Rapport Hijackthis

mariem -  
 mariem -
Salut a tous

Voila ca fait un moment que j'ai un virus "kavoO" sur mon pc j'ai beau le supprimer avec avast il revient toujours.
J'ai fait un rapport hijackthis et un rapport smitFraudFix.
Si quelqu'un peut m'aider ce srait bien gentillll!!!

Logfile of HijackThis v1.99.1
Scan saved at 13:58:45, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

rapport SmitFraudFix

SmitFraudFix v2.300

Rapport fait à 14:03:19,85, 08/03/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A588742-1AFC-4F74-9F4E-456EF40102BE}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8B518BFA-5E7F-4D2A-BB63-28F6F7C64A65}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{950E88CD-147F-45D1-BA59-D704F4C7F4C6}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C47C113D-8A7C-4259-B7CC-326C158CFABC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E74D761C-57C5-45BF-AE47-2D565375ECFF}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA9B4AB1-5252-4A92-BF85-A496A6389721}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0A588742-1AFC-4F74-9F4E-456EF40102BE}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8B518BFA-5E7F-4D2A-BB63-28F6F7C64A65}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{950E88CD-147F-45D1-BA59-D704F4C7F4C6}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C47C113D-8A7C-4259-B7CC-326C158CFABC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E74D761C-57C5-45BF-AE47-2D565375ECFF}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA9B4AB1-5252-4A92-BF85-A496A6389721}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0A588742-1AFC-4F74-9F4E-456EF40102BE}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8B518BFA-5E7F-4D2A-BB63-28F6F7C64A65}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{950E88CD-147F-45D1-BA59-D704F4C7F4C6}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C47C113D-8A7C-4259-B7CC-326C158CFABC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E74D761C-57C5-45BF-AE47-2D565375ECFF}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EA9B4AB1-5252-4A92-BF85-A496A6389721}: DhcpNameServer=85.255.116.123,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Configuration: Windows XP
Firefox 2.0.0.12

4 réponses

  1. chonchon1400GSX Messages postés 1311 Statut Membre 247
     
    essayer cela et reposter un rapport

    http://home.cdl.ch/cw/wp-content/uploads/File/kavo_killer.zip
    0
    1. mariem
       
      Il est pas en francais ton logiciel.Comprend pas comment ca marche!
      T'as pas un autre lien?
      0
      1. mariem > mariem
         
        Alors y a personne qui pourrait m'aider Sivouplé

        En fait le vrai nom du virus c'est : Onlinegames-CIK [Trj]
        0
  2. chonchon1400GSX Messages postés 1311 Statut Membre 247
     
    http://www.commentcamarche.net/forum/affich 4921333 probleme avec le ver kavo exe

    voir les derniers messages cela semble avoir fonctionner en utilisant le tutorial
    0
    1. mariem
       
      Merci chonchon
      J'ai suivi cki étè ecrit voici le rapport combofix suivi du nouveau rapport Hijackthis:

      ComboFix 08-03-07.4 - Compaq_Propriétaire 2008-03-08 14:36:21.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.138 [GMT 1:00]
      Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Autorun.inf
      C:\u.exe
      C:\WINDOWS\pack.epk
      C:\WINDOWS\smdat32m.sys
      C:\WINDOWS\system32\kavo.exe
      C:\WINDOWS\system32\kavo1.dll
      C:\WINDOWS\system32\nvs2.inf
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-08 13:56 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-08 13:56 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-08 13:56 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-08 13:56 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-08 13:56 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-08 13:56 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-08 13:56 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-04 23:39 . 2008-03-04 23:39 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2008-03-04 18:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-03-04 18:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-03-04 18:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-03-01 21:48 . 2008-03-01 21:49 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-01 21:47 . 2008-03-01 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-19 21:09 . 2008-02-25 09:08 81,408 -r-hs---- C:\WINDOWS\system32\tavo1.dll
      2008-02-19 19:48 . 2008-02-19 19:48 1,071 --a------ C:\WINDOWS\AWMODEM.INF
      2008-02-19 14:59 . 2008-02-19 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-02-18 20:16 . 2008-02-19 21:09 115,221 -r-hs---- C:\gqsk.bat
      2008-02-18 20:15 . 2008-03-01 20:36 112,496 -r-hs---- C:\WINDOWS\system32\tavo.exe
      2008-02-18 20:15 . 2008-03-08 12:48 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
      2008-02-11 18:11 . 2007-02-01 18:51 113,049 --------- C:\WINDOWS\hpoins07.dat.temp
      2008-02-11 18:11 . 2005-05-24 07:50 21,124 --------- C:\WINDOWS\hpomdl07.dat.temp
      2008-02-11 18:10 . 2008-02-11 18:10 <REP> d-------- C:\Program Files\Image Zone Express
      2008-02-11 18:10 . 2008-02-11 18:10 71,565 --a------ C:\WINDOWS\hpqins04.dat
      2008-02-11 18:09 . 2005-10-19 15:56 71,505 --------- C:\WINDOWS\hpqins06.dat.temp

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-08 13:03 3,456 ----a-w C:\WINDOWS\system32\tmp.reg
      2008-03-08 12:54 --------- d-----w C:\Program Files\Wanadoo
      2008-03-01 20:50 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-01 20:48 --------- d-----w C:\Program Files\Windows Live
      2008-02-25 08:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-02-19 13:59 --------- d-----w C:\Program Files\Apple Software Update
      2008-02-08 21:55 --------- d-----w C:\Program Files\eMule
      2008-02-07 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
      2007-07-22 11:23 46,096 -c--a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2005-11-23 21:07 553,687 -c--a-w C:\Program Files\RegCleaner.exe
      2005-10-09 20:42 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      2005-05-11 21:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-15 18:42 190024]
      "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 17:34 598920]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
      "Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
      "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
      "tava"="C:\WINDOWS\system32\tavo.exe" [2008-03-01 20:36 112496]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 04:05 339968]
      "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
      "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
      "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54 253952]
      "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23 663552]
      "HP Software Update"="C:\Program Files\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-17 16:00 185896]
      "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
      "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
      "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      C:\Documents and Settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
      PowerReg Scheduler.exe [2006-02-16 01:44:17 256000]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-31 21:25:29 113664]
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
      HP Digital Imaging Monitor.lnk - C:\Program Files\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Fichiers communs\\eMule\\emule.exe"=
      "C:\\Program Files\\MSN Messenger\\MSNP13Downgrader.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "C:\\WINDOWS\\system32\\fxsclnt.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4242:TCP"= 4242:TCP:Emule_TCP
      "4672:UDP"= 4672:UDP:Emule_UDP

      R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-05 19:00]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
      S3 MosSir;MosSir.sys;C:\WINDOWS\system32\DRIVERS\MosSir.sys [2004-12-13 09:12]
      S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
      S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys []
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c249736-eb61-11dc-94c4-0013d32551a7}]
      \Shell\AutoRun\command - nncu6kk.com
      \Shell\explore\Command - nncu6kk.com
      \Shell\open\Command - nncu6kk.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c98b2a31-9de3-11dc-9485-0013d32551a7}]
      \Shell\AutoRun\command - F:\nncu6kk.com
      \Shell\explore\Command - F:\nncu6kk.com
      \Shell\open\Command - F:\nncu6kk.com

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-03-06 20:15:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-03-07 19:26:22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-08 14:39:02
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-08 14:39:58
      ComboFix-quarantined-files.txt 2008-03-08 13:39:43
      .
      2008-03-08 11:59:46 --- E O F ---



      Rapport Hijackthis


      Logfile of HijackThis v1.99.1
      Scan saved at 14:43:01, on 08/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\WINDOWS\ALCXMNTR.EXE
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Digital Imaging\Product Assistant\bin\hprblog.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\HijackThis.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


      La jvais redémarrer mon pc pour voir si avast detecte encore le virus
      0
  3. BENINTLOT Messages postés 12 Statut Membre 3
     
    Bonjour,
    il y a un process qui me plait pas
    C:\WINDOWS\ALCXMNTR.EXE
    pour être sur de savoir à quoi il correspond télécharge process explorer (utilitaire sysinternals racheté par microsoft)
    https://docs.microsoft.com/en-us/
    le but de cette utilitaire c'est d'identifier le fournisseur de ce programme alcxmntr.exe
    si c'est inconnu c'est à effacer
    faire la meme chose avec C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\PAStiSvc.exe

    cette ligne est à effacer car le fichier n'est plus présent
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    ainsi que toutes les lignes avec (file missing).

    ces deux lignes sont très suspectes surtout si ton viris s'appelle KavoO
    O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    tu notes qu'il y a deux lignes , si t'efface le premier , le deuxième prog réinstalle aussitôt le premier et vis versa
    c'est pour ça que t'arrive pas à le supprimer.

    lance ccleaner pour supprimer tous les fichiers tmp
    fait tout ça sans jamais redémarrer.
    avec process explorer kill les process douteux (certains prog ne peut être éffacer car un process tourne et utilise le prog).
    donc supprimer process douteux puis supprimer les prog douteux.
    si t'es sous xp déactive la restauration système.
    0
    1. mariem
       
      Salut Bebintlot

      J'ai fait tout cke tu m'a dit..enfin j'ai essayé.lol

      C:\WINDOWS\AGRSMMSG.exe et C:\WINDOWS\ALCXMNTR.EXE possedent tous les deux des fournisseurs jles connais pas mais y en ont et C:\WINDOWS\system32\WPDShServiceObj.dll n'est pas présent sur la liste et j'ai bien cherché!!
      J'ai juste supprimé C:\WINDOWS\System32\PAStiSvc.exe et des autres qui n'avaient pa snon plus de fournisseurs.

      Sinon j'ai supprimer avec hijackthis tavo et kavo (qui avait réapparu!!) et j'ai supprimer aussi les lignes avec files missing mais symantec et revenu comme tu peux le voir.


      Voila mon nouveau Hijackthis



      Logfile of HijackThis v1.99.1
      Scan saved at 15:25:20, on 08/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\ALCXMNTR.EXE
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\Digital Imaging\bin\hpqtra08.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Digital Imaging\Product Assistant\bin\hprblog.exe
      C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX03.640\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

      Alors est ce qu'il est bon??Je tiens a préciser que avast ne me signale plus la présence du trojan alors kavan il me le rappelait toutes les 5 minutes.
      0
  4. chonchon1400GSX Messages postés 1311 Statut Membre 247
     
    Semble avoir disparu

    Une bonne analyse par un anti virus a jour est necessaire

    puis reposter un rapport
    0
    1. mariem
       
      youplaaaaaaaaaaaaaaaaaaaaaaaaaaaa boom
      0