Analyser mon log Hijack This

**MARVEL** ~Malicia~ Messages postés 9 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

Depuis un mois environ, lorsque je fais une recherche sur google, je suis restransférer sur search-daily.com dès que je clique sur un lien..

Pourriez-vous analyser mon log HijackThise?

De plus, j'ai analysé mon pc avec Trand Micro et celui-ci a detecté TROJ_AGENT.AEU situé dans
Windows\system32\cnetcf.dll, mais je n'arrive pas à le supprimer.

Merci de votre aide!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:36, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsb6.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C19B2053-7DB1-4383-BD08-43E5F358732C} - C:\WINDOWS\system32\cnetcf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

--
End of file - 8970 bytes

7 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  2. **MARVEL** ~Malicia~ Messages postés 9 Statut Membre
     
    Voila le rapport de ComboFix:

    ComboFix 08-01-10.2 - Dju 2008-01-10 18:56:29.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.373 [GMT 1:00]
    Running from: C:\Documents and Settings\Dju\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Hélène\Application Data\macromedia\Flash Player\#SharedObjects\4ESCD4TU\iforex.com
    C:\Documents and Settings\Hélène\Application Data\macromedia\Flash Player\#SharedObjects\4ESCD4TU\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Hélène\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Hélène\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\WINDOWS\system32\gzmrt.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-10 18:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-10 18:00 . 2008-01-10 18:00 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-08 22:16 . 2008-01-10 17:39 <REP> d-------- C:\Documents and Settings\Dju\.housecall6.6
    2008-01-05 21:14 . 2008-01-05 21:14 <REP> d-------- C:\WINDOWS\nview
    2008-01-05 21:14 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-01-05 21:14 . 2008-01-05 21:17 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-01-05 21:14 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2007-12-27 15:40 . 2008-01-10 15:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-27 15:40 . 2007-12-27 15:40 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-27 15:39 . 2007-12-27 15:39 <REP> d-------- C:\Program Files\iTunes
    2007-12-27 15:37 . 2007-12-27 15:37 <REP> d-------- C:\Program Files\QuickTime
    2007-12-27 15:29 . 2007-12-27 15:29 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-25 10:57 . 2007-12-25 10:57 <REP> d-------- C:\Program Files\Razer
    2007-12-25 10:57 . 2001-01-04 10:12 162,900 --------- C:\WINDOWS\system32\drivers\USBICP.sys
    2007-12-25 10:57 . 2005-07-22 15:01 69,632 --a------ C:\WINDOWS\system32\razer.cpl
    2007-12-25 10:57 . 2005-08-12 10:11 19,020 --a------ C:\WINDOWS\system32\drivers\Razerlow.sys
    2007-12-25 10:56 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-12-25 10:56 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-12-25 10:56 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-12-25 10:56 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-12-18 15:46 . 2007-12-18 15:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
    2007-12-15 17:20 . 19,456 C:\WINDOWS\system32\drivers\xigfmetr.dat
    2007-12-15 17:18 . 2003-07-22 17:31 84,992 --a------ C:\WINDOWS\system32\cnetcf.dll
    2007-12-15 09:37 . 2007-12-20 17:22 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2007-12-15 09:32 . 2007-12-15 09:34 <REP> d-------- C:\Program Files\Windows Live
    2007-12-13 18:27 . 2007-12-13 18:27 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-12-12 22:52 . 2007-12-12 22:52 <REP> d-------- C:\Documents and Settings\Hélène\Application Data\HP
    2007-12-12 20:26 . 2007-12-12 20:33 <REP> d-------- C:\Documents and Settings\Dju\Application Data\HP
    2007-12-12 20:26 . 2007-12-12 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
    2007-12-12 20:23 . 2007-12-12 20:23 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
    2007-12-12 20:23 . 2007-12-12 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
    2007-12-12 20:20 . 2007-12-12 20:21 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2007-12-12 20:20 . 2007-12-12 20:23 <REP> d-------- C:\Program Files\Fichiers communs\HP
    2007-12-12 20:18 . 2007-12-12 20:18 <REP> d-------- C:\Program Files\Hewlett-Packard
    2007-12-12 20:17 . 2007-12-12 20:17 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-12-12 20:16 . 2006-01-04 10:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
    2007-12-12 20:16 . 2006-04-13 01:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-12-12 20:16 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2007-12-12 20:16 . 2006-04-13 01:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-12-12 20:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-12-12 20:15 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2007-12-12 20:15 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2007-12-12 20:15 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2007-12-12 20:15 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2007-12-12 20:15 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2007-12-12 20:15 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2007-12-12 20:15 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-12-12 20:15 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-12-12 20:14 . 2007-12-12 20:26 <REP> d-------- C:\Program Files\HP
    2007-12-12 20:14 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-12-12 20:14 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-12-12 20:10 . 2007-12-12 20:29 128,557 --a------ C:\WINDOWS\hpoins11.dat
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 22:31 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2008-01-09 22:15 --------- d-----w C:\Documents and Settings\Dju\Application Data\teamspeak2
    2008-01-08 16:35 --------- d-----w C:\Documents and Settings\Dju\Application Data\LimeWire
    2008-01-05 20:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-27 16:04 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-27 14:39 --------- d-----w C:\Program Files\iPod
    2007-12-25 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-22 20:45 --------- d-----w C:\Program Files\adslTV
    2007-12-15 08:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-15 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-14 23:44 --------- d-----w C:\Program Files\HLSW
    2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
    2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
    2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
    2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
    2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
    2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
    2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
    2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
    2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-18 15:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    C:\WINDOWS\system32\nsb6.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19B2053-7DB1-4383-BD08-43E5F358732C}]
    2003-07-22 17:31 84992 --a------ C:\WINDOWS\system32\cnetcf.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {41C29B07-6F91-4966-91BE-2E2841643C83}

    [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 08:54 68856]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 17:35 1266936]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-31 17:21 177416]
    "AS00_Gear311T"="C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-05-12 13:21 458752]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 16:27 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

    R0 jovcgczs;jovcgczs;C:\WINDOWS\system32\drivers\xigfmetr.dat []
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 21:05]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16:43]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
    S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-03-08 15:12]
    S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-31 17:21]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 21:05]
    S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-27 14:29:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-06-20 09:12:50 C:\WINDOWS\Tasks\CAAntiSpywareScan_Quotidien en tant que Hélène à 11 12.job"
    - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 19:00:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-10 19:00:42
    ComboFix-quarantined-files.txt 2008-01-10 18:00:40
    .
    2008-01-09 14:06:40 --- E O F ---

    Merci pour votre aide ^^
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  4. **MARVEL** ~Malicia~ Messages postés 9 Statut Membre
     
    Report.txt

    SDFix: Version 1.125

    Run by Dju on 10/01/2008 at 20:02

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Dju\Bureau\SDFIX\SDFix

    Safe Mode:
    Checking Services:

    Name:
    jovcgczs

    Path:
    system32\drivers\xigfmetr.dat

    jovcgczs - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Service jovcgczs - Deleted after Reboot

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\drivers\xigfmetr.dat - Deleted
    C:\WINDOWS\SYSTEM32\CNETCF.DLL - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 20:11:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 220

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Dju\Bureau\SDFIX\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 29 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sun 23 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Finished!

    Log Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:18:20, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\program files\valve\steam\steam.exe
    C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsb6.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  7. **MARVEL** ~Malicia~ Messages postés 9 Statut Membre
     
    <gras>Rapport AVG Anti-Spyware
    --------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:35:11 10/01/2008

    + Résultat de l'analyse:

    C:\Documents and Settings\Hélène\Local Settings\Temporary Internet Files\Content.IE5\09EF0L2N\gnida[1].swf -> Downloader.Gida.a : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{9EC9F6F4-1434-4634-804B-91CD7DF55E59}\RP159\A0045342.dll -> Not-A-Virus.Adware.Agent : Ignoré.
    C:\Documents and Settings\Hélène\Cookies\hélène@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@rotator.its.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
    C:\Documents and Settings\Dju\Cookies\dju@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Dju\Cookies\dju@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\Hélène\Cookies\hélène@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\Documents and Settings\Dju\Bureau\SDFIX\SDFix\backups\backups.zip/backups/cnetcf.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Dju\Bureau\catchme.zip/CNETCF.DLL -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{9EC9F6F4-1434-4634-804B-91CD7DF55E59}\RP160\A0045376.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{9EC9F6F4-1434-4634-804B-91CD7DF55E59}\RP160\A0045382.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport


    Rapport BitDefender


    BitDefender Online Scanner

    Scan report generated at: Thu, Jan 10, 2008 - 23:20:36

    Scan path: A:\;C:\;D:\;E:\;G:\;

    Statistics

    Time
    00:42:45

    Files
    225349

    Folders
    5702

    Boot Sectors
    4

    Archives
    2110

    Packed Files
    17923

    Results

    Identified Viruses
    1

    Infected Files
    1

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    2

    Engines Info

    Virus Definitions
    887973

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\Dju\.housecall6.6\Quarantine\cnetcf.dll.bac_a02052=>(Quarantine-4)
    Infected with: Trojan.Spy.Bzub.NGP

    C:\Documents and Settings\Dju\.housecall6.6\Quarantine\cnetcf.dll.bac_a02052=>(Quarantine-4)
    Disinfection failed

    C:\Documents and Settings\Dju\.housecall6.6\Quarantine\cnetcf.dll.bac_a02052=>(Quarantine-4)
    Deleted

    Rapport HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:28:02, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

    driver::

    jovcgczs
    xigfmetr

    File::

    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\nsb6.dll
    C:\WINDOWS\system32\cnetcf.dll
    C:\WINDOWS\system32\drivers\xigfmetr.dat
    C:\WINDOWS\system32\rightonadz-uninst.exe
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    C:\WINDOWS\system32\drivers\xigfmetr.dat
    C:\Documents and Settings\Dju\.housecall6.6

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19B2053-7DB1-4383-BD08-43E5F358732C}]
    [-HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
    [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
    [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]


    ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Dans la fenêtre qui suit, choisie l'option 1 puis valide
    Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
    A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

    avec un nouveau hijack
    0