Sujet Précédent Sujet Suivant

Cheval de troie : WIN32:Pakes-AKM (Trj)

Isali88 -  
isali88 Messages postés 4 Statut Membre -
Bonjour,

J'ai depuis qq temps un cheval de troie sur mon PC. Il s'inscrit comme win32 Pakes-AKM(Trj) avec avast.
J'ai essayé de l'enlever avec des infos piqués sur ce site, mais en vain.

voici mon hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:09, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Copernic Agent\CopernicAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E0DADAC-C20C-4027-A49B-C99E425875B5} - C:\WINDOWS\system32\wuwe.dll (file missing)
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsm96.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MySidesearch Search Assistant - {C17E102B-BD29-4e92-B699-1A21D2CB8E6C} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: ContextProgram - {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} - C:\Program Files\ContextProgram\ContextProgram-2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

3 réponses

Réponse 1 / 3
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsm96.dll

O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)

O2 - BHO: MySidesearch Search Assistant - {C17E102B-BD29-4e92-B699-1A21D2CB8E6C} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: ContextProgram - {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} - C:\Program Files\ContextProgram\ContextProgram-2.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

__________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

____________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\ContextProgram\ContextProgram-2.dll
C:\WINDOWS\system32\nsm96.dll
C:\WINDOWS\system32\mysidesearch_sidebar.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________

mets a jour internet
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
___________________
recolle un nouveau hijackthis et dis tes soucis
1
isali88 Messages postés 4 Statut Membre
 
ComboFix 08-03-26.1 - Isabelle AOURA 2008-03-27 18:30:22.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.673 [GMT 1:00]
Endroit: C:\Documents and Settings\Isabelle AOURA\Bureau\killbagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\nso57.dll
C:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 13:28 . 2008-03-27 13:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-27 13:18 . 2008-03-26 07:16 <REP> d-------- C:\SDFix
2008-03-27 13:10 . 2008-03-27 13:10 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 07:55 . 2008-03-27 07:55 <REP> d-------- C:\Program Files\Solitaire
2008-03-27 07:40 . 2008-03-27 07:40 <REP> d-------- C:\Program Files\CreveBoules
2008-03-27 07:35 . 2008-03-27 07:35 <REP> d-------- C:\Program Files\comptestbon
2008-03-27 07:32 . 2008-03-27 07:32 <REP> d-------- C:\Program Files\SpamTracker
2008-03-27 07:20 . 2008-03-27 07:20 <REP> d-------- C:\Program Files\RunAtStart
2008-03-26 16:03 . 2008-03-26 16:03 <REP> d--hs---- C:\FOUND.008
2008-03-26 07:52 . 2008-03-26 07:52 <REP> d-------- C:\Program Files\GOA
2008-03-25 13:21 . 2008-03-25 13:21 <REP> d--hs---- C:\FOUND.007
2008-03-24 12:49 . 2008-03-24 12:49 <REP> d--hs---- C:\FOUND.006
2008-03-22 10:04 . 2008-03-22 10:04 <REP> d--hs---- C:\FOUND.005
2008-03-19 11:03 . 2008-03-19 11:03 <REP> d--hs---- C:\FOUND.004
2008-03-16 09:43 . 2008-03-16 09:43 <REP> d--hs---- C:\FOUND.003
2008-03-15 17:11 . 2008-03-15 17:11 <REP> d-------- C:\Documents and Settings\Isabelle AOURA\Application Data\Chicken Chase
2008-03-15 12:13 . 2008-03-15 12:13 <REP> dr-h----- C:\Documents and Settings\Isabelle AOURA\Application Data\SecuROM
2008-03-15 12:09 . 2008-03-15 12:09 <REP> d-------- C:\Program Files\Electronic Arts
2008-03-15 10:50 . 2008-03-15 10:50 <REP> d-------- C:\Program Files\Chicken Chase
2008-03-15 10:00 . 2008-03-15 10:00 <REP> d--hs---- C:\FOUND.002
2008-03-15 09:53 . 2008-03-15 09:53 <REP> d-------- C:\Program Files\Virtual Villagers
2008-03-15 09:51 . 2008-03-15 09:51 <REP> d-------- C:\Program Files\bfgclient
2008-03-15 09:51 . 2008-03-15 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-03-10 13:14 . 2008-03-10 13:14 <REP> d-------- C:\Program Files\absolutist.com
2008-03-10 13:14 . 2008-03-10 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Absolutist
2008-03-08 08:57 . 2008-03-08 08:57 <REP> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-08 08:57 . 2008-03-08 08:57 <REP> d-------- C:\Program Files\FBrowserAdvisor
2008-03-08 08:57 . 2008-03-08 08:57 <REP> d-------- C:\Program Files\ContextProgram
2008-03-08 08:57 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-03-07 19:51 . 2008-03-07 19:51 16 --a------ C:\WINDOWS\popcinfo.dat
2008-03-06 13:20 . 2008-03-06 13:20 <REP> d-------- C:\Program Files\Pogo FR
2008-03-06 13:20 . 2008-03-06 13:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 15:39 . 2008-03-05 15:39 <REP> d-------- C:\Program Files\Dofus
2008-02-29 09:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-29 09:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-29 09:52 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-28 20:57 . 2008-02-28 20:57 <REP> d-------- C:\Program Files\Windows Live
2008-02-28 20:57 . 2008-02-28 20:57 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-28 20:57 . 2008-02-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 17:48 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-15 08:51 0 ----a-w C:\Program Files\temp01
2008-02-25 22:20 --------- d-----w C:\Program Files\Half-Life Model Viewer
2008-02-25 19:04 --------- d-----w C:\Program Files\RomuSoft
2008-02-23 16:10 --------- d-----w C:\Program Files\Managed DirectX (0901)
2008-02-23 15:12 --------- d-----w C:\Documents and Settings\Isabelle AOURA\Application Data\InstallShield
2008-02-23 11:58 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2008-02-23 11:54 --------- d-----w C:\Documents and Settings\Isabelle AOURA\Application Data\DataCast
2008-02-23 11:51 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-02-23 11:51 --------- d-----w C:\Program Files\XviD
2008-02-23 11:51 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-02-23 11:50 --------- d-----w C:\Program Files\MarkAny
2008-02-23 11:49 --------- d-----w C:\Program Files\Samsung
2008-02-23 11:44 --------- d-----w C:\Program Files\Outspark
2008-02-23 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-12 07:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 14:48 --------- d-----w C:\Program Files\KongKong Online Europe
2008-02-10 13:32 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-10 13:32 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-10 13:31 --------- d-----w C:\Program Files\Shadowgrounds Survivor
2008-02-10 09:12 --------- d-----w C:\Program Files\GameTribe
2008-02-06 08:26 --------- d-----w C:\Program Files\Ubisoft
2008-02-01 07:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
2008-02-01 07:40 110,592 ----a-w C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-01-31 17:17 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-01-30 12:09 --------- d-----w C:\Program Files\Softnyx
2008-01-30 09:00 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-01-13 14:06 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E0DADAC-C20C-4027-A49B-C99E425875B5}]
C:\WINDOWS\system32\wuwe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-23 12:24 46080]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-23 12:24 3756032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"C:\\WINDOWS\\System32\\muzapp.exe"=
"C:\\Program Files\\RomuSoft\\romustrike\\romustrike.exe"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=

R0 cdqlenpx;cdqlenpx;C:\WINDOWS\system32\drivers\xnhxmedu.dat []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;C:\WINDOWS\system32\XDva093.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 18:31:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdqlenpx]
"ImagePath"="system32\drivers\xnhxmedu.dat"
.
Temps d'accomplissement: 2008-03-27 18:32:17
ComboFix-quarantined-files.txt 2008-03-27 17:32:16
Pre-Run: 165,070,798,848 octets libres
Post-Run: 165,057,003,520 octets libres
.
2008-03-27 02:01:11 --- E O F ---
File/Folder C:\Program Files\ContextProgram\ContextProgram-2.dll not found.
File/Folder C:\WINDOWS\system32\nsm96.dll not found.
File/Folder C:\WINDOWS\system32\mysidesearch_sidebar.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_183709
0
isali88 Messages postés 4 Statut Membre
 
re,

voici mon dernier hijackthis et comme tu as pu le voir je t'ai collé tout ce que tu m'as demandé au dessus.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:36, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E0DADAC-C20C-4027-A49B-C99E425875B5} - C:\WINDOWS\system32\wuwe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
isali88 Messages postés 4 Statut Membre
 
quand j'ai fait ma mise à jour internet explorer, il n'a pas voulu installé ceci :

Windows Genuine Advantage Validation Tool (KB892130)

Est-ce important ?
0
Réponse 2 / 3
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ce fichier sur virus total et si infécté tu le vire avec otmovit

https://www.virustotal.com/gui/

C:\WINDOWS\system32\wuwe.dll

___________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

__________________

colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 3 / 3
isali88 Messages postés 4 Statut Membre
 
Scan :
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 556

Type de recherche: Examen rapide
Eléments examinés: 28322
Temps écoulé: 2 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c1aff62-c4fb-dc22-f1dd-20f26a27ec12} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{926ea0f6-080a-0778-9569-cac35c7f03b8} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\contextprogram.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{018fe159-4a56-8237-0211-989634717eb4} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f560603-a26f-c7e9-5e30-08dba79699c4} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bf798913-adc2-4304-2b4e-876f60917aab} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9f009604-ac89-957d-19a5-5815b478e169} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e2010c89-dc4c-e7bf-aa56-e826b40072a0} (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{410d416d-6bcc-4ddf-8501-937d68850cb5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{410d416d-6bcc-4ddf-8501-937d68850cb5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contextprogram (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ContextProgram.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram (AdWare.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram\pcre3.dll (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram\uninstall.exe (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ContextProgram\ContextProgram.dat (AdWare.Agent) -> Quarantined and deleted successfully.

Scan :

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Thu, Mar 27, 2008 - 20:06:54

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés
54373

Infectés Fichiers
219

Virus Détectés

Adware.Webhancer.BI
2

Adware.Fotomoto.K
4

Trojan.Dropper.Zirit.A
14

Trojan.Dropper.Zirit.B
186

Adware.Fotomoto.N
1

Adware.Netnucleus.B
1

Adware.Fotomoto.Gen
8

Trojan.Spy.Bzub.NGP
1

Adware.AdRotator.Gen
1

Trojan.Downloader.Zlob.AATN
1

--------------------------------------------------------------------------------

Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses