pwteeeuj.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bmqvgkxq.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bmqvgkxq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rupwxskk.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: awttrpq - C:\WINDOWS\SYSTEM32\awttrpq.dll
O20 - Winlogon Notify: bmqvgkxq - C:\WINDOWS\SYSTEM32\bmqvgkxq.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
A voir également:

8 réponses

Réponse 1 / 8
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
15 oct. 2007 à 11:23
Bonjour,

Première opération Vundofix.
Télécharge :
VundoFix de Atribune: http://www.atribune.org/ccount/click.php?id=4

Double clic sur Vundofix.exe.
Coche la case Run VundoFix as a task
Répond OK au popup qui s'ouvre.
Il va se refermer et réouvrir au bout d'une minute environ.
Quand il est rouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
0
Réponse 2 / 8
stef
15 oct. 2007 à 12:27
Merci pour ta réponse si rapide !!
ci joint le rapport du logiciel:
Le probleme persiste.

VundoFix V6.5.10

Checking Java version...

Scan started at 12:12:27 15/10/2007

Listing files found while scanning....

C:\windows\system32\afhjnmmp.dll
C:\windows\system32\agwigmit.dll
C:\windows\system32\aopclttt.ini
C:\windows\system32\avkvtcyq.ini
C:\WINDOWS\system32\awttrpq.dll
C:\windows\system32\awxqvyhj.dll
C:\windows\system32\bhwmtcaq.ini
C:\windows\system32\bktsmakx.dll
C:\windows\system32\bmjkdrky.dll
C:\windows\system32\bmuvwxpg.ini
C:\windows\system32\cfqtbvbf.dll
C:\windows\system32\cvwistuw.dll
C:\windows\system32\cxclwhvv.dll
C:\windows\system32\cxprcqvy.dll
C:\windows\system32\dbkccbnx.ini
C:\windows\system32\ddspagvi.ini
C:\windows\system32\ehjpffxw.dll
C:\windows\system32\fbvbtqfc.ini
C:\windows\system32\fiqpoalr.dll
C:\windows\system32\fsueuqdr.dll
C:\windows\system32\ftebekgq.dll
C:\windows\system32\gpxwvumb.dll
C:\windows\system32\gtdlgryo.ini
C:\windows\system32\gxkdmykl.ini
C:\windows\system32\hamyaqaw.dll
C:\windows\system32\hhrokpom.dll
C:\windows\system32\htpfpbsx.ini
C:\windows\system32\igtvjdtp.dll
C:\windows\system32\iimtentm.ini
C:\windows\system32\injrfbco.dll
C:\windows\system32\irwuhjbk.dll
C:\windows\system32\itavrmbm.dll
C:\windows\system32\ivgapsdd.dll
C:\windows\system32\jgawgvas.ini
C:\windows\system32\jhyvqxwa.ini
C:\windows\system32\jihrxppj.ini
C:\windows\system32\jppxrhij.dll
C:\windows\system32\jtpsbcwn.dll
C:\windows\system32\jupkiiqp.ini
C:\windows\system32\jvqrrhxq.dll
C:\WINDOWS\system32\kaeshsre.dll
C:\windows\system32\kbjhuwri.ini
C:\windows\system32\kksxwpur.ini
C:\windows\system32\leplroho.ini
C:\windows\system32\ljpymdwr.ini
C:\windows\system32\lkymdkxg.dll
C:\windows\system32\lujvfhex.dll
C:\windows\system32\mbmrvati.ini
C:\windows\system32\mgkloxso.dll
C:\windows\system32\mgspgqix.dll
C:\windows\system32\mjniuuxr.dll
C:\windows\system32\mnaajuiv.dll
C:\windows\system32\momgujvs.ini
C:\windows\system32\mopkorhh.ini
C:\windows\system32\mtnetmii.dll
C:\windows\system32\ndchmivq.dll
C:\windows\system32\nectgyos.ini
C:\windows\system32\nghhtddq.ini
C:\windows\system32\nsaraqlv.dll
C:\windows\system32\nwcbsptj.ini
C:\windows\system32\ocbfrjni.ini
C:\windows\system32\ohorlpel.dll
C:\windows\system32\orkntmpq.ini
C:\windows\system32\osxolkgm.ini
C:\windows\system32\oyrgldtg.dll
C:\windows\system32\pfhqpdfr.dll
C:\windows\system32\pigxtgpy.ini
C:\windows\system32\pmmnjhfa.ini
C:\windows\system32\pnlymrsp.dll
C:\windows\system32\pqiikpuj.dll
C:\windows\system32\psrmylnp.ini
C:\windows\system32\ptdjvtgi.ini
C:\WINDOWS\system32\pwteeeuj.dll
C:\windows\system32\qactmwhb.dll
C:\windows\system32\qddthhgn.dll
C:\windows\system32\qehlplds.ini
C:\windows\system32\qgkebetf.ini
C:\windows\system32\qpmtnkro.dll
C:\windows\system32\qvimhcdn.ini
C:\windows\system32\qxhrrqvj.ini
C:\windows\system32\qyctvkva.dll
C:\windows\system32\rdqueusf.ini
C:\windows\system32\rfdpqhfp.ini
C:\windows\system32\rktkxpbt.ini
C:\windows\system32\rlaopqif.ini
C:\windows\system32\rupwxskk.dll
C:\windows\system32\rwdmypjl.dll
C:\windows\system32\rxuuinjm.ini
C:\windows\system32\savgwagj.dll
C:\windows\system32\sdlplheq.dll
C:\windows\system32\soygtcen.dll
C:\windows\system32\svjugmom.dll
C:\windows\system32\tbpxktkr.dll
C:\windows\system32\timgiwga.ini
C:\windows\system32\tttlcpoa.dll
C:\windows\system32\tuvssss.dll
C:\windows\system32\typjivhw.ini
C:\windows\system32\viujaanm.ini
C:\windows\system32\vlqarasn.ini
C:\windows\system32\vvhwlcxc.ini
C:\windows\system32\waqaymah.ini
C:\windows\system32\whvijpyt.dll
C:\windows\system32\wutsiwvc.ini
C:\windows\system32\wxffpjhe.ini
C:\windows\system32\xehfvjul.ini
C:\windows\system32\xiqgpsgm.ini
C:\windows\system32\xkamstkb.ini
C:\windows\system32\xnbcckbd.dll
C:\windows\system32\xsbpfpth.dll
C:\windows\system32\ykrdkjmb.ini
C:\WINDOWS\system32\ypgtxgip.dll
C:\windows\system32\yvqcrpxc.ini

Beginning removal...

Attempting to delete C:\windows\system32\afhjnmmp.dll
C:\windows\system32\afhjnmmp.dll Has been deleted!

Attempting to delete C:\windows\system32\agwigmit.dll
C:\windows\system32\agwigmit.dll Has been deleted!

Attempting to delete C:\windows\system32\aopclttt.ini
C:\windows\system32\aopclttt.ini Has been deleted!

Attempting to delete C:\windows\system32\avkvtcyq.ini
C:\windows\system32\avkvtcyq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttrpq.dll
C:\WINDOWS\system32\awttrpq.dll Could not be deleted.

Attempting to delete C:\windows\system32\awxqvyhj.dll
C:\windows\system32\awxqvyhj.dll Has been deleted!

Attempting to delete C:\windows\system32\bhwmtcaq.ini
C:\windows\system32\bhwmtcaq.ini Has been deleted!

Attempting to delete C:\windows\system32\bktsmakx.dll
C:\windows\system32\bktsmakx.dll Has been deleted!

Attempting to delete C:\windows\system32\bmjkdrky.dll
C:\windows\system32\bmjkdrky.dll Has been deleted!

Attempting to delete C:\windows\system32\bmuvwxpg.ini
C:\windows\system32\bmuvwxpg.ini Has been deleted!

Attempting to delete C:\windows\system32\cfqtbvbf.dll
C:\windows\system32\cfqtbvbf.dll Has been deleted!

Attempting to delete C:\windows\system32\cvwistuw.dll
C:\windows\system32\cvwistuw.dll Has been deleted!

Attempting to delete C:\windows\system32\cxclwhvv.dll
C:\windows\system32\cxclwhvv.dll Has been deleted!

Attempting to delete C:\windows\system32\cxprcqvy.dll
C:\windows\system32\cxprcqvy.dll Has been deleted!

Attempting to delete C:\windows\system32\dbkccbnx.ini
C:\windows\system32\dbkccbnx.ini Has been deleted!

Attempting to delete C:\windows\system32\ddspagvi.ini
C:\windows\system32\ddspagvi.ini Has been deleted!

Attempting to delete C:\windows\system32\ehjpffxw.dll
C:\windows\system32\ehjpffxw.dll Has been deleted!

Attempting to delete C:\windows\system32\fbvbtqfc.ini
C:\windows\system32\fbvbtqfc.ini Has been deleted!

Attempting to delete C:\windows\system32\fiqpoalr.dll
C:\windows\system32\fiqpoalr.dll Has been deleted!

Attempting to delete C:\windows\system32\fsueuqdr.dll
C:\windows\system32\fsueuqdr.dll Has been deleted!

Attempting to delete C:\windows\system32\ftebekgq.dll
C:\windows\system32\ftebekgq.dll Has been deleted!

Attempting to delete C:\windows\system32\gpxwvumb.dll
C:\windows\system32\gpxwvumb.dll Has been deleted!

Attempting to delete C:\windows\system32\gtdlgryo.ini
C:\windows\system32\gtdlgryo.ini Has been deleted!

Attempting to delete C:\windows\system32\gxkdmykl.ini
C:\windows\system32\gxkdmykl.ini Has been deleted!

Attempting to delete C:\windows\system32\hamyaqaw.dll
C:\windows\system32\hamyaqaw.dll Has been deleted!

Attempting to delete C:\windows\system32\hhrokpom.dll
C:\windows\system32\hhrokpom.dll Has been deleted!

Attempting to delete C:\windows\system32\htpfpbsx.ini
C:\windows\system32\htpfpbsx.ini Has been deleted!

Attempting to delete C:\windows\system32\igtvjdtp.dll
C:\windows\system32\igtvjdtp.dll Has been deleted!

Attempting to delete C:\windows\system32\iimtentm.ini
C:\windows\system32\iimtentm.ini Has been deleted!

Attempting to delete C:\windows\system32\injrfbco.dll
C:\windows\system32\injrfbco.dll Has been deleted!

Attempting to delete C:\windows\system32\irwuhjbk.dll
C:\windows\system32\irwuhjbk.dll Has been deleted!

Attempting to delete C:\windows\system32\itavrmbm.dll
C:\windows\system32\itavrmbm.dll Has been deleted!

Attempting to delete C:\windows\system32\ivgapsdd.dll
C:\windows\system32\ivgapsdd.dll Has been deleted!

Attempting to delete C:\windows\system32\jgawgvas.ini
C:\windows\system32\jgawgvas.ini Has been deleted!

Attempting to delete C:\windows\system32\jhyvqxwa.ini
C:\windows\system32\jhyvqxwa.ini Has been deleted!

Attempting to delete C:\windows\system32\jihrxppj.ini
C:\windows\system32\jihrxppj.ini Has been deleted!

Attempting to delete C:\windows\system32\jppxrhij.dll
C:\windows\system32\jppxrhij.dll Has been deleted!

Attempting to delete C:\windows\system32\jtpsbcwn.dll
C:\windows\system32\jtpsbcwn.dll Has been deleted!

Attempting to delete C:\windows\system32\jupkiiqp.ini
C:\windows\system32\jupkiiqp.ini Has been deleted!

Attempting to delete C:\windows\system32\jvqrrhxq.dll
C:\windows\system32\jvqrrhxq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kaeshsre.dll
C:\WINDOWS\system32\kaeshsre.dll Could not be deleted.

Attempting to delete C:\windows\system32\kbjhuwri.ini
C:\windows\system32\kbjhuwri.ini Has been deleted!

Attempting to delete C:\windows\system32\kksxwpur.ini
C:\windows\system32\kksxwpur.ini Has been deleted!

Attempting to delete C:\windows\system32\leplroho.ini
C:\windows\system32\leplroho.ini Has been deleted!

Attempting to delete C:\windows\system32\ljpymdwr.ini
C:\windows\system32\ljpymdwr.ini Has been deleted!

Attempting to delete C:\windows\system32\lkymdkxg.dll
C:\windows\system32\lkymdkxg.dll Has been deleted!

Attempting to delete C:\windows\system32\lujvfhex.dll
C:\windows\system32\lujvfhex.dll Has been deleted!

Attempting to delete C:\windows\system32\mbmrvati.ini
C:\windows\system32\mbmrvati.ini Has been deleted!

Attempting to delete C:\windows\system32\mgkloxso.dll
C:\windows\system32\mgkloxso.dll Has been deleted!

Attempting to delete C:\windows\system32\mgspgqix.dll
C:\windows\system32\mgspgqix.dll Has been deleted!

Attempting to delete C:\windows\system32\mjniuuxr.dll
C:\windows\system32\mjniuuxr.dll Has been deleted!

Attempting to delete C:\windows\system32\mnaajuiv.dll
C:\windows\system32\mnaajuiv.dll Has been deleted!

Attempting to delete C:\windows\system32\momgujvs.ini
C:\windows\system32\momgujvs.ini Has been deleted!

Attempting to delete C:\windows\system32\mopkorhh.ini
C:\windows\system32\mopkorhh.ini Has been deleted!

Attempting to delete C:\windows\system32\mtnetmii.dll
C:\windows\system32\mtnetmii.dll Has been deleted!

Attempting to delete C:\windows\system32\ndchmivq.dll
C:\windows\system32\ndchmivq.dll Has been deleted!

Attempting to delete C:\windows\system32\nectgyos.ini
C:\windows\system32\nectgyos.ini Has been deleted!

Attempting to delete C:\windows\system32\nghhtddq.ini
C:\windows\system32\nghhtddq.ini Has been deleted!

Attempting to delete C:\windows\system32\nsaraqlv.dll
C:\windows\system32\nsaraqlv.dll Has been deleted!

Attempting to delete C:\windows\system32\nwcbsptj.ini
C:\windows\system32\nwcbsptj.ini Has been deleted!

Attempting to delete C:\windows\system32\ocbfrjni.ini
C:\windows\system32\ocbfrjni.ini Has been deleted!

Attempting to delete C:\windows\system32\ohorlpel.dll
C:\windows\system32\ohorlpel.dll Has been deleted!

Attempting to delete C:\windows\system32\orkntmpq.ini
C:\windows\system32\orkntmpq.ini Has been deleted!

Attempting to delete C:\windows\system32\osxolkgm.ini
C:\windows\system32\osxolkgm.ini Has been deleted!

Attempting to delete C:\windows\system32\oyrgldtg.dll
C:\windows\system32\oyrgldtg.dll Has been deleted!

Attempting to delete C:\windows\system32\pfhqpdfr.dll
C:\windows\system32\pfhqpdfr.dll Has been deleted!

Attempting to delete C:\windows\system32\pigxtgpy.ini
C:\windows\system32\pigxtgpy.ini Has been deleted!

Attempting to delete C:\windows\system32\pmmnjhfa.ini
C:\windows\system32\pmmnjhfa.ini Has been deleted!

Attempting to delete C:\windows\system32\pnlymrsp.dll
C:\windows\system32\pnlymrsp.dll Has been deleted!

Attempting to delete C:\windows\system32\pqiikpuj.dll
C:\windows\system32\pqiikpuj.dll Has been deleted!

Attempting to delete C:\windows\system32\psrmylnp.ini
C:\windows\system32\psrmylnp.ini Has been deleted!

Attempting to delete C:\windows\system32\ptdjvtgi.ini
C:\windows\system32\ptdjvtgi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pwteeeuj.dll
C:\WINDOWS\system32\pwteeeuj.dll Has been deleted!

Attempting to delete C:\windows\system32\qactmwhb.dll
C:\windows\system32\qactmwhb.dll Has been deleted!

Attempting to delete C:\windows\system32\qddthhgn.dll
C:\windows\system32\qddthhgn.dll Has been deleted!

Attempting to delete C:\windows\system32\qehlplds.ini
C:\windows\system32\qehlplds.ini Has been deleted!

Attempting to delete C:\windows\system32\qgkebetf.ini
C:\windows\system32\qgkebetf.ini Has been deleted!

Attempting to delete C:\windows\system32\qpmtnkro.dll
C:\windows\system32\qpmtnkro.dll Has been deleted!

Attempting to delete C:\windows\system32\qvimhcdn.ini
C:\windows\system32\qvimhcdn.ini Has been deleted!

Attempting to delete C:\windows\system32\qxhrrqvj.ini
C:\windows\system32\qxhrrqvj.ini Has been deleted!

Attempting to delete C:\windows\system32\qyctvkva.dll
C:\windows\system32\qyctvkva.dll Has been deleted!

Attempting to delete C:\windows\system32\rdqueusf.ini
C:\windows\system32\rdqueusf.ini Has been deleted!

Attempting to delete C:\windows\system32\rfdpqhfp.ini
C:\windows\system32\rfdpqhfp.ini Has been deleted!

Attempting to delete C:\windows\system32\rktkxpbt.ini
C:\windows\system32\rktkxpbt.ini Has been deleted!

Attempting to delete C:\windows\system32\rlaopqif.ini
C:\windows\system32\rlaopqif.ini Has been deleted!

Attempting to delete C:\windows\system32\rupwxskk.dll
C:\windows\system32\rupwxskk.dll Has been deleted!

Attempting to delete C:\windows\system32\rwdmypjl.dll
C:\windows\system32\rwdmypjl.dll Has been deleted!

Attempting to delete C:\windows\system32\rxuuinjm.ini
C:\windows\system32\rxuuinjm.ini Has been deleted!

Attempting to delete C:\windows\system32\savgwagj.dll
C:\windows\system32\savgwagj.dll Has been deleted!

Attempting to delete C:\windows\system32\sdlplheq.dll
C:\windows\system32\sdlplheq.dll Has been deleted!

Attempting to delete C:\windows\system32\soygtcen.dll
C:\windows\system32\soygtcen.dll Has been deleted!

Attempting to delete C:\windows\system32\svjugmom.dll
C:\windows\system32\svjugmom.dll Has been deleted!

Attempting to delete C:\windows\system32\tbpxktkr.dll
C:\windows\system32\tbpxktkr.dll Has been deleted!

Attempting to delete C:\windows\system32\timgiwga.ini
C:\windows\system32\timgiwga.ini Has been deleted!

Attempting to delete C:\windows\system32\tttlcpoa.dll
C:\windows\system32\tttlcpoa.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvssss.dll
C:\windows\system32\tuvssss.dll Has been deleted!

Attempting to delete C:\windows\system32\typjivhw.ini
C:\windows\system32\typjivhw.ini Has been deleted!

Attempting to delete C:\windows\system32\viujaanm.ini
C:\windows\system32\viujaanm.ini Has been deleted!

Attempting to delete C:\windows\system32\vlqarasn.ini
C:\windows\system32\vlqarasn.ini Has been deleted!

Attempting to delete C:\windows\system32\vvhwlcxc.ini
C:\windows\system32\vvhwlcxc.ini Has been deleted!

Attempting to delete C:\windows\system32\waqaymah.ini
C:\windows\system32\waqaymah.ini Has been deleted!

Attempting to delete C:\windows\system32\whvijpyt.dll
C:\windows\system32\whvijpyt.dll Has been deleted!

Attempting to delete C:\windows\system32\wutsiwvc.ini
C:\windows\system32\wutsiwvc.ini Has been deleted!

Attempting to delete C:\windows\system32\wxffpjhe.ini
C:\windows\system32\wxffpjhe.ini Has been deleted!

Attempting to delete C:\windows\system32\xehfvjul.ini
C:\windows\system32\xehfvjul.ini Has been deleted!

Attempting to delete C:\windows\system32\xiqgpsgm.ini
C:\windows\system32\xiqgpsgm.ini Has been deleted!

Attempting to delete C:\windows\system32\xkamstkb.ini
C:\windows\system32\xkamstkb.ini Has been deleted!

Attempting to delete C:\windows\system32\xnbcckbd.dll
C:\windows\system32\xnbcckbd.dll Has been deleted!

Attempting to delete C:\windows\system32\xsbpfpth.dll
C:\windows\system32\xsbpfpth.dll Has been deleted!

Attempting to delete C:\windows\system32\ykrdkjmb.ini
C:\windows\system32\ykrdkjmb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypgtxgip.dll
C:\WINDOWS\system32\ypgtxgip.dll Could not be deleted.

Attempting to delete C:\windows\system32\yvqcrpxc.ini
C:\windows\system32\yvqcrpxc.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awttrpq.dll
C:\WINDOWS\system32\awttrpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kaeshsre.dll
C:\WINDOWS\system32\kaeshsre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypgtxgip.dll
C:\WINDOWS\system32\ypgtxgip.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 3 / 8
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
15 oct. 2007 à 13:17
Bonjour,
Peux-tu poster un nouveau rapport Hijackthis avec cette version
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
HijackThis™ 2.0 .2 Finale

Tu peux supprimer ta version Beta.
0
Réponse 4 / 8
stef
15 oct. 2007 à 14:17
Ci joint le rapport
merci.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:51, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\clnpfhgl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\chaxclhn.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
15 oct. 2007 à 15:04
Bonjour

Télécharge OTMoveIt : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Sur ton bureau. Important.

Tu le lances, il ne nécessite pas d'installation.

Tu inscris ou tu colles le chemin du fichier/dossier à supprimer dans la fenêtre de gauche (Paste List of Files/Folders to be moved) et tu cliques sur MoveIt!.
(La case Unregister Dll's and OCX's doit être cochée.)
C:\WINDOWS\system32\clnpfhgl.dll
C:\WINDOWS\system32\chaxclhn.dll
Le fichier passe alors dans la fenêtre de droite.
Et tu obtiendras à la racine du système un dossier C:\_OTMoveIt
Dans ce dernier il y aura un sous-dossier Moved Files dans lequel il y aura une sauvegarde du/des fichier(s) supprimé(s) et un fichier
de ce type 10152007_******.log (mm/jj/aaaa_hh/mm/ss = date et horaire de la suppression) que tu posteras par copier-coller pour contrôle.

Si un redémarrage est demandé, accepte-le après avoir fermé tes applications en cours et terminé la procédure.

Lance Hijackthis en mode sans échec par Scan only
https://www.malekal.com/demarrer-windows-mode-sans-echec/
Tu coches ces deux lignes :
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\clnpfhgl.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\chaxclhn.dll",sitypnow
Clique sur Fix checked

Poste avec un nouveau log Hijackthis.
0
Réponse 6 / 8
stef
15 oct. 2007 à 15:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:06, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 7 / 8
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
15 oct. 2007 à 16:49
Bonjour
J'ai demandé un rapport OtMoveIt, où est-il ?
Et les nouvelles du comportement de ton ordinateur ?
Comment veux-tu que je devine, un rapport Hihjackthis n'est qu'un des éléments
La moindre des choses quand on demande d el'aide est de respecter celui ou celle qui t'apporte cette aide
Et remercier n'a jamais rendu quelqu'un infréquentable
0
Réponse 8 / 8
stef
15 oct. 2007 à 17:24
Je te remercie et je t'ai remercié !!

Laisse tomber, j'ai utilisé mon ghost pour retablir les parametres.

Je te remercie encore pour aide.
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses