Sujet Précédent Sujet Suivant

Besoin d'aide Hijackthis !

cbiloute Messages postés 40 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour à tous,

Voila depuis quelques jours mon antivirus (avast) à detecté des trojans dans mon o/s (winxp pro).
Mais le souci c'est qu' est incapable de les suppimer ! :(

Alors j ai fais une analyse avec Ad-aware qui lui aussi me trouve les trojans et en désinstalle une partie !
Le souci c'est que j'ai l impression que le trojans reviennent. :(

J'ai alors procedé à un scan en ligne via bitdefender celui-ci a supprimé 3 infections sur 4 mais il me semble que c ne soit pas suffisant !

Alors j'ai décidé de faire un Hijack pour voire les elements à supprimer mais je ne sais pas comment faire !

J'ai donc besoin de votre aide pour irradiquer définitivement ces #&@=(è_#@ de virus !

Voici le rapport Hijackthis ! 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:38, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mogfovwm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Wireless 11bg Network Utility\WLService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless 11bg Network Utility\WLanCfgAG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
H:\Eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\vtutspn.dll
O2 - BHO: {0df12721-51dd-ae8a-3094-47126de19024} - {42091ed6-2174-4903-a8ea-dd1512721fd0} - C:\WINDOWS\system32\jegrhnna.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8A7BA52D-5421-4EB9-86B9-DDE543C3D6E7} - C:\WINDOWS\system32\pmnnn.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [1085be27] rundll32.exe "C:\WINDOWS\system32\llwvhgiy.dll",b
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: vtutspn - C:\WINDOWS\SYSTEM32\vtutspn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService -   - C:\WINDOWS\system32\mogfovwm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Wireless 11abg ComboCard (WPIA-112AG Service) - Unknown owner - C:\Program Files\Wireless 11bg Network Utility\WLService.exe

--
End of file - 8067 bytes


Merci pour votre aide !

Cordialement,
Cbiloute. ;)
A voir également:

9 réponses

Réponse 1 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

évite de mettre les rapport en bleu stp, ce n'est pas très lisible ;-)

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 2 / 9
cbiloute Messages postés 40 Statut Membre 2
 
Bonjour Green day ;) ,

Et merci pour ta réponse !

Voici le rapport de vundofix comme tu me l'as demandé :

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.11

Scan started at 23:01:38 08/12/2007

Listing files found while scanning....

C:\windows\system32\aickkaua.exe
C:\windows\system32\apngiier.dll
C:\windows\system32\nehihnsc.dll
C:\windows\system32\nqaquymr.dll
C:\windows\system32\wguaiicu.dll

Beginning removal...

Attempting to delete C:\windows\system32\aickkaua.exe
C:\windows\system32\aickkaua.exe Has been deleted!

Attempting to delete C:\windows\system32\apngiier.dll
C:\windows\system32\apngiier.dll Has been deleted!

Attempting to delete C:\windows\system32\nehihnsc.dll
C:\windows\system32\nehihnsc.dll Has been deleted!

Attempting to delete C:\windows\system32\nqaquymr.dll
C:\windows\system32\nqaquymr.dll Has been deleted!

Attempting to delete C:\windows\system32\wguaiicu.dll
C:\windows\system32\wguaiicu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et là un nouveau rapport d'hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:45, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mogfovwm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Wireless 11bg Network Utility\WLService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Wireless 11bg Network Utility\WLanCfgAG.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
H:\Eden.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\vtutspn.dll
O2 - BHO: {0df12721-51dd-ae8a-3094-47126de19024} - {42091ed6-2174-4903-a8ea-dd1512721fd0} - C:\WINDOWS\system32\jegrhnna.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {E4C31FED-00A5-4DA3-819C-461659417759} - C:\WINDOWS\system32\pmnnn.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [1085be27] rundll32.exe "C:\WINDOWS\system32\wteubcvd.dll",b
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: vtutspn - C:\WINDOWS\SYSTEM32\vtutspn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\mogfovwm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Wireless 11abg ComboCard (WPIA-112AG Service) - Unknown owner - C:\Program Files\Wireless 11bg Network Utility\WLService.exe
0
Réponse 3 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ce n'est pas encore fini :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 4 / 9
cbiloute Messages postés 40 Statut Membre 2
 
Bonjour et merci Green day ;-) ,

Voici le rapport de Combofix :

ComboFix 07-12-09.1 - Stéphane 2007-12-09 10:58:47.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.824 [GMT 1:00]
Running from: C:\Documents and Settings\Stéphane\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dvcbuetw.ini
C:\WINDOWS\system32\eqjixket.dll
C:\WINDOWS\system32\fucgggat.dll
C:\WINDOWS\system32\jegrhnna.dll
C:\WINDOWS\system32\llwvhgiy.dll
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\vtutspn.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wteubcvd.dll
C:\WINDOWS\system32\wuoaahhk.dll
C:\WINDOWS\system32\yighvwll.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 23:01 . 2007-12-08 23:01 <REP> d-------- C:\VundoFix Backups
2007-12-08 14:56 . 2007-12-08 14:56 834,100 ---hs---- C:\WINDOWS\system32\kxmvthpr.ini
2007-12-08 12:18 . 2007-12-08 12:18 <REP> d-------- C:\Program Files\SuperCopier2
2007-12-08 11:42 . 2007-12-08 11:42 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-06 22:24 . 2007-12-06 22:24 74,304 --a------ C:\WINDOWS\system32\yxppjsrw.exe
2007-12-06 18:24 . 2007-12-06 18:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-06 18:24 . 2007-12-06 18:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-06 18:23 . 2007-12-06 18:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-06 18:23 . 2007-12-06 18:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-06 18:21 . 2007-12-06 23:10 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:34 . 2007-12-06 16:34 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2007-12-06 16:34 . 2007-12-06 16:34 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2007-12-05 22:36 . 2007-12-06 22:36 823,851 ---hs---- C:\WINDOWS\system32\giteyetu.ini
2007-12-05 22:27 . 2007-12-05 22:27 74,304 --a------ C:\WINDOWS\system32\mogfovwm.exe
2007-12-05 20:28 . 2007-12-05 20:28 <REP> d-------- C:\Program Files\Windows Desktop Search
2007-12-04 22:00 . 2007-12-05 22:22 796,809 ---hs---- C:\WINDOWS\system32\rjuhjobu.ini
2007-12-04 14:48 . 2007-12-04 11:42 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-03 18:10 . 2007-12-03 18:10 <REP> d-------- C:\Program Files\Lavasoft
2007-12-03 18:10 . 2007-12-03 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-03 18:09 . 2007-12-03 18:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-02 21:35 . 2007-12-04 21:57 796,689 ---hs---- C:\WINDOWS\system32\xeaoextf.ini
2007-12-01 13:23 . 2007-12-01 13:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-01 12:29 . 2007-12-01 12:29 <REP> d-------- C:\Program Files\EA Sports
2007-12-01 11:15 . 2007-12-01 12:16 <REP> d-------- C:\Program Files\EA Sports(2)
2007-12-01 00:55 . 2007-12-01 00:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-12-01 00:55 . 2007-12-01 00:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2007-11-30 19:28 . 2007-12-09 11:06 <REP> d-------- C:\Program Files\UltimateZip 2007
2007-11-30 18:53 . 2007-11-30 18:53 <REP> d-------- C:\Program Files\Belarc
2007-11-30 18:53 . 2005-04-07 17:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-11-30 18:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-30 18:25 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-30 18:25 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-30 18:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-30 18:11 . 2007-11-30 18:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-30 18:05 . 2007-11-30 18:07 <REP> d-------- C:\WINDOWS\NV500492.TMP
2007-11-30 18:05 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-30 18:04 . 2007-11-30 18:04 <REP> d-------- C:\NVIDIA
2007-11-30 18:02 . 2007-12-01 12:16 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-30 18:00 . 2007-11-30 18:00 <REP> d-------- C:\Intel
2007-11-30 16:34 . 2007-11-30 16:34 <REP> d-------- C:\Program Files\ma-config.com
2007-11-30 16:33 . 2007-11-30 16:33 <REP> d-------- C:\Program Files\MSXML 6.0
2007-11-30 13:27 . 2007-11-30 13:27 <REP> d-------- C:\Program Files\Alcohol Soft
2007-11-30 13:24 . 2007-11-30 13:24 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-30 12:54 . 2007-11-30 12:54 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-30 12:54 . 2007-11-30 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2007-11-30 12:54 . 2007-12-02 03:02 447 --a------ C:\WINDOWS\system32\mapisvc.inf
2007-11-30 12:52 . 2007-11-30 12:52 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-11-30 12:51 . 2007-11-30 12:51 <REP> d-------- C:\Program Files\Microsoft.NET
2007-11-30 12:50 . 2007-12-02 03:05 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-11-30 12:44 . 2007-11-30 12:44 <REP> d-------- C:\Program Files\Microsoft Works
2007-11-30 12:41 . 2007-11-30 12:44 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-11-30 12:41 . 2007-11-30 12:41 <REP> dr-h----- C:\MSOCache
2007-11-30 12:41 . 2007-12-03 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-29 18:14 . 2007-11-29 18:14 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-11-28 22:07 . 2007-11-28 22:08 <REP> d-------- C:\Program Files\FILE RECOVERY for Windows
2007-11-28 21:25 . 2007-11-28 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-28 21:24 . 2007-11-28 21:25 <REP> d-------- C:\Program Files\Azureus
2007-11-28 21:22 . 2007-11-30 18:15 <REP> d-------- C:\Program Files\Java
2007-11-28 21:22 . 2007-11-28 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-28 19:34 . 2007-11-28 19:34 <REP> d-------- C:\Program Files\VideoLAN
2007-11-28 19:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-27 21:29 . 2007-11-28 01:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-27 21:19 . 2007-11-27 21:19 <REP> d-------- C:\Program Files\Alwil Software
2007-11-27 21:13 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-11-27 21:13 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-27 21:13 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-27 21:13 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-27 21:13 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-27 21:10 . 2007-11-27 21:10 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2007-11-27 20:31 . 2007-11-27 20:31 <REP> d-------- C:\Program Files\Inventel
2007-11-12 06:51 . 2007-11-12 06:51 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll
2007-11-12 06:51 . 2007-11-12 06:51 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2007-11-12 06:51 . 2007-11-12 06:51 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 17:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-03 17:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-27 18:11 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-27 18:11 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-27 18:02 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2007-11-27 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 18:02 --------- d-----w C:\Program Files\Logitech
2007-11-27 18:01 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-27 17:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-11-27 17:57 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-11-27 17:54 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-27 17:54 --------- d-----w C:\Program Files\Wireless 11bg Network Utility
2007-11-27 17:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-27 17:41 --------- d-----w C:\Program Files\Realtek
2007-11-27 17:36 --------- d-----w C:\Program Files\Intel
2007-11-27 17:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-27 17:25 --------- d-----w C:\Program Files\Services en ligne
2007-11-27 17:24 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 08:59 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-04-24 08:20 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 WPIA-112AG Service;Wireless 11abg ComboCard;C:\Program Files\Wireless 11bg Network Utility\WLService.exe
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - GTNDIS5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\itivvjrq1.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 11:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 11:09:05 - machine was rebooted
.
--- E O F ---
Merci pour ton aide !
A+
Cbiloute. ;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, poste un nouveau hijack stp

++
0
Réponse 6 / 9
cbiloute Messages postés 40 Statut Membre 2
 
Bonjour Green day ;),

Voici le rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:19, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Wireless 11bg Network Utility\WLService.exe
C:\Program Files\Wireless 11bg Network Utility\WLanCfgAG.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Eden.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Wireless 11abg ComboCard (WPIA-112AG Service) - Unknown owner - C:\Program Files\Wireless 11bg Network Utility\WLService.exe
0
Réponse 7 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok;

* Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
* Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.bat
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) , posye le stp

++
0
Réponse 8 / 9
cbiloute Messages postés 40 Statut Membre 2
 
Bonjour Green day ;) et merci pour ton aide !

Voici le rapport de Navifix :

Search Navipromo version 3.3.7 commencé le 10/12/2007 à 17:55:10,82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 08.12.2007 à 16h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Stéphane\application data" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Stéphane\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Stéphane\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

*** Analyse terminée le 10/12/2007 à 18:00:36,84 ***

Et là le dernier rapport de hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:48, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Wireless 11bg Network Utility\WLService.exe
C:\Program Files\Wireless 11bg Network Utility\WLanCfgAG.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Eden.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Wireless 11abg ComboCard (WPIA-112AG Service) - Unknown owner - C:\Program Files\Wireless 11bg Network Utility\WLService.exe
0
Réponse 9 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

@+

0

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
Hijackthis log besoin d'aide svp
noname2018 -
noname2018 -

14 réponses
spywar
stephane74 -
stephane74 -

4 réponses
Processus et démarrage
baptcollot -
baptcollot -

4 réponses
Analyse logs hijackthis
embêté -
Utilisateur anonyme -

21 réponses