Sujet Précédent Sujet Suivant

Problèmes de connection liés à un trojan ?

Fermé
swedish Messages postés 8 Date d'inscription mardi 16 octobre 2007 Statut Membre Dernière intervention 22 octobre 2007 - 19 oct. 2007 à 13:46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 oct. 2007 à 09:11
Bonjour,


J'ai actuellement de gros problèmes de connection. En effet, mon antivirus (Mac Afee) détecte à chaque réallumage un trojan du nom de "Zapchast.org" qui semble bloquer mon accès internet. .Je peux pinger la connection (192.168 etc...) mais pas une page internet (ex: www.google.fr).
J'ai essayé un point de restauration antérieur qui finalement me permet d'avoir accès au net jusqu'a ce que je le redémarre. Mettre en veille ou veille prolongé mon pc portable ne bloque pas mon accès.

J'ai lu pas mal de forums concernant ce trojan et suivi les exemples de résolution pas à pas sans succès..

Mon pc : Dell inspiron 9400, Windows Xp pack2, antivirus MacAfee, logiciels annexes adaware, ccleaner, avantispyware.

Je vous post mes rapport de hijack :

Logfile of HijackThis v1.99.1
Scan saved at 12:40:58, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\WINDOWS\system32\lExplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\SoftwareDistribution\Download\84fbc956da54d159058962d983555052\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\GAULTI~1\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Combo fix :

ComboFix 07-10-19.1 - Gaultier Nicolas 2007-10-19 12:08:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.250 [GMT 2:00]
Running from: C:\Documents and Settings\Gaultier Nicolas\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\W007T32W.DLL
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 12:09 <REP> d-------- C:\Documents and Settings\Gaultier Nicolas\Application Data\Grisoft
2007-10-19 12:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-19 12:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-19 11:32 <REP> d-------- C:\Program Files\myFairTunes
2007-10-15 22:31 <REP> d-------- C:\Documents and Settings\Gaultier Nicolas\Application Data\GetRightToGo
2007-10-09 21:52 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 21:09 <REP> d-------- C:\Program Files\PMG
2007-10-03 21:00 <REP> d-------- C:\Documents and Settings\Gaultier Nicolas\Application Data\mIRC
2007-09-28 02:07 <REP> d-------- C:\Program Files\Tunebite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-19 09:30 --------- d-----w C:\Program Files\McAfee
2007-10-15 20:53 --------- d-----w C:\Documents and Settings\Gaultier Nicolas\Application Data\Azureus
2007-10-10 22:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-01 22:23 --------- d-----w C:\Program Files\Azureus
2007-09-06 18:16 --------- d-----w C:\Documents and Settings\Gaultier Nicolas\Application Data\Sony Corporation
2007-09-06 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 17:25 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-09-06 17:24 --------- d-----w C:\Program Files\Sony
2007-09-06 17:23 --------- d-----w C:\Program Files\Common Files
2007-09-06 17:23 --------- d-----w C:\Documents and Settings\Gaultier Nicolas\Application Data\InstallShield
2007-09-06 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-09-02 12:29 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-08-31 00:30 --------- d-----w C:\Program Files\SiteAdvisor
2007-08-30 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-06-13 13:22:28 1,322,496 --sh--r C:\WINDOWS\system32\lExplore.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"lnternet Update"="lExplore.exe" [2007-06-13 15:22 C:\WINDOWS\system32\lExplore.exe]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-01-20 15:53]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-04-27 15:45]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 19:18]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-04-06 15:58]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 18:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"lnternet Update"=lExplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csghk.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
"C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe"
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{072645b8-bdc4-11db-ba30-001641894a5f}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f9bc0bc-7616-11db-b90b-001641894a5f}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7ba6be-5f3d-11db-b8ac-0015c53aed34}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7ba6ca-5f3d-11db-b8ac-0015c53aed34}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86e49d32-aaf1-11db-b9e4-001641894a5f}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88d99bc1-a244-11db-b9af-001641894a5f}]
Auto\command - F:\RavMonE.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94e9d0de-758e-11db-b906-001641894a5f}]
AutoRun\command - EXPLORER.EXE
explore\Command - EXPLORER.EXE
open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d19b12f-ce13-11db-ba5e-001641894a5f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d2c29b6-b5f5-11db-ba11-001641894a5f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad026884-136e-11dc-babb-001641894a5f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfb0bf36-8613-11db-b95e-001641894a5f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c46cc28e-a951-11db-b9d7-001641894a5f}]
Auto\command - F:\RavMonE.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da903ff6-5798-11db-b88d-0015c53aed34}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc9a890-d080-11db-ba60-001641894a5f}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-08-10 15:17:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
"2007-10-14 23:15:37 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-09-30 23:00:18 C:\WINDOWS\Tasks\McQcTask.job"
"2006-07-25 21:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 12:14:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 12:17:40 - machine was rebooted
.
--- E O F ---
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 oct. 2007 à 14:27
slt,

# Téléchargez ce tool de sUBs : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
# Double-cliquez dessus et laissez-vous guider.

____________

AVG antispyware

https://www.01net.com/telecharger/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

____________________
lance cwshredder (faire fix)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html

___________________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html

____________________


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________________

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html

________________

recolle un rapport hijackthis et dis tes pbs
0
Réponse 2 / 5
swedish Messages postés 8 Date d'inscription mardi 16 octobre 2007 Statut Membre Dernière intervention 22 octobre 2007
19 oct. 2007 à 23:29
cwshredder :

Il ne détecte rien !

AVG antispyware :


HKU\S-1-5-21-4106764131-3877673919-2339601661-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} -> Adware.Generic : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.218:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Gaultier Nicolas\Cookies\gaultier_nicolas@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.264:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.265:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.266:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.267:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.268:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.243:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.196:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.197:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.198:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.246:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Gaultier Nicolas\Cookies\gaultier_nicolas@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Gaultier Nicolas\Cookies\gaultier_nicolas@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Gaultier Nicolas\Cookies\gaultier_nicolas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.188:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.189:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.190:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.191:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.165:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Masterstats : Aucune action entreprise.
:mozilla.133:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Gaultier Nicolas\Cookies\gaultier_nicolas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.127:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.128:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.129:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.130:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.131:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.132:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.206:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.228:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.229:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport

Clean zip :


19/10/2007 a 22:00:57,70

*** Recherche des fichiers dans C:
C:\autorun.inf FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

------------------------------------------------------------------
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 19/10/2007 a 22:02:53,98

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\autorun.inf
Impossible de supprimer C:\autorun.inf

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


CCleaner fut réalisé 3 fois plus d"erreurs de registre détectés !

Panda Online


Détails de l'analyse
Niveau de risque élevé (1)
W32/Gaobot.OXI... Virus
Actif/Active
Afficher +Infos
C:\WINDOWS\SYSTEM32\LEXPLORE.EXE
Niveau de risque moyen (1)
adware/megatds Adware (logiciel publicitaire)
Latent(e)
Afficher +Infos
hkey_local_machine\softwa...dows\currentversion\ruins
Niveau de risque faible (25)
Latent(e)
Afficher +Infos
C:\Documents and Settings...icolas@doubleclick[1].txt
C:\Documents and Settings...es.txt[.doubleclick.net/]
Cookie/Bluestr... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\System Volume Informat...0199950.exe[nircmd.cfexe]
C:\System Volume Informat...77439}\RP381\A0199944.exe
C:\System Volume Informat...\A0199950.exe[nircmd.exe]
Latent(e)
Afficher +Infos
C:\Documents and Settings...\cookies.txt[.atdmt.com/]
C:\Documents and Settings...tier_nicolas@atdmt[2].txt
Cookie/RealMed... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...s.txt[.247realmedia.com/]
Cookie/Adrevol... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...ies.txt[.adrevolver.com/]
Cookie/FastCli... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...kies.txt[.fastclick.net/]
Cookie/Adverti... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...es.txt[.advertising.com/]
Application/My... Application de surveillance
Latent(e)
Afficher +Infos
C:\System Volume Informat...77439}\RP377\A0197917.dll
C:\System Volume Informat...77439}\RP381\A0200783.dll
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
Cookie/Tradedo... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...s.txt[.tradedoubler.com/]
Cookie/Overtur... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...okies.txt[.overture.com/]
Cookie/Weboram... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...txt[ad.yieldmanager.com/]
Cookie/Serving... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...es.txt[.serving-sys.com/]
Application/Ni... Application de surveillance
Latent(e)
Afficher +Infos
C:\WINDOWS\nircmd.exe
C:\Documents and Settings...sinfector.exe[nircmd.exe]
C:\Documents and Settings...e\426549C9d01[nircmd.exe]
Cookie/Adtech Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...\cookies.txt[.adtech.de/]
Cookie/Smartad... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings....txt[.smartadserver.com/]
Cookie/Statcou... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...es.txt[.statcounter.com/]
Cookie/Mediapl... Cookie de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...txt[.bs.serving-sys.com/]
Application/Ps... Application de surveillance
Latent(e)
Afficher +Infos
C:\Documents and Settings...7B45d01[clean/pskill.exe]
C:\Documents and Settings...ean.zip[clean/pskill.exe]
C:\Documents and Settings...s\Bureau\clean\pskill.exe
Trj/Agent.FUW Virus
Latent(e)
Afficher +Infos
C:\Program Files\Mozilla Firefox\services.exe
Cookie/Xiti Cookie de surveillance
Latent(e)
Afficher +Infos



Voila j'ai fais tout ce qui m'a été demandé une chose vous saute t elle aux yeux?
0
Réponse 3 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 oct. 2007 à 23:17
panda a vu W32/Gaobot


alors lance ce logiciel:

https://www.broadcom.com/support/security-center

________________


pour:
AVG antispyware :


HKU\S-1-5-21-4106764131-3877673919-2339601661-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} -> Adware.Generic : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\Gaultier Nicolas\Application Data\Mozilla\Firefox\Profiles\mpr2c8ug.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.


comme tu vois : Aucune action entreprise. tu l'as mal , ffait, refait le et supprime ce qui est trouvé

_________________

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.


_________________

recolle hijackthis et dis tes pbs
0
Réponse 4 / 5
swedish Messages postés 8 Date d'inscription mardi 16 octobre 2007 Statut Membre Dernière intervention 22 octobre 2007
22 oct. 2007 à 01:30
J'ai lancé symantec il a détecté le virus également.


J'ai relancé AVG et supprimé cette fois ci ! ...no comment lol


Rapport Lopxp

fait le 22/10/2007 à 0:31:26
Option de recherche: Listing par date création

Exécuté dans : C:\Program Files\Lopxp



___________________________________________________________________________

[Tâches planifiées]


Maintenance en 1 clic.job
McDefragTask.job
McQcTask.job
Rappel d'abonnement 1 auprès de l'ISP.job

___________________________________________________________________________

[Listing des dossiers Application Data]


C:\Documents and Settings\Administrateur\Application Data

17/07/2006 19:02:37 -- ATI
17/07/2006 19:08:23 -- Corel
01/09/2005 07:25:25 -- Identities
17/07/2006 19:00:04 -- Intel
24/02/2007 19:46:38 -- Lavasoft
01/09/2005 07:25:08 -- Microsoft
17/07/2006 18:51:40 -- Sun
17/07/2006 19:11:32 -- Symantec
17/07/2006 19:04:15 -- You've Got Pictures Screensaver

C:\Documents and Settings\Administrateur\Local Settings\Application Data

01/09/2005 07:27:57 -- ApplicationHistory
17/07/2006 19:02:37 -- ATI
17/07/2006 18:58:31 -- BVRP Software
01/09/2005 07:25:08 -- Microsoft
17/07/2006 18:51:21 -- {7148F0A6-6813-11D6-A77B-00B0D0142030}

C:\Documents and Settings\All Users\Application Data

17/07/2006 19:04:26 -- Adobe
17/07/2006 19:03:22 -- AOL
02/08/2006 05:00:52 -- Apple Computer
19/10/2007 21:41:16 -- Grisoft
17/07/2006 19:06:26 -- InstallShield
17/07/2006 18:59:41 -- Intel
09/02/2007 12:44:35 -- iolo
17/07/2006 19:10:29 -- McAfee
17/07/2006 19:09:44 -- McAfee.com
01/09/2005 07:04:58 -- Microsoft
21/03/2007 15:48:41 -- Microsoft Help
12/07/2007 23:23:02 -- OrbNetworks
19/09/2006 17:45:14 -- Pinnacle
17/07/2006 19:04:08 -- QuickTime
29/12/2006 01:50:48 -- RoboForm
25/02/2007 11:13:08 -- SiteAdvisor
06/09/2007 19:21:24 -- Sony Corporation
25/08/2006 03:56:03 -- Spybot - Search & Destroy
17/07/2006 19:11:22 -- Symantec
05/08/2007 00:27:12 -- TuneUp Software
17/07/2006 19:04:15 -- Viewpoint
08/08/2006 00:43:15 -- Windows Genuine Advantage

C:\Documents and Settings\Gaultier Nicolas\Application Data

24/07/2006 18:42:33 -- Adobe
05/04/2007 15:25:27 -- Apple Computer
24/07/2006 18:39:22 -- ATI
09/10/2006 19:26:59 -- Azureus
24/07/2006 18:39:22 -- Corel
03/08/2006 04:31:56 -- Corel Photo Album
01/08/2006 04:26:01 -- Creative
24/07/2006 21:26:02 -- CyberLink
15/10/2007 22:31:46 -- GetRightToGo
19/10/2007 21:41:34 -- Grisoft
03/08/2006 04:24:54 -- Help
24/07/2006 18:39:22 -- Identities
06/09/2007 19:23:12 -- InstallShield
24/07/2006 18:39:22 -- Intel
09/02/2007 12:44:35 -- iolo
24/08/2006 15:32:26 -- Lavasoft
25/07/2006 00:45:10 -- Macromedia
06/08/2006 03:12:35 -- Media Player Classic
24/07/2006 18:39:22 -- Microsoft
03/10/2007 21:00:32 -- mIRC
20/01/2007 21:36:23 -- Mozilla
26/12/2006 23:38:22 -- My Games
09/03/2007 20:53:21 -- Real
25/02/2007 11:31:48 -- SiteAdvisor
06/09/2007 19:19:32 -- Sony Corporation
03/11/2006 19:19:10 -- Sports Interactive
24/07/2006 18:39:22 -- Sun
24/07/2006 18:39:22 -- Symantec
20/01/2007 21:37:09 -- Talkback
25/07/2006 19:59:03 -- teamspeak2
11/09/2006 23:19:38 -- Template
05/08/2007 00:27:35 -- TuneUp Software
16/02/2007 16:30:27 -- U3
24/07/2006 18:39:22 -- You've Got Pictures Screensaver

C:\Documents and Settings\Gaultier Nicolas\Local Settings\Application Data

24/07/2006 18:42:42 -- Adobe
03/08/2006 05:22:02 -- Apple Computer
24/07/2006 18:39:22 -- ApplicationHistory
24/07/2006 18:39:22 -- ATI
24/07/2006 18:39:22 -- BVRP Software
03/08/2006 04:31:52 -- Corel Photo Album
03/08/2006 04:24:54 -- Help
08/08/2006 02:19:23 -- Identities
19/09/2006 17:58:18 -- IsolatedStorage
24/07/2006 18:39:21 -- Microsoft
21/03/2007 15:49:05 -- Microsoft Help
20/01/2007 21:36:37 -- Mozilla
24/07/2006 21:26:01 -- PowerDVD
24/07/2006 18:39:21 -- {7148F0A6-6813-11D6-A77B-00B0D0142030}

___________________________________________________________________________

[Listing du dossier Program Files]

C:\Program Files

09/02/2007 12:31:35 -- 3B Software
17/07/2006 19:04:23 -- Adobe
17/09/2006 19:51:33 -- Alwil Software
17/07/2006 18:57:59 -- ATI Technologies
09/10/2006 19:26:52 -- Azureus
03/05/2007 19:59:33 -- Capcom
21/02/2007 00:30:27 -- CCleaner
06/09/2007 19:23:23 -- Common Files
01/09/2005 07:13:21 -- ComPlus Applications
17/07/2006 18:55:26 -- CONEXANT
17/07/2006 19:07:00 -- Corel
17/07/2006 19:07:28 -- Corel Corporation
17/07/2006 19:01:24 -- Creative
17/07/2006 19:01:03 -- CyberLink
17/07/2006 18:59:16 -- Dell
17/07/2006 18:58:44 -- Digital Line Detect
19/09/2006 17:47:57 -- DivX
01/09/2005 07:08:24 -- Fichiers communs
26/12/2006 23:35:34 -- Firaxis Games
01/09/2005 07:27:50 -- FrenchOtto
26/12/2006 22:54:53 -- GDS
01/09/2005 07:27:53 -- GemMasterFrench
24/02/2007 17:09:07 -- Grisoft
17/07/2006 18:58:31 -- InstallShield Installation Information
17/07/2006 18:59:41 -- Intel
17/07/2006 19:00:18 -- Intel, Inc
01/09/2005 07:15:01 -- Internet Explorer
25/05/2007 09:38:17 -- iolo
03/08/2006 04:24:37 -- IrfanView
17/07/2006 18:51:27 -- Java
06/08/2006 03:11:59 -- K-Lite Codec Pack
29/01/2007 17:20:25 -- Lavasoft
22/10/2007 00:28:36 -- Lopxp
17/07/2006 19:10:29 -- McAfee
17/07/2006 19:08:31 -- McAfee.com
01/09/2005 07:12:16 -- Messenger
01/09/2005 07:18:39 -- microsoft frontpage
12/10/2006 10:47:21 -- Microsoft Office
21/03/2007 15:58:33 -- Microsoft Visual Studio
17/07/2006 19:03:03 -- Microsoft Works
21/03/2007 15:57:32 -- Microsoft.NET
17/07/2006 18:58:37 -- Modem Helper
01/09/2005 07:12:34 -- Movie Maker
20/01/2007 21:36:22 -- Mozilla Firefox
21/03/2007 15:58:52 -- MSBuild
01/09/2005 07:12:08 -- MSN
01/09/2005 07:12:16 -- MSN Gaming Zone
14/05/2007 00:50:23 -- MSN Messenger
27/10/2006 07:36:13 -- MSXML 4.0
19/10/2007 12:34:02 -- myFairTunes
17/07/2006 19:06:28 -- MyWaySA
01/09/2005 07:15:03 -- NetMeeting
17/07/2006 18:58:30 -- NetWaiting
17/07/2006 19:12:10 -- Norton Ghost
01/09/2005 07:13:08 -- Online Services
12/07/2007 23:22:50 -- Orb Networks
01/09/2005 07:15:02 -- Outlook Express
19/10/2007 22:11:06 -- Panda Security
30/04/2007 16:01:28 -- PDFCreator
19/09/2006 17:46:05 -- Pinnacle
03/10/2007 21:09:56 -- PMG
17/07/2006 19:04:08 -- QuickTime
09/03/2007 21:01:02 -- Real
01/09/2005 07:15:29 -- Services en ligne
29/12/2006 01:48:59 -- Siber Systems
17/07/2006 18:55:19 -- Sigmatel
25/02/2007 11:13:08 -- SiteAdvisor
17/07/2006 19:05:02 -- Sonic
06/09/2007 19:20:37 -- Sony
24/07/2006 19:08:13 -- Sports Interactive
25/08/2006 03:56:01 -- Spybot - Search & Destroy
17/07/2006 18:58:52 -- Synaptics
25/07/2006 19:58:18 -- Teamspeak2_RC2
29/06/2007 15:40:35 -- ToniArts
17/07/2006 19:00:20 -- Toshiba
20/06/2007 19:22:35 -- Travian
28/09/2007 02:07:39 -- Tunebite
05/08/2007 00:27:35 -- TuneUp Utilities 2007
01/09/2005 07:25:21 -- Uninstall Information
17/07/2006 19:06:43 -- Wanadoo Europe
19/01/2007 00:42:34 -- Windows Media Connect 2
01/09/2005 07:12:47 -- Windows Media Player
01/09/2005 07:12:07 -- Windows NT
01/09/2005 07:12:41 -- Windows Plus
01/09/2005 07:15:33 -- WindowsUpdate
02/08/2006 22:45:40 -- WinRAR
01/09/2005 07:18:40 -- xerox
17/07/2006 19:06:31 -- Your Company Name

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]



___________________________________________________________________________

[Clés registre de démarrage]


___________________________________________________________________________

[Popups autorisés]


[-] Internet Explorer :

www1.euro.dell.com
support.euro.dell.com
*.play.yahoo.com
www.news-torrent.com
zonenxt.msn-int.com
zonenxt.msn-ppe.com
zone.msn.com

[-] Mozilla Firefox (2 bloqués)

host popup 1 astree.bvdep.com
host popup 1 www.diane.bvdep.com

[-] Suite Mozilla / SeaMonkey (2 bloqués)



- Fin du rapport -



Rapport de Hijack


Logfile of HijackThis v1.99.1
Scan saved at 01:30:41, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\DOCUME~1\GAULTI~1\LOCALS~1\Temp\Rar$EX26.7828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 oct. 2007 à 09:11
fix ces lignes avec hijackthis

O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

__________________

mets a jour java: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis mise a jour

__________________

recolle hijackthis et surtout dis tes pbs
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses