Sujet Précédent Sujet Suivant

Virus

Résolu/Fermé
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007 - 28 oct. 2007 à 12:39
 Utilisateur anonyme - 2 nov. 2007 à 17:12
tout d'abord merci de preter attention
voila donc le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:35, on 25/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "c:\users\leroy\appdata\roaming\install_en[1].exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

89 réponses

Précédent
Réponse 21 / 89
Utilisateur anonyme
29 oct. 2007 à 21:08
ce rapport est clean.
fais ceci:
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html
0
Réponse 22 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
29 oct. 2007 à 21:16
SmitFraudFix v2.243

Scan done at 21:14:36,89, 29/10/2007
Run from C:\Users\Leroy\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Leroy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Leroy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Leroy\FAVORI~1

C:\Users\Leroy\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\Users\Public\Desktop\Online Security Guide.url FOUND !
C:\Users\Public\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Réseau local Broadcom 802.11b/g
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 23 / 89
Utilisateur anonyme
30 oct. 2007 à 09:14
bien refaits un smitfraud option 2 en mode sans échec.
infos ici:
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html


0
Réponse 24 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 10:02
SmitFraudFix v2.243

Scan done at 9:53:08,08, 30/10/2007
Run from C:\WINDOWS\System32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Users\Public\Desktop\Online Security Guide.url Deleted
C:\Users\Public\Desktop\Security Troubleshooting.url Deleted
C:\Users\Leroy\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F42DC871-1F4A-4ECE-8FBB-0F708CDB34E8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 89
Utilisateur anonyme
30 oct. 2007 à 11:41
bien,
reposte un log Hijackthis
décris brièvement le comportement de la machine.
0
Réponse 26 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 12:26
Logfile of HijackThis v1.99.1
Scan saved at 12:25:49, on 30/10/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe




voila le rapport, a part ça je n'ai rien remarqué de spécial, tout a fonctionner correctement
0
Réponse 27 / 89
Utilisateur anonyme
30 oct. 2007 à 13:00
analyse ceci

C:\WINDOWS\System32\igfxpers.exe


comment ?
va sur lma page ici:
https://leblogdeclaude.blogspot.com/2006/10/informatique-scan-en-ligne.html
descends jusqu'à Virus Total, c'est expliqué.
on va faire un peu le ménage, tu as beaucoups trop de processus inutiles lançés au démarrage.
-----------------------------------------------------------------------------------------------------------------
cocher + fixer
comment faire ?
https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html
-------------------------
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
------------------------------
fais ceci:
https://leblogdeclaude.blogspot.com/2007/10/procdure-btfix.html
postes le rapport








0
Réponse 28 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 14:09
voila le rapport de virus total
Information additionnelle
File size: 81920 bytes
MD5: 8e899a1a7c4670ce4ec1337cbf989787
SHA1: e52ef98753e2f57aaaae7126233ea99e2c22c899


pour hijackthis j'ai coché et fixé...pas de rapport

qd je telecharge Btfix.exe je reçoit de suite une fenetre d'avertissement windows defender "controler la presence de logiciels dangereux ou potentiellement non desiré" . cette fenetre place Adware:Win32/Mirar à un niveau d'alerte elevé. deux choix possibles, tout supprimer ou ignorer. par sécurité j'ai eu le reflexe d'appuyer sur tout supprimer
0
Réponse 29 / 89
Utilisateur anonyme
30 oct. 2007 à 15:55
je ne vois pas le rapport virus total
rien que le début !
Information additionnelle
File size: 81920 bytes
MD5: 8e899a1a7c4670ce4ec1337cbf989787
SHA1: e52ef98753e2f57aaaae7126233ea99e2c22c899
Il manque toute l'analyse !!!!!!!!!!
---------------------------------------------------
Btfix est détecté comme un faux positif, comme la majorité des outils de désinfection...
recommence et fait ignoré !!!
postes le rapport




0
Réponse 30 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 16:13
desolé j'avais compris qu'il ne fallait que la fin du rapport de virus total
le voila en entier

