Trojan-downloader;small.DCU

sylvianesteevy -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
J'ai un trojan dénommé Trojan-Downloader.Small.DCU. Qui peut m'aider à m'en débarrasser? Jake
Configuration: Windows XP
Internet Explorer 7.0

5 réponses

  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    1) Clique sur ce lien
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    pour télécharger le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la license en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
    http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

    2) Clique sur ce lien :
    http://www.alt-shift-return.org/Info/GenProc-HowTo.html

    ensuite, clique sur celui-ci et exécute le tuto du lien ci-dessus
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    Poste le rapport dans ta réponse.

    Ne commence pas à mettre en oeuvre les recommandations.
    0
  2. sylvianesteevy
     
    #
    # An unexpected error has been detected by Java Runtime Environment:
    #
    Bonjour Lyonnais 92, désolé de répondre si tard mais j'ai eu besoin d'aide pour suivre ta procédure. Ci-après le rapport Hijackthis
    merci de m'aider.

    # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000000, pid=5152, tid=4628
    #
    # Java VM: Java HotSpot(TM) Client VM (1.6.0_01-b06 mixed mode)
    # Problematic frame:
    # C 0x00000000
    #
    # If you would like to submit a bug report, please visit:
    # https://bugreport.java.com/bugreport/crash.jsp
    #

    --------------- T H R E A D ---------------

    Current thread (0x0aabd000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=4628]

    siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

    Registers:
    EAX=0x0a2722d8, EBX=0x0a28c898, ECX=0x0a28c898, EDX=0x00000201
    ESP=0x0af8f958, EBP=0x0b7b2c70, ESI=0x0b7b2c70, EDI=0x7c8111da
    EIP=0x00000000, EFLAGS=0x00010246

    Top of Stack: (sp=0x0af8f958)
    0x0af8f958: 6d0fdcb6 00000201 00000001 006400fc
    0x0af8f968: 0a28c898 6d0f8b9e 0b7b2c70 00000000
    0x0af8f978: 00000000 00009808 6d1049c9 0b7b2c70
    0x0af8f988: 00000000 0af8fa54 00090894 0af8f9ec
    0x0af8f998: 00000000 00000001 00090894 00000000
    0x0af8f9a8: 0af8f99c 00000000 0aabd0e8 0af8f9e0
    0x0af8f9b8: 6d13cee8 00000000 6d0fbe08 00009808
    0x0af8f9c8: 00000000 0b7b2c70 0af8fa54 6d0fbdb0

    Instructions: (pc=0x00000000)
    0xfffffff0:

    Stack: [0x0ae90000,0x0af90000), sp=0x0af8f958, free space=1022k
    Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
    j sun.awt.windows.WToolkit.eventLoop()V+0
    j sun.awt.windows.WToolkit.run()V+69
    j java.lang.Thread.run()V+11
    v ~StubRoutines::call_stub

    --------------- P R O C E S S ---------------

    Java Threads: ( => current thread )
    0x0ac03400 JavaThread "Thread-39" [_thread_blocked, id=5084]
    0x0a271000 JavaThread "Thread-38" [_thread_in_native, id=1276]
    0x0b6a6800 JavaThread "Thread-28" [_thread_blocked, id=5760]
    0x0ab0e000 JavaThread "AWT-EventQueue-4" [_thread_blocked, id=5212]
    0x0a26c400 JavaThread "thread applet-y.vmd.0" [_thread_blocked, id=5200]
    0x0098a000 JavaThread "Thread-14" [_thread_in_native, id=3316]
    0x0ab03400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4572]
    0x0ab02800 JavaThread "AWT-Shutdown" [_thread_blocked, id=4568]
    0x0aada800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=552]
    0x0aacf400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=4012]
    =>0x0aabd000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4628]
    0x0aab9800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4620]
    0x0a21f000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=4612]
    0x0a21a400 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4608]
    0x0a219000 JavaThread "Attach Listener" daemon [_thread_blocked, id=4604]
    0x0a218400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=4600]
    0x0a207000 JavaThread "Finalizer" daemon [_thread_blocked, id=4596]
    0x0a206000 JavaThread "Reference Handler" daemon [_thread_blocked, id=4592]

    Other Threads:
    0x0a203000 VMThread [id=4588]
    0x0a220800 WatcherThread [id=2356]

    VM state:not at safepoint (normal execution)

    VM Mutex/Monitor currently owned by a thread: None

    Heap
    def new generation total 1152K, used 151K [0x10980000, 0x10ac0000, 0x110e0000)
    eden space 1024K, 14% used [0x10980000, 0x109a5e48, 0x10a80000)
    from space 128K, 0% used [0x10aa0000, 0x10aa0000, 0x10ac0000)
    to space 128K, 0% used [0x10a80000, 0x10a80000, 0x10aa0000)
    tenured generation total 14404K, used 8610K [0x110e0000, 0x11ef1000, 0x16980000)
    the space 14404K, 59% used [0x110e0000, 0x119489a8, 0x11948a00, 0x11ef1000)
    compacting perm gen total 12288K, used 9904K [0x16980000, 0x17580000, 0x1a980000)
    the space 12288K, 80% used [0x16980000, 0x1732c390, 0x1732c400, 0x17580000)
    No shared spaces configured.

    Dynamic libraries:
    0x00400000 - 0x0049b000 C:\Program Files\Internet Explorer\iexplore.exe
    0x7c910000 - 0x7c9c7000 C:\WINDOWS\system32\ntdll.dll
    0x7c800000 - 0x7c905000 C:\WINDOWS\system32\kernel32.dll
    0x77da0000 - 0x77e4c000 C:\WINDOWS\system32\ADVAPI32.dll
    0x77e50000 - 0x77ee2000 C:\WINDOWS\system32\RPCRT4.dll
    0x77fc0000 - 0x77fd1000 C:\WINDOWS\system32\Secur32.dll
    0x77ef0000 - 0x77f37000 C:\WINDOWS\system32\GDI32.dll
    0x7e390000 - 0x7e420000 C:\WINDOWS\system32\USER32.dll
    0x77be0000 - 0x77c38000 C:\WINDOWS\system32\msvcrt.dll
    0x77f40000 - 0x77fb6000 C:\WINDOWS\system32\SHLWAPI.dll
    0x7c9d0000 - 0x7d1f5000 C:\WINDOWS\system32\SHELL32.dll
    0x774a0000 - 0x775dd000 C:\WINDOWS\system32\ole32.dll
    0x44160000 - 0x44284000 C:\WINDOWS\system32\urlmon.dll
    0x770e0000 - 0x7716b000 C:\WINDOWS\system32\OLEAUT32.dll
    0x43e00000 - 0x43e45000 C:\WINDOWS\system32\iertutil.dll
    0x77bd0000 - 0x77bd8000 C:\WINDOWS\system32\VERSION.dll
    0x76320000 - 0x7633d000 C:\WINDOWS\system32\IMM32.DLL
    0x77390000 - 0x77493000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    0x58b50000 - 0x58bea000 C:\WINDOWS\system32\comctl32.dll
    0x5a000000 - 0x5a01e000 C:\Program Files\Spyware Doctor\klg.dat
    0x44360000 - 0x4492b000 C:\WINDOWS\system32\IEFRAME.dll
    0x76ba0000 - 0x76bab000 C:\WINDOWS\system32\PSAPI.DLL
    0x5b090000 - 0x5b0c8000 C:\WINDOWS\system32\UxTheme.dll
    0x74690000 - 0x746db000 C:\WINDOWS\system32\MSCTF.dll
    0x10000000 - 0x10009000 C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    0x7c360000 - 0x7c3b6000 C:\Program Files\Macrogaming\SweetIM\MSVCR71.dll
    0x00990000 - 0x00996000 C:\WINDOWS\TEMP\IadHide5.dll
    0x20000000 - 0x202da000 C:\WINDOWS\system32\xpsp2res.dll
    0x75140000 - 0x7516e000 C:\WINDOWS\system32\msctfime.ime
    0x5dff0000 - 0x5e01f000 C:\WINDOWS\system32\IEUI.dll
    0x76310000 - 0x76315000 C:\WINDOWS\system32\MSIMG32.dll
    0x4eb80000 - 0x4ed23000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
    0x47060000 - 0x47081000 C:\WINDOWS\system32\xmllite.dll
    0x77b50000 - 0x77b72000 C:\WINDOWS\system32\apphelp.dll
    0x76f80000 - 0x76fff000 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 - 0x770d4000 C:\WINDOWS\system32\COMRes.dll
    0x74660000 - 0x7468a000 C:\WINDOWS\System32\msimtf.dll
    0x765b0000 - 0x76606000 C:\WINDOWS\System32\cscui.dll
    0x76590000 - 0x765ad000 C:\WINDOWS\System32\CSCDLL.dll
    0x778e0000 - 0x779d8000 C:\WINDOWS\system32\SETUPAPI.dll
    0x32520000 - 0x32532000 C:\Program Files\Microsoft Office\Office10\msohev.dll
    0x61930000 - 0x6197a000 C:\Program Files\Internet Explorer\ieproxy.dll
    0x7d200000 - 0x7d4be000 C:\WINDOWS\system32\msi.dll
    0x77210000 - 0x772c1000 C:\WINDOWS\system32\SXS.DLL
    0x44080000 - 0x4414f000 C:\WINDOWS\system32\WININET.dll
    0x01450000 - 0x01459000 C:\WINDOWS\system32\Normaliz.dll
    0x75d30000 - 0x75dc1000 C:\WINDOWS\system32\MLANG.dll
    0x719f0000 - 0x71a07000 C:\WINDOWS\system32\ws2_32.dll
    0x719e0000 - 0x719e8000 C:\WINDOWS\system32\WS2HELP.dll
    0x64840000 - 0x648bb000 C:\Program Files\Windows Live Toolbar\msntb.dll
    0x779e0000 - 0x77a76000 C:\WINDOWS\system32\CRYPT32.dll
    0x77a80000 - 0x77a92000 C:\WINDOWS\system32\MSASN1.dll
    0x76960000 - 0x76a15000 C:\WINDOWS\system32\USERENV.dll
    0x76be0000 - 0x76c0e000 C:\WINDOWS\system32\WINTRUST.dll
    0x76c40000 - 0x76c68000 C:\WINDOWS\system32\IMAGEHLP.dll
    0x748f0000 - 0x74a03000 C:\WINDOWS\System32\msxml3.dll
    0x02150000 - 0x02156000 C:\Program Files\Windows Live Toolbar\fr-be\mtbres.dll.mui
    0x02810000 - 0x02819000 C:\Program Files\Windows Live Toolbar\mtbres.dll
    0x64770000 - 0x647dd000 C:\Program Files\Windows Live Toolbar\Tem.dll
    0x02940000 - 0x0297b000 C:\Program Files\Windows Live Toolbar\fr-be\CMRes.dll.mui
    0x02980000 - 0x02984000 C:\Program Files\Windows Live Toolbar\CMRes.dll
    0x02990000 - 0x02992000 C:\Program Files\Windows Live Toolbar\fr-be\msn_slrs.DLL.mui
    0x029a0000 - 0x029a3000 C:\Program Files\Windows Live Toolbar\msn_slrs.DLL
    0x02ae0000 - 0x02e67000 c:\program files\google\googletoolbar3.dll
    0x76ae0000 - 0x76b0f000 C:\WINDOWS\system32\WINMM.dll
    0x71a10000 - 0x71a1a000 C:\WINDOWS\system32\WSOCK32.dll
    0x5d3f0000 - 0x5d491000 C:\WINDOWS\system32\DBGHELP.DLL
    0x6fee0000 - 0x6ff34000 C:\WINDOWS\system32\netapi32.dll
    0x76e90000 - 0x76ecc000 C:\WINDOWS\system32\RASAPI32.dll
    0x76e40000 - 0x76e52000 C:\WINDOWS\system32\rasman.dll
    0x76e60000 - 0x76e8f000 C:\WINDOWS\system32\TAPI32.dll
    0x76e30000 - 0x76e3e000 C:\WINDOWS\system32\rtutils.dll
    0x76930000 - 0x76956000 C:\WINDOWS\system32\ntshrui.dll
    0x76ac0000 - 0x76ad1000 C:\WINDOWS\system32\ATL.DLL
    0x72220000 - 0x72225000 C:\WINDOWS\system32\sensapi.dll
    0x71a60000 - 0x71a72000 C:\WINDOWS\system32\MPR.dll
    0x77c40000 - 0x77c63000 C:\WINDOWS\system32\msv1_0.dll
    0x76d10000 - 0x76d29000 C:\WINDOWS\system32\iphlpapi.dll
    0x75ef0000 - 0x75ef7000 C:\WINDOWS\System32\drprov.dll
    0x71b70000 - 0x71b7e000 C:\WINDOWS\System32\ntlanman.dll
    0x71c30000 - 0x71c47000 C:\WINDOWS\System32\NETUI0.dll
    0x71bf0000 - 0x71c30000 C:\WINDOWS\System32\NETUI1.dll
    0x71be0000 - 0x71be7000 C:\WINDOWS\System32\NETRAP.dll
    0x71b50000 - 0x71b63000 C:\WINDOWS\System32\SAMLIB.dll
    0x75f00000 - 0x75f09000 C:\WINDOWS\System32\davclnt.dll
    0x10930000 - 0x10979000 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x75900000 - 0x759f9000 C:\WINDOWS\system32\MSGINA.dll
    0x762f0000 - 0x76300000 C:\WINDOWS\system32\WINSTA.dll
    0x74730000 - 0x7476d000 C:\WINDOWS\system32\ODBC32.dll
    0x76340000 - 0x7638a000 C:\WINDOWS\system32\comdlg32.dll
    0x034d0000 - 0x034e8000 C:\WINDOWS\system32\odbcint.dll
    0x73af0000 - 0x73b04000 C:\WINDOWS\System32\sti.dll
    0x74a50000 - 0x74a57000 C:\WINDOWS\System32\CFGMGR32.dll
    0x035f0000 - 0x0367e000 C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    0x6d7c0000 - 0x6d839000 C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    0x29500000 - 0x29551000 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
    0x27500000 - 0x275c9000 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll
    0x75ed0000 - 0x75ee3000 C:\WINDOWS\system32\cryptnet.dll
    0x76f10000 - 0x76f3d000 C:\WINDOWS\system32\WLDAP32.dll
    0x4d5e0000 - 0x4d638000 C:\WINDOWS\system32\WINHTTP.dll
    0x03890000 - 0x038e4000 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    0x648c0000 - 0x648e6000 C:\Program Files\Windows Live Toolbar\stmain.dll
    0x03920000 - 0x0397b000 C:\Program Files\Windows Live Toolbar\cm.dll
    0x64900000 - 0x64936000 C:\Program Files\Windows Live Toolbar\msn_slps.dll
    0x71990000 - 0x719d0000 C:\WINDOWS\system32\mswsock.dll
    0x62e40000 - 0x62e99000 C:\WINDOWS\system32\hnetcfg.dll
    0x719d0000 - 0x719d8000 C:\WINDOWS\System32\wshtcpip.dll
    0x76f70000 - 0x76f76000 C:\WINDOWS\system32\rasadhlp.dll
    0x76ed0000 - 0x76ef7000 C:\WINDOWS\system32\DNSAPI.dll
    0x71ca0000 - 0x71cbc000 C:\WINDOWS\system32\actxprxy.dll
    0x44a40000 - 0x44db1000 C:\WINDOWS\system32\mshtml.dll
    0x04540000 - 0x04569000 C:\WINDOWS\system32\msls31.dll
    0x449d0000 - 0x44a30000 C:\WINDOWS\system32\ieapfltr.dll
    0x77650000 - 0x77671000 C:\WINDOWS\system32\NTMARTA.DLL
    0x63380000 - 0x633f8000 C:\WINDOWS\System32\jscript.dll
    0x58760000 - 0x58792000 C:\WINDOWS\system32\iepeers.dll
    0x72f50000 - 0x72f76000 C:\WINDOWS\system32\WINSPOOL.DRV
    0x44000000 - 0x44077000 C:\WINDOWS\system32\mshtmled.dll
    0x73300000 - 0x73365000 C:\WINDOWS\System32\vbscript.dll
    0x30000000 - 0x302ef000 C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
    0x72c70000 - 0x72c79000 C:\WINDOWS\system32\wdmaud.drv
    0x72c60000 - 0x72c68000 C:\WINDOWS\system32\msacm32.drv
    0x77bb0000 - 0x77bc5000 C:\WINDOWS\system32\MSACM32.dll
    0x77ba0000 - 0x77ba7000 C:\WINDOWS\system32\midimap.dll
    0x76790000 - 0x767b7000 C:\WINDOWS\system32\schannel.dll
    0x6d8f0000 - 0x6d8fa000 C:\WINDOWS\System32\ddrawex.dll
    0x736b0000 - 0x736f9000 C:\WINDOWS\System32\DDRAW.dll

    VM Arguments:
    jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_01 -Djavaplugin.nodotversion=160_01 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE16~1.0_0 -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE16~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_01 -Djavaplugin.nodotversion=160_01 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE16~1.0_0
    java_command: <unknown>
    Launcher Type: generic

    Environment Variables:
    PATH=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Ahead\Lib\;.
    USERNAME=joosten
    OS=Windows_NT
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD

    --------------- S Y S T E M ---------------

    OS: Windows XP Build 2600 Service Pack 2

    CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, mmxext, 3dnowext, 3dnow

    Memory: 4k page, physical 982384k(412404k free), swap 2271708k(1398128k free)

    vm_info: Java HotSpot(TM) Client VM (1.6.0_01-b06) for windows-x86, built on Mar 14 2007 00:24:02 by "java_re" with unknown MS VC++:1310
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    ce que tu m'as envoyé n'a rien à voir avec ce que j'ai demandé.

    Fais exactement ce qui est demandé. Si tu as un problème, indique où le plus précisément possible.
    0
  4. sylvianesteevy
     
    J'ai tout recommencé mais la procédure est modifiée pour l'installation de hijackthis mais j'obtiens un rapport dans le bloc note.Je te l'envoie ci -après. A bientôt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:21:29, on 2/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Dial-Messenger\Dial-Messenger.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [GbpSvc] C:\Arquivos de programas\GbpSvc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dial-Messenger.lnk = C:\Program Files\Dial-Messenger\Dial-Messenger.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O24 - Desktop Component 0: (no name) - http://static.v4.skyrock.com/js/blog.js?2007062521
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    ça, c'est bien le rapport Hijackthis attendu.

    le rapport de GenProc ? (ne cherche pas à faire ce qu'il dit, envoie le rapport);
    0