Trojan Win32/Rustock.Gen!C &co
mimosa
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Là je suis complétement désemparée... infecté par TR/Agent.131072.D.2, j'ai lancé tout ce que j'ai pu pour savoir quoi faire...
un window m'a dit que j'étais infectée par
-PSGuard Desktop Hijacker
- Trojan.Popuper
- Caishow
- Trojan.Dowloader.Zlob.Gen
alors j'ai essaiyé de faire les manips standard: AVG anti spyware, SDFix, et Hijack.... voici le résultat :
et là je sais pas quoi faire
merci
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:06:03 28/01/2008
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Ignoré.
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\WINDOWS\system32\config\systemprofile\Cookies\neil@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\WINDOWS\system32\config\systemprofile\Cookies\neil@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@estat[2].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@fastclick[1].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@hit.gemius[1].txt -> TrackingCookie.Gemius : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ehg-adversitement.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ehg-francetelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@image.masterstats[2].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@data2.perf.overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@sexlist[1].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sexlist[1].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sexlist[2].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@statcounter[1].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@valueclick[1].txt -> TrackingCookie.Valueclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@zedo[2].txt -> TrackingCookie.Zedo : Ignoré.
C:\Program Files\eMedia Codec -> Trojan.Small : Ignoré.
C:\WINDOWS\system32\1024 -> Trojan.Small : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{1ca480cd-c0e5-4548-874e-b85b17905b3a} -> Trojan.Zlob.f : Ignoré.
HKU\S-1-5-21-2968860785-676726402-3001183848-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CA480CD-C0E5-4548-874E-B85B17905B3A} -> Trojan.Zlob.f : Ignoré.
Fin du rapport
SDFix: Version 1.71
Run by Administrateur - 28/01/2008 / 23:25:12,53
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Runtime
Path:
\??\C:\WINDOWS\System32\runtime.sys
Runtime Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
Le fichier spécifié est introuvable.
Final Check:
Remaining Services:
------------------
[COLOR=RED][B]Rootkit PE386 maybe active, Use a Rootkit scanner!/COLOR/B
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Documents and Settings\guest\Application Data\Microsoft\ModŠles\~WRL0005.tmp
C:\Documents and Settings\guest\Application Data\Microsoft\ModŠles\~WRL1760.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL0004.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL0857.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2244.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2729.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2847.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL3419.tmp
C:\Program Files\InterActual\InterActual Player\iti19.tmp
C:\Recherche d'emploi\CIVI\~WRL0005.tmp
C:\RECYCLER\S-1-5-21-2968860785-676726402-3001183848-1007\Dc22\SIV9D.tmp
C:\WINDOWS\Temp\gbd9l6ta.TMP
Finished
Logfile of HijackThis v1.99.1
Scan saved at 23:41:06, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\antivirus\AVAST\aswUpdSv.exe
C:\Program Files\antivirus\AVAST\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\antivirus\AVAST\ashMaiSv.exe
C:\Program Files\antivirus\AVAST\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ANTIVI~1\AVAST\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Magounette\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fmail3.voila.fr%2fwebmail%2ffr_FR%2flogin.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - https://www.emusic.com/?fref=149133 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - https://fr.yahoo.com/?p=us
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1BE0B41-295A-4524-A543-4AF3F74634EF}: NameServer = 212.71.32.19,212.71.32.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\antivirus\AVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\antivirus\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\antivirus\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\antivirus\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
Là je suis complétement désemparée... infecté par TR/Agent.131072.D.2, j'ai lancé tout ce que j'ai pu pour savoir quoi faire...
un window m'a dit que j'étais infectée par
-PSGuard Desktop Hijacker
- Trojan.Popuper
- Caishow
- Trojan.Dowloader.Zlob.Gen
alors j'ai essaiyé de faire les manips standard: AVG anti spyware, SDFix, et Hijack.... voici le résultat :
et là je sais pas quoi faire
merci
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:06:03 28/01/2008
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Ignoré.
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\WINDOWS\system32\config\systemprofile\Cookies\neil@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Magounette\Cookies\magounette@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\WINDOWS\system32\config\systemprofile\Cookies\neil@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@estat[2].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@fastclick[1].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@hit.gemius[1].txt -> TrackingCookie.Gemius : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ehg-adversitement.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ehg-francetelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@image.masterstats[2].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@data2.perf.overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@sexlist[1].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sexlist[1].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sexlist[2].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@sextracker[2].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@statcounter[1].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@valueclick[1].txt -> TrackingCookie.Valueclick : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\guest\Local Settings\Temp\Cookies\guest@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Neil\Cookies\neil@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\guest\Cookies\guest@zedo[2].txt -> TrackingCookie.Zedo : Ignoré.
C:\Program Files\eMedia Codec -> Trojan.Small : Ignoré.
C:\WINDOWS\system32\1024 -> Trojan.Small : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{1ca480cd-c0e5-4548-874e-b85b17905b3a} -> Trojan.Zlob.f : Ignoré.
HKU\S-1-5-21-2968860785-676726402-3001183848-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CA480CD-C0E5-4548-874E-B85B17905B3A} -> Trojan.Zlob.f : Ignoré.
Fin du rapport
SDFix: Version 1.71
Run by Administrateur - 28/01/2008 / 23:25:12,53
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Runtime
Path:
\??\C:\WINDOWS\System32\runtime.sys
Runtime Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
Le fichier spécifié est introuvable.
Final Check:
Remaining Services:
------------------
[COLOR=RED][B]Rootkit PE386 maybe active, Use a Rootkit scanner!/COLOR/B
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Documents and Settings\guest\Application Data\Microsoft\ModŠles\~WRL0005.tmp
C:\Documents and Settings\guest\Application Data\Microsoft\ModŠles\~WRL1760.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL0004.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL0857.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2244.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2729.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL2847.tmp
C:\Documents and Settings\Neil\Application Data\Microsoft\ModŠles\~WRL3419.tmp
C:\Program Files\InterActual\InterActual Player\iti19.tmp
C:\Recherche d'emploi\CIVI\~WRL0005.tmp
C:\RECYCLER\S-1-5-21-2968860785-676726402-3001183848-1007\Dc22\SIV9D.tmp
C:\WINDOWS\Temp\gbd9l6ta.TMP
Finished
Logfile of HijackThis v1.99.1
Scan saved at 23:41:06, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\antivirus\AVAST\aswUpdSv.exe
C:\Program Files\antivirus\AVAST\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\antivirus\AVAST\ashMaiSv.exe
C:\Program Files\antivirus\AVAST\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ANTIVI~1\AVAST\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Magounette\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fmail3.voila.fr%2fwebmail%2ffr_FR%2flogin.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - https://www.emusic.com/?fref=149133 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - https://fr.yahoo.com/?p=us
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1BE0B41-295A-4524-A543-4AF3F74634EF}: NameServer = 212.71.32.19,212.71.32.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\antivirus\AVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\antivirus\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\antivirus\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\antivirus\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
A voir également:
- Trojan Win32/Rustock.Gen!C &co
- Co ent chqnger son clqvier en azerty - Guide
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32:malware-gen ✓ - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Trojan win32 malgent - Forum Virus
1 réponse
Salut,
pouquoi les malwares de AVG ont été ignoré ?
> Relance AVG selon cette méthode :
> Télécharge et installe sur ton PC AVG anti-spyware : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.
> Démarre en mode sans échec : (image). Si problème : tuto ici
> Lance AVG,
- Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <supprimer>.
- Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
- Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
- Fais un copier/coller du rapport généré dans ton prochain poste.
Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
> Ensuite il te faut passer à IE7 pour être bien protégé : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
> Bon il te faut aussi un parefeu :
je te conseille : ZA mais Kerio est très bien si tu veux.
- Télécharge Zone Alarme ici, en cas de problème
- Installe le nouveau pare-feu, puis désactive le pare-feu windows.
> Peux tu reposter un rapport HiJackT stp pour continuer ?
Merci
A+
pouquoi les malwares de AVG ont été ignoré ?
> Relance AVG selon cette méthode :
> Télécharge et installe sur ton PC AVG anti-spyware : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.
> Démarre en mode sans échec : (image). Si problème : tuto ici
> Lance AVG,
- Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <supprimer>.
- Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
- Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
- Fais un copier/coller du rapport généré dans ton prochain poste.
Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
> Ensuite il te faut passer à IE7 pour être bien protégé : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
> Bon il te faut aussi un parefeu :
je te conseille : ZA mais Kerio est très bien si tu veux.
- Télécharge Zone Alarme ici, en cas de problème
- Installe le nouveau pare-feu, puis désactive le pare-feu windows.
> Peux tu reposter un rapport HiJackT stp pour continuer ?
Merci
A+
