Trojan vundo siou plaît
Résolu
comprendpô
-
comprendpô -
comprendpô -
Bonsoir à toute la communauté,
Voici, à en croire mes recherches sur le net, une saleté qui donne du fil à retordre à des modestes utilisateurs informatiques comme moi : un trojan malicieux : VIRTUMONDE
Je n'arrive pas à en venir à bout !
Je tourne avec winXp sp2, AMD dual core 4200+, Kaspersky, firewall windows et navigateur firefox.
Tentatives : ccleaner, spybot, superantispyware et sacn kasper : RIEN!
J'ai essayé les méthodes préconisées mais Vundofix ne trouve rien à "remove" même en mode sans échec et même bilan pour virtumondedobegone et combofix;
Voici mon rapport Hijack (en ayant renommer le fichier exe) :
Je n'y connait rien mais je ne trouve pas les paires 02/20 dont parle cet homme la http://mickael.barroux.free.fr/securite/vundo.php
mais kaspersky me detecte bien la bestiole ne veut pas désinfecter;
Merci aux âmes charitables qui prendront le temps de m'aider dans ma quête !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:54, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\Program Files\Search Settings\SearchSettings.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProTray.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\eMule\emule.exe
G:\WINDOWS\system32\dllhost.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\VLC\vlc.exe
G:\HijackThis\bouh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
Configuration: Windows XP
Firefox 2.0.0.12
Configuration: Windows XP
Firefox 2.0.0.12
Voici, à en croire mes recherches sur le net, une saleté qui donne du fil à retordre à des modestes utilisateurs informatiques comme moi : un trojan malicieux : VIRTUMONDE
Je n'arrive pas à en venir à bout !
Je tourne avec winXp sp2, AMD dual core 4200+, Kaspersky, firewall windows et navigateur firefox.
Tentatives : ccleaner, spybot, superantispyware et sacn kasper : RIEN!
J'ai essayé les méthodes préconisées mais Vundofix ne trouve rien à "remove" même en mode sans échec et même bilan pour virtumondedobegone et combofix;
Voici mon rapport Hijack (en ayant renommer le fichier exe) :
Je n'y connait rien mais je ne trouve pas les paires 02/20 dont parle cet homme la http://mickael.barroux.free.fr/securite/vundo.php
mais kaspersky me detecte bien la bestiole ne veut pas désinfecter;
Merci aux âmes charitables qui prendront le temps de m'aider dans ma quête !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:54, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\Program Files\Search Settings\SearchSettings.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProTray.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\eMule\emule.exe
G:\WINDOWS\system32\dllhost.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\VLC\vlc.exe
G:\HijackThis\bouh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
Configuration: Windows XP
Firefox 2.0.0.12
Configuration: Windows XP
Firefox 2.0.0.12
A voir également:
- Trojan vundo siou plaît
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
6 réponses
Salut !
on commence par ceci stp !
Télécharge BTFix 1.017 (de bibi26)
* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse !
on commence par ceci stp !
Télécharge BTFix 1.017 (de bibi26)
* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse !
on continue ......
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse avec un nouveau rapport Hijackthis.
To be continued...............
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse avec un nouveau rapport Hijackthis.
To be continued...............
Bon après un petit moment de panique et de redémarrage, voici les rapports :
BTFix 1.080 (par bibi26) - 26/02/2008 23:01:53 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
---> Analyse terminée
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:12, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProTray.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
BTFix 1.080 (par bibi26) - 26/02/2008 23:01:53 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
---> Analyse terminée
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:12, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Norton Ghost\Agent\VProTray.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
voili voilou
c'est mieux? ---> rien a bougé loll ;-P
BTfix n'a rien supprimé !
Double clique sur BTFix.exe.
Clique sur Nettoyer.
ps) tu n'est pas mieux protégé avec 2 Antivirus !!!!! au contraire..... ça génère un conflit entre eux.....
Garde Kapersky ( très bon ) vire norton...
Pour virer Norton <<<
execute cet utilitaire de désinstalation...
Fais ces manips dans l'ordre stp !
1) vire norton
2) BTFIX
3) Hijackthis
@ pluche
c'est mieux? ---> rien a bougé loll ;-P
BTfix n'a rien supprimé !
Double clique sur BTFix.exe.
Clique sur Nettoyer.
ps) tu n'est pas mieux protégé avec 2 Antivirus !!!!! au contraire..... ça génère un conflit entre eux.....
Garde Kapersky ( très bon ) vire norton...
Pour virer Norton <<<
execute cet utilitaire de désinstalation...
Fais ces manips dans l'ordre stp !
1) vire norton
2) BTFIX
3) Hijackthis
@ pluche
Toujours rien du cote BTfix apparemment :
BTFix 1.080 (par bibi26) - 26/02/2008 23:49:19 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
---> Analyse terminée
Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:09, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
BTFix 1.080 (par bibi26) - 26/02/2008 23:49:19 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
---> Analyse terminée
Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:09, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Spybot\TeaTimer.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {BF1404E5-8DD3-4128-850B-3CCAA9F74244} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci pour la voie de recherche, je viens de mettre à jour spybot et desactiver le teatimer, j'ai lancé la recherche de mouchards mais rien trouvé !!
Antisuperspyware trouve rien non plus, suis encore infesté?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:46, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
Antisuperspyware trouve rien non plus, suis encore infesté?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:46, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Audio Deck\EnMixCPL.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
G:\Program Files\Prodipe\PVE\PVE_GMMode.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Logitech\SetPoint\KEM.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\CCM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcpratique.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0487b2ca-552e-4a7d-9f9d-efb0dd744147} - (no file)
O2 - BHO: (no name) - {1AD7ABE4-84D1-4B80-A939-9D06C0BF5FFA} - (no file)
O2 - BHO: (no name) - {2B4357E9-476F-403A-B1A2-BD9E661CC50C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5CDE9161-DF09-497E-B741-5D53351DEE80} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {969C29C4-3F0C-4316-B25C-E017AECBDD36} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2B2F6FE-A746-4BB9-B4E6-FC77827121FF} - (no file)
O2 - BHO: (no name) - {BC46AD90-791B-4DBB-9D8F-0DBC3CF15DE8} - (no file)
O2 - BHO: (no name) - {C75927FD-A8C9-4340-B7A8-CB26DF8A0973} - (no file)
O2 - BHO: (no name) - {C9514C5B-0FFA-42B4-B9A6-06D7227641D2} - (no file)
O2 - BHO: (no name) - {E5772466-85BC-4364-B207-00D588BDAE38} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] G:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] G:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] G:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FIREBOX] G:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [H2O] G:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PVE] "G:\Program Files\Prodipe\PVE\PVE_GMMode.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] G:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clavier+] G:\Documents and Settings\Administrateur\Bureau\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcpratique.net
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcby - hggdcby.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
Tu nous prends pour quoi là ??
http://www.commentcamarche.net/forum/affich 5203538 vundo insupressible#0
http://www.commentcamarche.net/forum/affich 5205476 avis rapport hijack#0
http://www.commentcamarche.net/forum/affich 5204006 trojan vundo siou plait#0
http://www.commentcamarche.net/forum/affich 5206124 suis je infeste#0
http://www.commentcamarche.net/forum/affich 5206069 qu en pensez vous#0
tetraplon.....
http://www.commentcamarche.net/forum/affich 5203538 vundo insupressible#0
http://www.commentcamarche.net/forum/affich 5205476 avis rapport hijack#0
http://www.commentcamarche.net/forum/affich 5204006 trojan vundo siou plait#0
http://www.commentcamarche.net/forum/affich 5206124 suis je infeste#0
http://www.commentcamarche.net/forum/affich 5206069 qu en pensez vous#0
tetraplon.....
BTFix 1.080 (par bibi26) - 26/02/2008 22:39:32 - Analyse
Lancé depuis G:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- [Heuristique : Search Settings] G:\WINDOWS\Installer\25bf52.msi
- G:\WINDOWS\Installer\{90529245-9C54-45B5-BBB3-B180CA04F248}\
- G:\Program Files\Search Settings\
- G:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\
- G:\Documents and Settings\Administrateur\Application Data\Search Settings\
---> Analyse terminée
Ca te parles?