Fichier igfxpers.exe reçu le 2007.10.30 13:24:10 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 61 et 87 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.10.30.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.30 -
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.30 -
AVG 7.5.0.503 2007.10.30 -
BitDefender 7.2 2007.10.30 -
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5253 2007.10.30 -
Ewido 4.0 2007.10.30 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.30 -
F-Secure 6.70.13030.0 2007.10.30 -
Ikarus T3.1.1.12 2007.10.30 -
Kaspersky 7.0.0.125 2007.10.30 -
McAfee 5151 2007.10.29 -
Microsoft 1.2908 2007.10.30 -
NOD32v2 2627 2007.10.30 -
Norman 5.80.02 2007.10.29 -
Panda 9.0.0.4 2007.10.30 -
Prevx1 V2 2007.10.30 -
Rising 19.47.12.00 2007.10.30 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.29 -
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.29 -
Webwasher-Gateway 6.6.1 2007.10.30 -
Information additionnelle
File size: 81920 bytes
MD5: 8e899a1a7c4670ce4ec1337cbf989787
SHA1: e52ef98753e2f57aaaae7126233ea99e2c22c899

j'execute Btfix et te tient au courant
0
Réponse 31 / 89
Utilisateur anonyme
30 oct. 2007 à 16:22
ok,
;-)
0
Réponse 32 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 16:43
voila tout ce que j'ai apres avoir effectuer Btfix

BTFix 1.056 (par bibi26) - 30/10/2007 16:21:49 - Analyse
Lancé depuis C:\Users\Leroy\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée
0
Réponse 33 / 89
Utilisateur anonyme
30 oct. 2007 à 19:00
bien,
télécharches ceci:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
exécute-le.

S'il trouve une infection , la machine va rebooter.
poste le rapport.

0
Réponse 34 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 20:05
j'ai donc executer combofix
durant la procedure, la fenetre s'est effecé deux seconde ainsi que tous les icones du bureau et tous est revenu de suite
et voila le rapport

ComboFix 07-10-29.1 - Leroy 2007-10-30 19:51:16.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.392 [GMT 1:00]
Running from: C:\Users\Leroy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9W4TYO5\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))))))
.

2007-10-30 19:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 23:03 <REP> d-------- C:\WINDOWS\System32\SmitfraudFix
2007-10-29 21:14 6,648 --a------ C:\WINDOWS\System32\tmp.reg
2007-10-29 21:13 289,144 --a------ C:\WINDOWS\System32\VCCLSID.exe
2007-10-29 21:13 288,417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-10-29 21:13 53,248 --a------ C:\WINDOWS\System32\Process.exe
2007-10-29 21:13 51,200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-10-29 21:13 25,600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2007-10-29 21:12 <REP> d-------- C:\Users\Leroy\SmitfraudFix
2007-10-29 15:43 <REP> d-------- C:\Program Files\Navilog1
2007-10-29 12:39 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-10-27 17:31 <REP> d-------- C:\Users\Leroy\AppData\Roaming\Grisoft
2007-10-27 17:31 <REP> d-------- C:\Users\All Users\Grisoft
2007-10-27 17:31 <REP> d-------- C:\ProgramData\Grisoft
2007-10-27 17:31 10,872 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-10-27 17:14 <REP> d-------- C:\Program Files\Yahoo!
2007-10-27 17:14 <REP> d-------- C:\Program Files\CCleaner
2007-10-27 16:33 <REP> d-------- C:\Users\Leroy\AppData\Roaming\PC Tools
2007-10-27 16:33 <REP> d-a------ C:\Users\All Users\TEMP
2007-10-27 16:33 <REP> d-a------ C:\ProgramData\TEMP
2007-10-27 16:33 <REP> d-------- C:\Program Files\Spyware Doctor
2007-10-27 16:33 626,688 --a------ C:\WINDOWS\System32\msvcr80.dll
2007-10-27 16:33 79,688 --a------ C:\WINDOWS\System32\drivers\iksyssec.sys
2007-10-27 16:33 62,280 --a------ C:\WINDOWS\System32\drivers\iksysflt.sys
2007-10-27 16:33 41,288 --a------ C:\WINDOWS\System32\drivers\ikfilesec.sys
2007-10-27 16:33 29,000 --a------ C:\WINDOWS\System32\drivers\kcom.sys
2007-10-25 21:55 <REP> d-------- C:\Program Files\Trend Micro
2007-10-25 21:14 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-10-25 20:42 <REP> d-------- C:\WINDOWS\Nouveau dossier
2007-10-18 21:34 <REP> d-------- C:\Users\Leroy\AppData\Roaming\uTorrent
2007-10-18 21:34 <REP> d-------- C:\Program Files\uTorrent
2007-10-18 21:21 <REP> d-------- C:\Program Files\Common Files\Adobe
2007-10-18 21:06 <REP> d-------- C:\Users\Leroy\AppData\Roaming\BitTorrent
2007-10-18 21:05 <REP> d-------- C:\Program Files\BitTorrent
2007-10-18 19:06 <REP> d-------- C:\Users\Leroy\AppData\Roaming\AVS4YOU
2007-10-18 19:06 <REP> d-------- C:\Users\All Users\AVS4YOU
2007-10-18 19:06 <REP> d-------- C:\ProgramData\AVS4YOU
2007-10-18 19:03 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2007-10-18 19:03 <REP> d-------- C:\Program Files\AVS4YOU
2007-10-18 19:03 1,700,352 --a------ C:\WINDOWS\System32\GdiPlus.dll
2007-10-18 19:03 536,576 --a------ C:\WINDOWS\System32\msvcr70d.dll
2007-10-18 19:03 524,288 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-10-18 19:03 413,760 --a------ C:\WINDOWS\System32\mpg4c32.dll
2007-10-18 19:03 261,632 --a------ C:\WINDOWS\System32\mcdvd_32.dll
2007-10-18 19:03 139,264 --a------ C:\WINDOWS\System32\xvidvfw.dll
2007-10-18 19:03 24,576 --a------ C:\WINDOWS\System32\msxml3a.dll
2007-10-17 17:01 <REP> d-------- C:\Users\Leroy\AppData\Roaming\NCH Swift Sound
2007-10-17 17:01 <REP> d-------- C:\Users\All Users\NCH Swift Sound
2007-10-17 17:01 <REP> d-------- C:\ProgramData\NCH Swift Sound
2007-10-17 17:00 <REP> d-------- C:\Program Files\NCH Swift Sound
2007-10-11 02:05 8,147,968 --a------ C:\WINDOWS\System32\wmploc.DLL
2007-10-11 02:05 356,864 --a------ C:\WINDOWS\System32\MediaMetadataHandler.dll
2007-10-11 02:05 7,680 --a------ C:\WINDOWS\System32\spwmp.dll
2007-10-11 02:05 4,096 --a------ C:\WINDOWS\System32\dxmasf.dll
2007-10-11 02:02 788,992 --a------ C:\WINDOWS\System32\rpcrt4.dll
2007-10-11 02:02 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll
2007-10-11 02:02 84,480 --a------ C:\WINDOWS\System32\INETRES.dll
2007-09-16 12:16 <REP> d-------- C:\WINDOWS\PCHEALTH

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 18:50 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2007-10-30 18:50 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2007-10-30 17:27 1,554 ----a-w C:\Users\Leroy\AppData\Roaming\wklnhst.dat
2007-10-30 11:25 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-10-18 17:53 90,112 ----a-w C:\Windows\System32\agsaami.dll
2007-10-18 17:53 610,304 ----a-w C:\Windows\System32\agsaamg.dll
2007-10-18 17:53 372,736 ----a-w C:\Windows\System32\agsaamc.dll
2007-10-18 17:53 2,535,424 ----a-w C:\Windows\System32\agsaamj.dll
2007-10-18 17:53 196,608 ----a-w C:\Windows\System32\maag.dll
2007-10-18 17:53 1,986,560 ----a-w C:\Windows\System32\akll.dll
2007-10-18 17:53 1,245,184 ----a-w C:\Windows\System32\bkll.dll
2007-10-18 17:53 1,212,416 ----a-w C:\Windows\System32\ckll.dll
2007-10-11 01:14 --------- d-----w C:\Program Files\Windows Mail
2007-10-11 01:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-11 01:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-11 01:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-09-16 11:17 --------- d-----w C:\Program Files\MSN Messenger
2007-08-30 07:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-08-30 07:46 --------- d-----w C:\ProgramData\Symantec
2007-08-30 07:29 174 --sha-w C:\Program Files\desktop.ini
2007-08-30 07:24 --------- d-----w C:\Program Files\Windows Calendar
2007-08-30 07:23 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-30 07:23 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-30 07:23 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-08-30 07:23 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-30 07:23 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-08-30 07:23 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-30 07:23 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-30 07:23 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-30 07:23 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-08-30 07:22 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-08-30 07:22 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-30 07:22 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-30 07:22 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-30 07:22 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-30 07:22 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-30 07:22 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-30 07:22 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-30 07:22 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-30 07:22 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-30 07:20 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-08-30 07:20 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-08-30 07:20 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-08-30 07:20 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-08-30 07:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-08-30 07:20 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-08-30 07:20 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-08-30 07:20 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-08-30 07:20 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-08-30 07:20 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-08-30 07:20 3,470,008 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-08-30 07:20 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-08-30 07:20 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-08-30 07:20 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-08-30 07:20 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-08-30 07:20 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-08-30 07:20 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-08-30 07:20 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-30 07:18 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 16:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-23 19:25 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-23 19:25 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-23 19:25 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-23 19:25 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-23 19:24 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-23 19:24 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-23 19:24 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-23 19:23 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-23 19:23 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-08-16 01:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-08-16 01:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-07-29 18:09 63,488 ----a-w C:\Users\Leroy\xobglu16.dll
2007-07-29 18:09 332,210 ----a-w C:\Users\Leroy\xobglu32.dll
2007-07-26 23:06 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-07-26 23:06 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-07-26 23:06 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-07-26 23:06 144,704 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-07-26 23:06 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-07-26 23:06 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2007-07-26 23:06 118,520 ------w C:\Windows\System32\pxinsi64.exe
2007-07-26 23:06 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-07-26 23:03 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-07-26 23:03 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-07-26 23:03 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-07-26 23:03 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-07-26 23:03 740,442 ----a-w C:\Windows\System32\DivX.dll
2007-07-26 23:03 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-07-26 23:03 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-07-26 23:03 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-07-26 23:03 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-07-26 23:03 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-07-26 23:03 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-07-26 23:03 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-07-26 23:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-07-12 01:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-07-12 01:14 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-07-12 01:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-07-12 01:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-07-12 01:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-07-12 01:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-15 13:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 10:02]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 10:05]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 10:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 21:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 18:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-29 18:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-10-18 21:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-30 08:31:21 C:\Windows\Tasks\User_Feed_Synchronization-{B32BEE76-62CF-4DAC-ABAF-7028399DDA9E}.job"
"2007-10-30 18:46:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 19:56:07
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 19:59:18
.
--- E O F ---
0
Réponse 35 / 89
Utilisateur anonyme
30 oct. 2007 à 20:10
Bien, refaits un log Hijackthis
0
Réponse 36 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 20:20
Logfile of HijackThis v1.99.1
Scan saved at 12:25:49, on 30/10/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 37 / 89
Utilisateur anonyme
30 oct. 2007 à 20:35
stoppe ces processus.
https://leblogdeclaude.blogspot.com/2007/07/terminer-un-processus.html
------------------------------------------------------------------
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\SearchFilterHost.exe
---------------------------------------
cocher + fixer
https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
-------------------------------
repostes un log Hijackthis



0
Réponse 38 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 21:00
je ne trouve pas le processus C:\Windows\system32\SearchFilterHost.exe
néanmoins il y a un processus qui y ressemble(de nom), SearchIndexer.exe

RECTIFICATION le processus est apparu
0
Réponse 39 / 89
reno57 Messages postés 47 Date d'inscription dimanche 28 octobre 2007 Statut Membre Dernière intervention 2 novembre 2007
30 oct. 2007 à 21:16
par contre a present je suis en train de cocher dans hijackthis mais la huitieme ligne O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter est introuvableest ce que je continu sans preter attention
0
Réponse 40 / 89
Utilisateur anonyme
31 oct. 2007 à 10:38
pas de soucis , on verra-ça par Spybot alors.
regardes ici:
https://leblogdeclaude.blogspot.com/2007/03/informatique-supprimer-des-logiciels-au.html
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses