Sujet Précédent Sujet Suivant

Infection Trojan Vundo

Fermé
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009 - 26 mai 2008 à 16:07
 Utilisateur anonyme - 29 mai 2008 à 20:38
Bonjour,

Avast 4.8 a trouvé le cheval de troie Vundo dans mon pc (Vista basic), j'ai beau le supprimer, il semble persistant.
J'ai lancé Vundofix, qui ne trouve aucun fichier infecté (!)

Je vous poste le rapport Hijackthis, pouvez vous svp me dire si c'est grave, et surtout m'expliquer comment régler le problème, car je n'y connais pas grand chose....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:04, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Em\Desktop\Scanner.exe.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

16 réponses

Réponse 1 / 16
menu65 Messages postés 5173 Date d'inscription samedi 24 novembre 2007 Statut Membre Dernière intervention 4 février 2015 354
26 mai 2008 à 16:14
salut

vundo fix

http://www.clubic.com/telecharger-fiche25107-vundofix.html
0
Réponse 2 / 16
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
26 mai 2008 à 16:17
bonjour

ton rapport n est pas complet(il manque pas mal de lignes).hijack this doit se situer dans c\ programme\trend micro\hijackthis(renomme le scanner comme tu l as fais).exe
refais un rapport si il t indique qu il ne peut tout executer pour une raison , refais le scan mais avec les proprietes d administrateur.

tu peux egalement telecharger malwarebyte antimalware(il reconnait les infections vundo) sur le ccm dans la section telechargement, fais la mise a jour et fais un scan complet, si il detecte quelquechose fais supprimer, tu obtiens un nouveau rapport que tu colles.

merci
0
Réponse 3 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 16:27
Voilà le nouveau rapport (complet cette fois j'espère!) Hijackthis.
Je m'en vais de ce pas télécharger malwarebyte antimalware.
Merci de répondre aussi vite (j'ai mes exams à la fac demain, et ces saletés n'arrangent pas mon stress...)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:59, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 16
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
26 mai 2008 à 16:46
tu aurais du laisser le nom de scanner au lieu de hijack this, mais bon.

va sur virus total et examine ces 2 fichiers.ils sentent mauvais.

O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

ensuite pour ces lignes clique sur fix check sur hijackthis(clique au debut du programme sur do a scan apres sur fix check lorsque tu as les differentes lignes indique).

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 17:06
Re, je viens de supprimer les lignes que tu m'as dit, par contre pour l'analyse avec virustotal, ça prend un peu de temps, je te poste le rapport dès que ça marche.
Encore merci


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:03, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Trend Micro\scanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 6 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 17:17
Voici les analyses pour les deux lignes.

Merci


http://www.virustotal.com/fr/analisis/639d7361048e5fcebc54e0b5f9fc643c
http://www.virustotal.com/fr/analisis/431f76e1f57155ac7c99ce0661b67c22
0
Réponse 7 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 17:28
Le rapport de l'analyse Malwarebyte :


Malwarebytes' Anti-Malware 1.12
Version de la base de données: 788

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 159356
Temps écoulé: 48 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GL9SXGS\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTH23FAQ\css4[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTH23FAQ\css4[7] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTH23FAQ\css4[8] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I36EO0SO\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I36EO0SO\css4[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHQBL97C\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHQBL97C\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Temp\tmp00028094 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Em\AppData\Local\Temp\tmp00171fcf (Trojan.Vundo) -> Quarantined and deleted successfully.




Je reposte un log HiJackThis dans un instant.
0
Réponse 8 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 17:30
Est ce que le problème est résolu maintenant? Merci encore pour ton aide.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:34, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\scanner\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 16
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
26 mai 2008 à 17:45
on avance mais malware n a repere que des fichiers infectes et pas de clef ou autres.generalement ils trouvent les infections dans differents types de fichiers.


j attend ton rapport de virustotal pour les 2 fichiers cites.
je te rappelle qu il s agit de:

C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe

et j ai oublie cette ligne, clique sur fix check comme tu as fais auparavant.

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
0
Réponse 10 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 17:59
Voila le résultat pour C:\Windows\vsnpstd3.exe =

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.22.1 2008.05.26 -
AntiVir 7.8.0.19 2008.05.26 -
Authentium 5.1.0.4 2008.05.26 -
Avast 4.8.1195.0 2008.05.26 -
AVG 7.5.0.516 2008.05.25 -
BitDefender 7.2 2008.05.26 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.26 -
DrWeb 4.44.0.09170 2008.05.26 -
eSafe 7.0.15.0 2008.05.26 -
eTrust-Vet 31.4.5823 2008.05.26 -
Ewido 4.0 2008.05.26 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.26 -
Fortinet 3.14.0.0 2008.05.26 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.26 -
Kaspersky 7.0.0.125 2008.05.26 -
McAfee 5303 2008.05.26 -
Microsoft 1.3520 2008.05.26 -
NOD32v2 3132 2008.05.26 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.25 -
Prevx1 V2 2008.05.26 -
Rising 20.46.02.00 2008.05.26 -
Sophos 4.29.0 2008.05.26 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.26 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.26 -
VirusBuster 4.3.26:9 2008.05.26 -
Webwasher-Gateway 6.6.2 2008.05.26 -
Information additionnelle
File size: 843776 bytes
MD5...: 45f5ad6f433356128bc65128399f533d
SHA1..: c4b8ba8c27d35b68a264dc1505172ebbe7e4d1b2
SHA256: d6d0ae7e6077e11b24e0a7bd069c226a47f4f45a1acdeacc51878f7245a85c71
SHA512: 2c2ede6a482d6db9a3170d3caa8508221cd950acb0926c8ebe1740fc3938f034
42996bb592685cd2726cb43546b9007b089534bb558362f96aa59e50dcc4dd90
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x48b67f
timedatestamp.....: 0x450e38bb (Mon Sep 18 06:12:11 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8b88a 0x8c000 6.62 7840c52c09504e41c50985f101311a29
.rdata 0x8d000 0x25eb7 0x26000 4.13 44838d3d8ec619bddf359ca24f67cecd
.data 0xb3000 0x118ac 0xc000 5.37 27d50c3d1039d6c657463b50f5ee8971
.rsrc 0xc5000 0xe8b8 0xf000 4.65 9a4529fc67c5af70621f804be5c500a5

( 8 imports )
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: PlaySoundA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _acmdln, _XcptFilter, _exit, _terminate@@YAXXZ, _except_handler3, __1type_info@@UAE@XZ, _onexit, __dllonexit, strtok, vfprintf, atof, atoi, ceil, __mb_cur_max, _isctype, _pctype, vsprintf, tmpnam, strtod, abort, atan2, fabs, sqrt, log, rand, exp, qsort, _read, _setmode, _unlink, _open, pow, memmove, memset, memcpy, strlen, strcpy, getenv, sscanf, _iob, fprintf, exit, _CIfmod, strncmp, isprint, printf, __CxxLongjmpUnwind, _setjmp3, longjmp, _CIpow, _mbslen, calloc, _mbsnbcpy, _CxxThrowException, _CIacos, div, floor, realloc, malloc, free, _ftol, getc, fputc, fflush, ftell, fseek, fwrite, fread, fopen, fclose, _purecall, strchr, sprintf, strstr, strncpy, __CxxFrameHandler, _write, _lseek, _close, _strdup, _setmbcp, __getmainargs
> KERNEL32.dll: GetStartupInfoA, GlobalFree, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, SizeofResource, LockResource, GetSystemDirectoryA, WinExec, LoadLibraryExA, FindResourceA, LoadResource, GetVersionExA, SetEvent, Sleep, WaitForSingleObject, ResumeThread, CreateEventA, LoadLibraryA, FreeLibrary, CreateMutexA, GetLastError, GetCurrentProcess, GetModuleHandleA, GetProcAddress, CloseHandle, GetModuleFileNameA
> USER32.dll: GetSysColor, DrawTextA, GetIconInfo, ReleaseDC, SetWindowTextA, LoadCursorA, GetWindowRect, SetRect, AdjustWindowRect, InvalidateRect, GetMenu, CheckMenuRadioItem, GetDC, SetForegroundWindow, IsWindow, PostMessageA, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, EnableWindow
> GDI32.dll: SetBkColor, StretchBlt, GetClipBox, CreateRectRgnIndirect, ExtSelectClipRgn, SetStretchBltMode, GetObjectA, RealizePalette, GetDIBits, CreateDIBSection, BitBlt, CreateBitmap, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, SetDIBitsToDevice, GetEnhMetaFilePaletteEntries, ExtTextOutA, DeleteEnhMetaFile, GetDeviceCaps, CreateCompatibleBitmap, RectVisible, StretchDIBits, SetBkMode, SetTextColor, CreatePalette, CreateFontIndirectA, CombineRgn, CreateRectRgn, PlayEnhMetaFile, SelectPalette, DeleteDC, SetEnhMetaFileBits, GetEnhMetaFileHeader, SetWinMetaFileBits, GetStockObject
> ADVAPI32.dll: QueryServiceStatus, RegQueryValueExA, RegOpenKeyExA, CloseServiceHandle, StartServiceA, ControlService, OpenServiceA, OpenSCManagerA, RegSetValueExA, RegEnumValueA, RegCloseKey

( 379 exports )
__0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z, __0CxFile@@QAE@ABV0@@Z, __0CxFile@@QAE@XZ, __0CxIOFile@@QAE@ABV0@@Z, __0CxIOFile@@QAE@PAU_iobuf@@@Z, __0CxImage@@QAE@ABV0@_N11@Z, __0CxImage@@QAE@K@Z, __0CxImage@@QAE@KKKK@Z, __0CxImage@@QAE@PAEKK@Z, __0CxImage@@QAE@PAU_iobuf@@K@Z, __0CxImage@@QAE@PAVCxFile@@K@Z, __0CxImage@@QAE@PBDK@Z, __0CxImageGIF@@QAE@ABV0@@Z, __0CxImageGIF@@QAE@XZ, __0CxImageJPG@@QAE@ABV0@@Z, __0CxImageJPG@@QAE@XZ, __0CxImageTIF@@QAE@ABV0@@Z, __0CxImageTIF@@QAE@XZ, __0CxMemFile@@QAE@ABV0@@Z, __0CxMemFile@@QAE@PAEK@Z, __0CxPoint2@@QAE@ABV0@@Z, __0CxPoint2@@QAE@MM@Z, __0CxPoint2@@QAE@XZ, __0CxRect2@@QAE@ABV0@@Z, __0CxRect2@@QAE@MMMM@Z, __0CxRect2@@QAE@XZ, __1CxExifInfo@CxImageJPG@@QAE@XZ, __1CxFile@@UAE@XZ, __1CxIOFile@@UAE@XZ, __1CxImage@@UAE@XZ, __1CxImageGIF@@UAE@XZ, __1CxImageJPG@@UAE@XZ, __1CxImageTIF@@UAE@XZ, __1CxMemFile@@UAE@XZ, __4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z, __4CxFile@@QAEAAV0@ABV0@@Z, __4CxIOFile@@QAEAAV0@ABV0@@Z, __4CxImage@@QAEAAV0@ABV0@@Z, __4CxImageGIF@@QAEAAV0@ABV0@@Z, __4CxImageJPG@@QAEAAV0@ABV0@@Z, __4CxImageTIF@@QAEAAV0@ABV0@@Z, __4CxMemFile@@QAEAAV0@ABV0@@Z, __4CxPoint2@@QAEAAV0@ABV0@@Z, __4CxRect2@@QAEAAV0@ABV0@@Z, ___7CxFile@@6B@, ___7CxIOFile@@6B@, ___7CxImage@@6B@, ___7CxImageGIF@@6B@, ___7CxImageJPG@@6B@, ___7CxImageTIF@@6B@, ___7CxMemFile@@6B@, ___FCxExifInfo@CxImageJPG@@QAEXXZ, ___FCxIOFile@@QAEXXZ, ___FCxImage@@QAEXXZ, ___FCxMemFile@@QAEXXZ, ___OCxImage@@QAEXABV0@@Z, _AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z, _Alloc@CxMemFile@@IAEXK@Z, _AlphaClear@CxImage@@QAEXXZ, _AlphaCopy@CxImage@@QAE_NAAV1@@Z, _AlphaCreate@CxImage@@QAEXXZ, _AlphaDelete@CxImage@@QAEXXZ, _AlphaFlip@CxImage@@QAE_NXZ, _AlphaGet@CxImage@@QAEEJJ@Z, _AlphaGetMax@CxImage@@QBEEXZ, _AlphaGetPointer@CxImage@@QAEPAEJJ@Z, _AlphaInvert@CxImage@@QAEXXZ, _AlphaIsValid@CxImage@@QAE_NXZ, _AlphaMirror@CxImage@@QAE_NXZ, _AlphaPaletteClear@CxImage@@QAEXXZ, _AlphaPaletteEnable@CxImage@@QAEX_N@Z, _AlphaPaletteIsEnabled@CxImage@@QAE_NXZ, _AlphaPaletteIsValid@CxImage@@QAE_NXZ, _AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z, _AlphaSet@CxImage@@QAEXE@Z, _AlphaSet@CxImage@@QAEXJJE@Z, _AlphaSet@CxImage@@QAE_NAAV1@@Z, _AlphaSetMax@CxImage@@QAEXE@Z, _AlphaSplit@CxImage@@QAE_NPAV1@@Z, _AlphaStrip@CxImage@@QAEXXZ, _Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z, _BlendPalette@CxImage@@QAEXKJ@Z, _BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z, _BlindAlphaGet@CxImage@@IAEEJJ@Z, _BlindGetPixelColor@CxImage@@IAE_AUtagRGBQUAD@@JJ@Z, _BlindGetPixelIndex@CxImage@@IAEEJJ@Z, _BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z, _Center@CxRect2@@QBE_AVCxPoint2@@XZ, _CircleTransform@CxImage@@QAE_NHJM@Z, _Clear@CxImage@@QAEXE@Z, _Close@CxIOFile@@UAE_NXZ, _Close@CxMemFile@@UAE_NXZ, _CompareColors@CxImage@@KAHPBX0@Z, _ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z, _Copy@CxImage@@QAEXABV1@_N11@Z, _CopyInfo@CxImage@@IAEXABV1@@Z, _CopyToHandle@CxImage@@QAEPAXXZ, _Create@CxImage@@QAEPAXKKKK@Z, _CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z, _CreateFromHANDLE@CxImage@@QAE_NPAX@Z, _CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z, _CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z, _CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z, _Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z, _Crop@CxImage@@QAE_NJJJJPAV1@@Z, _CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z, _CrossSection@CxRect2@@QBE_AV1@ABV1@@Z, _Decode@CxImage@@QAE_NPAEKK@Z, _Decode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Decode@CxImage@@QAE_NPAVCxFile@@K@Z, _Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageTIF@@QAE_NPAVCxFile@@@Z, _DecodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@H@Z, _DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z, _DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z, _DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z, _Destroy@CxImage@@QAE_NXZ, _DiscardAllButExif@CxExifInfo@CxImageJPG@@QAEXXZ, _Distance@CxPoint2@@QAEMMM@Z, _Distance@CxPoint2@@QAEMV1@@Z, _Dither@CxImage@@QAE_NJ@Z, _Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z, _Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z, _Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z, _Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z, _DrawLine@CxImage@@QAEXHHHHK@Z, _DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z, _DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z, _DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z, _Enable@CxImage@@QAEX_N@Z, _Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z, _Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z, _Encode@CxImage@@QAE_NAAPAEAAJK@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z, _Encode@CxImage@@QAE_NPAVCxFile@@K@Z, _Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z, _Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@_N@Z, _EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z, _EncodeBody@CxImageTIF@@IAE_NPAUtiff@@_NHH@Z, _EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@@Z, _EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z, _EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z, _Eof@CxIOFile@@UAE_NXZ, _Eof@CxMemFile@@UAE_NXZ, _Error@CxIOFile@@UAEJXZ, _Error@CxMemFile@@UAEJXZ, _Expand@CxImage@@QAE_NJJJJUtagRGBQUAD@@PAV1@@Z, _Expand@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _FindSection@CxExifInfo@CxImageJPG@@IAEPAXH@Z, _Flip@CxImage@@QAE_NXZ, _Flush@CxIOFile@@UAE_NXZ, _Flush@CxMemFile@@UAE_NXZ, _Free@CxMemFile@@IAEXXZ, _FreeMemory@CxImage@@QAEXPAX@Z, _Get16m@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get16u@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get32s@CxExifInfo@CxImageJPG@@IAEJPAX@Z, _Get32u@CxExifInfo@CxImageJPG@@IAEKPAX@Z, _GetAreaColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMMMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetBits@CxImage@@QAEPAEK@Z, _GetBpp@CxImage@@QBEGXZ, _GetBuffer@CxMemFile@@QAEPAE_N@Z, _GetC@CxIOFile@@UAEJXZ, _GetC@CxMemFile@@UAEJXZ, _GetClrImportant@CxImage@@QBEKXZ, _GetCodecOption@CxImage@@QAEKK@Z, _GetColorType@CxImage@@QAEEXZ, _GetComment@CxImageGIF@@QAEXPAD@Z, _GetDIB@CxImage@@QBEPAXXZ, _GetDisposalMethod@CxImageGIF@@QAEJXZ, _GetEffWidth@CxImage@@QBEKXZ, _GetEscape@CxImage@@QBEJXZ, _GetFlags@CxImage@@QBEKXZ, _GetFrame@CxImage@@QBEJXZ, _GetFrameDelay@CxImage@@QBEKXZ, _GetHeight@CxImage@@QBEKXZ, _GetJpegQuality@CxImage@@QBEEXZ, _GetJpegScale@CxImage@@QBEEXZ, _GetLastError@CxImage@@QAEPBDXZ, _GetLoops@CxImageGIF@@QAEJXZ, _GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z, _GetNumColors@CxImage@@QBEKXZ, _GetNumFrames@CxImage@@QBEJXZ, _GetOffset@CxImage@@QAEXPAJ0@Z, _GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ, _GetPaletteColor@CxImage@@QAE_AUtagRGBQUAD@@E@Z, _GetPaletteColor@CxImage@@QAE_NEPAE00@Z, _GetPaletteSize@CxImage@@QAEKXZ, _GetPixelColor@CxImage@@QAE_AUtagRGBQUAD@@JJ_N@Z, _GetPixelColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetPixelColorWithOverflow@CxImage@@QAE_AUtagRGBQUAD@@JJW4OverflowMethod@1@QAU2@@Z, _GetPixelGray@CxImage@@QAEEJJ@Z, _GetPixelIndex@CxImage@@QAEEJJ@Z, _GetProgress@CxImage@@QBEJXZ, _GetSize@CxImage@@QAEJXZ, _GetTransColor@CxImage@@QAE_AUtagRGBQUAD@@XZ, _GetTransIndex@CxImage@@QBEJXZ, _GetType@CxImage@@QBEKXZ, _GetVersion@CxImage@@QAEPBDXZ, _GetVersionNumber@CxImage@@QAE_BMXZ, _GetWidth@CxImage@@QBEKXZ, _GetXDPI@CxImage@@QBEJXZ, _GetYDPI@CxImage@@QBEJXZ, _Ghost@CxImage@@IAEXPAV1@@Z, _GifMix@CxImageGIF@@IAEXAAVCxImage@@AAUtag_image@1@@Z, _GifNextPixel@CxImageGIF@@IAEHXZ, _GrayScale@CxImage@@QAE_NXZ, _Height@CxRect2@@QBEMXZ, _IncreaseBpp@CxImage@@QAE_NK@Z, _InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z, _IsEnabled@CxImage@@QBE_NXZ, _IsGrayScale@CxImage@@QAE_NXZ, _IsIndexed@CxImage@@QBE_NXZ, _IsInside@CxImage@@QAE_NJJ@Z, _IsSamePalette@CxImage@@QAE_NAAV1@_N@Z, _IsTransparent@CxImage@@QAE_NJJ@Z, _IsTransparent@CxImage@@QBE_NXZ, _IsValid@CxImage@@QBE_NXZ, _KernelBSpline@CxImage@@SAMM@Z, _KernelBessel@CxImage@@SAMM@Z, _KernelBessel_J1@CxImage@@SAMM@Z, _KernelBessel_Order1@CxImage@@SAMM@Z, _KernelBessel_P1@CxImage@@SAMM@Z, _KernelBessel_Q1@CxImage@@SAMM@Z, _KernelBlackman@CxImage@@SAMM@Z, _KernelBox@CxImage@@SAMM@Z, _KernelCatrom@CxImage@@SAMM@Z, _KernelCubic@CxImage@@SAMM@Z, _KernelGaussian@CxImage@@SAMM@Z, _KernelGeneralizedCubic@CxImage@@SAMMM@Z, _KernelHamming@CxImage@@SAMM@Z, _KernelHermite@CxImage@@SAMM@Z, _KernelLanczosSinc@CxImage@@SAMMM@Z, _KernelLinear@CxImage@@SAMM@Z, _KernelMitchell@CxImage@@SAMM@Z, _KernelQuadratic@CxImage@@SAMM@Z, _KernelSinc@CxImage@@SAMM@Z, _Load@CxImage@@QAE_NPBDK@Z, _LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z, _MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z, _Mirror@CxImage@@QAE_NXZ, _Negative@CxImage@@QAE_NXZ, _Open@CxIOFile@@QAE_NPBD0@Z, _Open@CxMemFile@@QAE_NXZ, _OverflowCoordinates@CxImage@@QAEXAAJ0W4OverflowMethod@1@@Z, _OverflowCoordinates@CxImage@@QAEXAAM0W4OverflowMethod@1@@Z, _ProcessExifDir@CxExifInfo@CxImageJPG@@IAE_NPAE0IQAUtag_ExifInfo@2@QAPAE@Z, _PutC@CxFile@@UAE_NE@Z, _PutC@CxIOFile@@UAE_NE@Z, _PutC@CxMemFile@@UAE_NE@Z, _Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z, _QIShrink@CxImage@@QAE_NJJQAV1@@Z, _RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z, _RGBtoBGR@CxImage@@IAEXPAEH@Z, _RGBtoRGBQUAD@CxImage@@SA_AUtagRGBQUAD@@K@Z, _Read@CxIOFile@@UAEIPAXII@Z, _Read@CxMemFile@@UAEIPAXII@Z, _Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z, _Resample@CxImage@@QAE_NJJHPAV1@@Z, _Rotate180@CxImage@@QAE_NPAV1@@Z, _Rotate2@CxImage@@QAE_NMPAV1@W4InterpolationMethod@1@W4OverflowMethod@1@PAUtagRGBQUAD@@_N4@Z, _Rotate@CxImage@@QAE_NMPAV1@@Z, _RotateLeft@CxImage@@QAE_NPAV1@@Z, _RotateRight@CxImage@@QAE_NPAV1@@Z, _Save@CxImage@@QAE_NPBDK@Z, _Seek@CxIOFile@@UAE_NJH@Z, _Seek@CxMemFile@@UAE_NJH@Z, _SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z, _SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z, _SelectionAddPixel@CxImage@@QAE_NHH@Z, _SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z, _SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z, _SelectionClear@CxImage@@QAE_NXZ, _SelectionCopy@CxImage@@QAE_NAAV1@@Z, _SelectionCreate@CxImage@@QAE_NXZ, _SelectionDelete@CxImage@@QAE_NXZ, _SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z, _SelectionInvert@CxImage@@QAE_NXZ, _SelectionIsInside@CxImage@@QAE_NJJ@Z, _SelectionIsValid@CxImage@@QAE_NXZ, _SelectionSplit@CxImage@@QAE_NPAV1@@Z, _SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z, _SetClrImportant@CxImage@@QAEXK@Z, _SetCodecOption@CxImage@@QAE_NKK@Z, _SetComment@CxImageGIF@@QAEXPBD@Z, _SetDisposalMethod@CxImageGIF@@QAEXH@Z, _SetEscape@CxImage@@QAEXJ@Z, _SetFlags@CxImage@@QAEXK_N@Z, _SetFrame@CxImage@@QAEXJ@Z, _SetFrameDelay@CxImage@@QAEXK@Z, _SetGrayPalette@CxImage@@QAEXXZ, _SetJpegQuality@CxImage@@QAEXE@Z, _SetJpegScale@CxImage@@QAEXE@Z, _SetLoops@CxImageGIF@@QAEXH@Z, _SetOffset@CxImage@@QAEXJJ@Z, _SetPalette@CxImage@@QAEXKPAE00@Z, _SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z, _SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z, _SetPaletteColor@CxImage@@QAEXEEEEE@Z, _SetPaletteColor@CxImage@@QAEXEK@Z, _SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z, _SetPixelColor@CxImage@@QAEXJJK@Z, _SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z, _SetPixelIndex@CxImage@@QAEXJJE@Z, _SetProgress@CxImage@@QAEXJ@Z, _SetStdPalette@CxImage@@QAEXXZ, _SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z, _SetTransIndex@CxImage@@QAEXJ@Z, _SetXDPI@CxImage@@QAEXJ@Z, _SetYDPI@CxImage@@QAEXJ@Z, _Size@CxIOFile@@UAEJXZ, _Size@CxMemFile@@UAEJXZ, _Skew@CxImage@@QAE_NMMJJ_N@Z, _Startup@CxImage@@IAEXK@Z, _Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z, _Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z, _Surface@CxRect2@@QBEMXZ, _SwapIndex@CxImage@@QAEXEE@Z, _TIFFCloseEx@CxImageTIF@@QAEXPAUtiff@@@Z, _TIFFOpenEx@CxImageTIF@@QAEPAUtiff@@PAVCxFile@@@Z, _Tell@CxIOFile@@UAEJXZ, _Tell@CxMemFile@@UAEJXZ, _Thumbnail@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z, _TileToStrip@CxImageTIF@@IAEXPAE0KKHH@Z, _Transfer@CxImage@@QAE_NAAV1@@Z, _Width@CxRect2@@QBEMXZ, _Write@CxIOFile@@UAEIPBXII@Z, _Write@CxMemFile@@UAEIPBXII@Z, _char_out@CxImageGIF@@IAEXH@Z, _cl_hash@CxImageGIF@@IAEXJ@Z, _compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z, _flush_char@CxImageGIF@@IAEXXZ, _get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z, _get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z, _get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@PAUtag_dscgif@1@@Z, _init_exp@CxImageGIF@@IAEFF@Z, _out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z, _output@CxImageGIF@@IAEXF@Z, _process_COM@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _process_EXIF@CxExifInfo@CxImageJPG@@IAE_NPAEI@Z, _process_SOFn@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z, _rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_compute_triangle_count@CxImageGIF@@IAEIII@Z, _rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_isqrt@CxImageGIF@@IAEII@Z, _rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_write_block@CxImageGIF
0
Réponse 11 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 18:00
Résultat pour C:\Windows\tsnpstd3.exe =

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.22.1 2008.05.26 -
AntiVir 7.8.0.19 2008.05.26 -
Authentium 5.1.0.4 2008.05.26 -
Avast 4.8.1195.0 2008.05.26 -
AVG 7.5.0.516 2008.05.25 -
BitDefender 7.2 2008.05.26 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.26 -
DrWeb 4.44.0.09170 2008.05.26 -
eSafe 7.0.15.0 2008.05.26 -
eTrust-Vet 31.4.5823 2008.05.26 -
Ewido 4.0 2008.05.26 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.26 -
Fortinet 3.14.0.0 2008.05.26 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.26 -
Kaspersky 7.0.0.125 2008.05.26 -
McAfee 5303 2008.05.26 -
Microsoft 1.3520 2008.05.26 -
NOD32v2 3132 2008.05.26 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.25 -
Prevx1 V2 2008.05.26 -
Rising 20.46.02.00 2008.05.26 -
Sophos 4.29.0 2008.05.26 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.26 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.26 -
VirusBuster 4.3.26:9 2008.05.26 -
Webwasher-Gateway 6.6.2 2008.05.26 -
Information additionnelle
File size: 262144 bytes
MD5...: 58ba3e9dd4667b181eee1fbe6dc4fcea
SHA1..: 514a85b5f48bc09ecd305c6e5cc2714ea42389b6
SHA256: a9d5e3ab889c84df8fa8a10649bd324aa966c11977edbe4e381354576ecbf8b9
SHA512: 99d395a4e8b656e0bbe44bc4796aba431281fc6a5faa3bbdf61d2a313738a7ea
a5685f6b19838f70850346548da1ea0dd12298123d93e921ce05dc7f5bcf0b26
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40ca60
timedatestamp.....: 0x456d44c5 (Wed Nov 29 08:28:53 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2422b 0x25000 6.52 d969430903a8f867f65543bf9b913163
.rdata 0x26000 0x972a 0xa000 4.67 cb1df7b32598f1627e7380d99da78926
.data 0x30000 0x6608 0x3000 3.43 1166ab49aaa36f6cfb30cad8b34cd5c1
.rsrc 0x37000 0xcd80 0xd000 5.32 833be918e3d94a184c8a3737393e2800

( 12 imports )
> KERNEL32.dll: RaiseException, HeapReAlloc, HeapSize, GetACP, GetTimeZoneInformation, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapAlloc, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapFree, GetProfileStringA, GetCommandLineA, GetStartupInfoA, TerminateProcess, ExitProcess, RtlUnwind, FormatMessageA, GetFileTime, GetFileSize, GetFileAttributesA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, SetErrorMode, GetOEMCP, GetCPInfo, GetThreadLocale, SizeofResource, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, lstrcpynA, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, MulDiv, SetLastError, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, lstrlenA, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, lstrcpyW, WideCharToMultiByte, GetVersionExA, GetModuleHandleA, CreateMutexA, GetLastError, IsBadWritePtr, OutputDebugStringA
> USER32.dll: MessageBeep, InvalidateRect, CharUpperA, RegisterClipboardFormatA, PostThreadMessageA, SetFocus, AdjustWindowRectEx, ScreenToClient, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetMenuItemID, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetWindowLongA, OffsetRect, IntersectRect, GetNextDlgGroupItem, IsIconic, GetWindowPlacement, GetWindowRect, MapDialogRect, SetWindowPos, GetWindow, PtInRect, EndDialog, SetActiveWindow, IsWindow, GetSystemMetrics, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, CopyRect, GetClientRect, GetDC, ReleaseDC, GetMenuCheckMarkDimensions, GetMenuState, ModifyMenuA, CheckMenuItem, GetFocus, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, SetWindowsHookExA, GetParent, GetLastActivePopup, RegisterWindowMessageA, SetTimer, AppendMenuA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, SendMessageA, EnableWindow, LoadMenuA, GetSubMenu, GetCursorPos, LoadBitmapA, SetRect, CopyAcceleratorTableA, CharNextA, InflateRect, SystemParametersInfoA, GetSysColorBrush, RemoveMenu, EnableMenuItem, SetMenuItemBitmaps, SetForegroundWindow, LoadImageA, DestroyIcon, LoadStringA, FindWindowA, KillTimer, DefDlgProcA, IsWindowUnicode, GetSystemMenu, GetClassNameA, GetDesktopWindow, LoadCursorA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, IsDlgButtonChecked, GetSysColor, UpdateWindow, SendDlgItemMessageA, GetNextDlgTabItem, SetWindowContextHelpId, MapWindowPoints, LoadIconA
> GDI32.dll: ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, SetViewportExtEx, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetMapMode, DPtoLP, GetTextColor, GetBkColor, LPtoDP, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, PatBlt, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA
> SHELL32.dll: Shell_NotifyIconA
> COMCTL32.dll: ImageList_Destroy, -
> oledlg.dll: -
> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, CoTaskMemAlloc, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoTaskMemFree, CoCreateInstance, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, OleInitialize
> OLEPRO32.DLL: -, -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 0 exports )
0
Réponse 12 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 18:03
Rapport après suppression de la ligne
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:13, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\Scanner\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 13 / 16
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
26 mai 2008 à 18:28
je ne vois plus rien mais bon je suis en train d apprendre a regler les soucis donc je peux passer a cote de quelquechose.
j ai l impression que je ne vois pas tout car j etais persuade que les 2 fichiers etaient infectes.

maintenant fais un scan en ligne avec kasperski, tu dois le faire avec internet explorer et accepter un active x, tu obtiens un rapport et la tu le colles.

si le rapport est negatif cela semblera mieu, ou essaye de contacter un specialiste du site pour verifier (tu t en rend compte au nombre de message envoye).

lorsque tu auras fini la desinfection, tu devrais passer de avast a antivir car bien meilleur pour l instant.
avoir un vrai pare feu car celui de windows c est de la merde(tu as comodo pro firewall 3 ou kerio ou zone alarm).

il faut aussi spybot, dans les options avances tu as le tea timer que tu peux activer.celui que tu as telecharge(malwarebyte) garde le et met le a jour de temps en temps et passe un scan, il est tres util.

faire les mise a jour pour java, adobe et windows sont egalement importantes pour ta securite.
0
Utilisateur anonyme
29 mai 2008 à 20:38
bonjours, j'espère que ce topic ne date pas trop et que vous verrez mon message...
je passais par la par hasard...

et cette ligne est douteuse
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

c'est parfois un virus...
il faut l'envoyer a https://www.virustotal.com/gui/ pour être sur...

voila...

sinon hijacthis ne détecte pas vundo
il faut pour que ca marche, renommer "hijackthis" qui est sur ton bureau (clic droit, renommer), et tu le renomme en "monfix" par exemple, ainsi vundo apparaîtra sur le rapport hjackthis...


ou alors pour vundo, il existe vundofix
il devrait supprimer cette infection...

voila voila
bonne continuation...
0
Réponse 14 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 18:41
Oulah... Bon, je vais essayer de faire tout ça. Je te préviens quand j'ai fini l'analyse avec Kapersky.
Merci pour ton aide précieuse :)
0
Réponse 15 / 16
Plumpooding Messages postés 15 Date d'inscription lundi 26 mai 2008 Statut Membre Dernière intervention 9 décembre 2009
26 mai 2008 à 19:40
L'analyse est en cours, mais j'en suis à peine à 7% (ça fait déjà 43 min. que je l'ai lancée). Kapersky m'indique déjà un virus et 2 fichiers infectés...
Je t'en dirais plus une fois l'analyse terminée (peut être demain)
0
Réponse 16 / 16
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
26 mai 2008 à 21:07
n oublie pas de me coller le rapport.
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses