Vundo ou pas Vundo ???
deuff
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
J'ai un ami qui n'est pas informaticien du tout et qui possède un PC vérolé par des cafards qui dévorent son écran. J'ai effectué deux scan avec combofix et hijackthis.
Je souhaiterais savoir, a partir de ces rapports comment eliminer efficacement son infection.
RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:25, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmona.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\componentlauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
G:\Nouveau dossier\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\eexuiops.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O21 - SSODL: PzsbBCLzZ - {54A58EF1-FE0F-245B-3523-23B273E8CA4A} - C:\WINDOWS\system32\kbb.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 9572 bytes
RAPPORT COMBOFIX:
ComboFix 08-05-25.3 - DUPUY DAMIEN 2008-05-26 21:37:47.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\DUPUY DAMIEN\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw_nav.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw_navps.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\euadtpovuz_navps.dat
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\AyGPXGgh.ini
C:\WINDOWS\system32\AyGPXGgh.ini2
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\eetexisv.dll
C:\WINDOWS\system32\eexuiops.dll
C:\WINDOWS\system32\hgGXPGyA.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnljGY.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\spoiuxee.ini
C:\WINDOWS\system32\vsixetee.ini
C:\WINDOWS\system32\ynjnfscv.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.
2008-05-26 21:18 . 2008-05-26 21:18 20,770 --a------ C:\WINDOWS\system32\morcyeho.dll
2008-05-26 14:28 . 2008-05-26 21:13 834 ---hs---- C:\WINDOWS\system32\frcpfbrs.ini
2008-05-25 22:23 . 2008-05-26 14:23 714 ---hs---- C:\WINDOWS\system32\duecmyew.ini
2008-05-25 21:23 . 2008-05-25 21:24 594 ---hs---- C:\WINDOWS\system32\oqoiqshh.ini
2008-05-25 21:20 . 2008-05-25 21:21 534 ---hs---- C:\WINDOWS\system32\kbokmoho.ini
2008-05-25 21:19 . 2008-05-25 21:19 474 ---hs---- C:\WINDOWS\system32\atpqaqgs.ini
2008-05-25 20:15 . 2008-05-25 20:15 414 ---hs---- C:\WINDOWS\system32\ltsgdgae.ini
2008-05-25 20:12 . 2008-05-25 20:12 354 ---hs---- C:\WINDOWS\system32\snjbqlbj.ini
2008-05-25 20:12 . 2008-05-25 20:12 294 ---hs---- C:\WINDOWS\system32\ihvqqxll.ini
2008-05-09 20:29 . 2008-05-09 20:29 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 20:29 . 2008-05-09 20:29 232 --ah----- C:\sqmdata19.sqm
2008-05-09 20:21 . 2008-05-09 20:21 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-09 20:20 . 2008-05-26 21:13 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-09 20:20 . 2008-05-26 21:13 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-04 12:30 . 2008-05-04 12:30 244 --ah----- C:\sqmnoopt18.sqm
2008-05-04 12:30 . 2008-05-04 12:30 232 --ah----- C:\sqmdata18.sqm
2008-04-30 12:12 . 2008-04-30 12:12 244 --ah----- C:\sqmnoopt17.sqm
2008-04-30 12:12 . 2008-04-30 12:12 232 --ah----- C:\sqmdata17.sqm
2008-04-30 12:09 . 2008-04-30 12:09 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\Nokia Multimedia Player
2008-04-28 21:16 . 2008-04-28 21:16 244 --ah----- C:\sqmnoopt16.sqm
2008-04-28 21:16 . 2008-04-28 21:16 232 --ah----- C:\sqmdata16.sqm
2008-04-28 21:15 . 2008-04-28 21:15 244 --ah----- C:\sqmnoopt15.sqm
2008-04-28 21:15 . 2008-04-28 21:15 232 --ah----- C:\sqmdata15.sqm
2008-04-28 21:04 . 2008-04-28 21:04 244 --ah----- C:\sqmnoopt14.sqm
2008-04-28 21:04 . 2008-04-28 21:04 232 --ah----- C:\sqmdata14.sqm
2008-04-28 21:03 . 2008-04-28 21:03 244 --ah----- C:\sqmnoopt13.sqm
2008-04-28 21:03 . 2008-04-28 21:03 232 --ah----- C:\sqmdata13.sqm
2008-04-28 21:02 . 2008-04-28 21:02 244 --ah----- C:\sqmnoopt12.sqm
2008-04-28 21:02 . 2008-04-28 21:02 232 --ah----- C:\sqmdata12.sqm
2008-04-28 20:48 . 2008-04-28 20:48 244 --ah----- C:\sqmnoopt11.sqm
2008-04-28 20:48 . 2008-04-28 20:48 232 --ah----- C:\sqmdata11.sqm
2008-04-28 20:22 . 2008-04-28 20:22 244 --ah----- C:\sqmnoopt10.sqm
2008-04-28 20:22 . 2008-04-28 20:22 244 --ah----- C:\sqmnoopt09.sqm
2008-04-28 20:22 . 2008-04-28 20:22 232 --ah----- C:\sqmdata10.sqm
2008-04-28 20:22 . 2008-04-28 20:22 232 --ah----- C:\sqmdata09.sqm
2008-04-26 13:26 . 2008-04-30 11:58 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Phone Browser
2008-04-26 13:23 . 2008-04-26 13:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-26 13:20 . 2008-04-30 12:09 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\Nokia
2008-04-26 13:18 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-26 13:18 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-26 13:16 . 2008-04-26 13:16 <REP> d-------- C:\Program Files\DIFX
2008-04-26 13:16 . 2008-04-26 13:26 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\PC Suite
2008-04-26 13:15 . 2008-04-26 13:16 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-26 13:15 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Nokia
2008-04-26 13:15 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-26 13:15 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-26 13:15 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-26 13:15 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-26 13:15 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-26 13:15 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-26 13:12 . 2008-04-26 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 20:24 --------- d-----w C:\Program Files\PokerStars
2008-05-25 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 18:45 --------- d-----w C:\Documents and Settings\DUPUY DAMIEN\Application Data\Teleca
2008-05-25 18:43 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-05-25 14:43 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-05-25 14:32 --------- d-----w C:\Program Files\Google
2008-05-25 14:22 --------- d-----w C:\Program Files\Yahoo!
2008-05-25 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 13:32 --------- d-----w C:\Program Files\Alwil Software
2008-04-25 13:05 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-25 13:02 --------- d-----w C:\Program Files\MediaInfo
2008-04-25 13:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-11 21:20 461 ----a-w C:\Program Files\INSTALL.LOG
2006-01-13 02:59 284 ----a-w C:\Documents and Settings\DUPUY DAMIEN\Application Data\ViewerApp.dat
.
------- Sigcheck -------
2004-08-05 14:00 17408 0a12207f6a3545613afd49608ee15385 C:\WINDOWS\system32\svchost.exe
2007-06-13 15:22 1039872 e5e7e9f827713eb8adce2dcebcea1d2d C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\backup\sp2gdr\explorer.exe
2004-08-05 14:00 110592 20f24560eea43f37f093d71b90f808ef C:\WINDOWS\system32\services.exe
2004-08-05 14:00 14848 dde849c030dceed24eebb5c7b6d665a1 C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 09:56 6746112]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 07:56 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 17:41 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PzsbBCLzZ"= {54A58EF1-FE0F-245B-3523-23B273E8CA4A} - C:\WINDOWS\system32\kbb.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\hgGXPGyA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-11-07 10:21 114688 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-29 07:33 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-06-29 07:33 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-06-29 07:33 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2004-08-19 12:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2534b9-0e07-11dd-aec0-0013cead7456}]
\Shell\AutoRun\command - H:\lpufwi6.com
\Shell\explore\Command - H:\lpufwi6.com
\Shell\open\Command - H:\lpufwi6.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 21:48:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MSVCP71.dll
.
Temps d'accomplissement: 2008-05-26 21:59:38
ComboFix-quarantined-files.txt 2008-05-26 19:58:38
Pre-Run: 19,935,301,632 octets libres
Post-Run: 19,340,636,160 octets libres
219 --- E O F --- 2008-04-13 09:11:34
Je me débrouille un peu mieux que mon ami en informatique, et je recherche le moyen de remttre son PC en état de fonctionnement.
Merci de votre aide.
J'ai un ami qui n'est pas informaticien du tout et qui possède un PC vérolé par des cafards qui dévorent son écran. J'ai effectué deux scan avec combofix et hijackthis.
Je souhaiterais savoir, a partir de ces rapports comment eliminer efficacement son infection.
RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:25, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmona.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\componentlauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
G:\Nouveau dossier\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\eexuiops.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O21 - SSODL: PzsbBCLzZ - {54A58EF1-FE0F-245B-3523-23B273E8CA4A} - C:\WINDOWS\system32\kbb.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 9572 bytes
RAPPORT COMBOFIX:
ComboFix 08-05-25.3 - DUPUY DAMIEN 2008-05-26 21:37:47.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\DUPUY DAMIEN\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\DUPUY DAMIEN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw_nav.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\einfwtbw_navps.dat
C:\Documents and Settings\DUPUY DAMIEN\Local Settings\Application Data\euadtpovuz_navps.dat
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\AyGPXGgh.ini
C:\WINDOWS\system32\AyGPXGgh.ini2
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\eetexisv.dll
C:\WINDOWS\system32\eexuiops.dll
C:\WINDOWS\system32\hgGXPGyA.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnljGY.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\spoiuxee.ini
C:\WINDOWS\system32\vsixetee.ini
C:\WINDOWS\system32\ynjnfscv.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.
2008-05-26 21:18 . 2008-05-26 21:18 20,770 --a------ C:\WINDOWS\system32\morcyeho.dll
2008-05-26 14:28 . 2008-05-26 21:13 834 ---hs---- C:\WINDOWS\system32\frcpfbrs.ini
2008-05-25 22:23 . 2008-05-26 14:23 714 ---hs---- C:\WINDOWS\system32\duecmyew.ini
2008-05-25 21:23 . 2008-05-25 21:24 594 ---hs---- C:\WINDOWS\system32\oqoiqshh.ini
2008-05-25 21:20 . 2008-05-25 21:21 534 ---hs---- C:\WINDOWS\system32\kbokmoho.ini
2008-05-25 21:19 . 2008-05-25 21:19 474 ---hs---- C:\WINDOWS\system32\atpqaqgs.ini
2008-05-25 20:15 . 2008-05-25 20:15 414 ---hs---- C:\WINDOWS\system32\ltsgdgae.ini
2008-05-25 20:12 . 2008-05-25 20:12 354 ---hs---- C:\WINDOWS\system32\snjbqlbj.ini
2008-05-25 20:12 . 2008-05-25 20:12 294 ---hs---- C:\WINDOWS\system32\ihvqqxll.ini
2008-05-09 20:29 . 2008-05-09 20:29 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 20:29 . 2008-05-09 20:29 232 --ah----- C:\sqmdata19.sqm
2008-05-09 20:21 . 2008-05-09 20:21 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-09 20:20 . 2008-05-26 21:13 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-09 20:20 . 2008-05-26 21:13 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-04 12:30 . 2008-05-04 12:30 244 --ah----- C:\sqmnoopt18.sqm
2008-05-04 12:30 . 2008-05-04 12:30 232 --ah----- C:\sqmdata18.sqm
2008-04-30 12:12 . 2008-04-30 12:12 244 --ah----- C:\sqmnoopt17.sqm
2008-04-30 12:12 . 2008-04-30 12:12 232 --ah----- C:\sqmdata17.sqm
2008-04-30 12:09 . 2008-04-30 12:09 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\Nokia Multimedia Player
2008-04-28 21:16 . 2008-04-28 21:16 244 --ah----- C:\sqmnoopt16.sqm
2008-04-28 21:16 . 2008-04-28 21:16 232 --ah----- C:\sqmdata16.sqm
2008-04-28 21:15 . 2008-04-28 21:15 244 --ah----- C:\sqmnoopt15.sqm
2008-04-28 21:15 . 2008-04-28 21:15 232 --ah----- C:\sqmdata15.sqm
2008-04-28 21:04 . 2008-04-28 21:04 244 --ah----- C:\sqmnoopt14.sqm
2008-04-28 21:04 . 2008-04-28 21:04 232 --ah----- C:\sqmdata14.sqm
2008-04-28 21:03 . 2008-04-28 21:03 244 --ah----- C:\sqmnoopt13.sqm
2008-04-28 21:03 . 2008-04-28 21:03 232 --ah----- C:\sqmdata13.sqm
2008-04-28 21:02 . 2008-04-28 21:02 244 --ah----- C:\sqmnoopt12.sqm
2008-04-28 21:02 . 2008-04-28 21:02 232 --ah----- C:\sqmdata12.sqm
2008-04-28 20:48 . 2008-04-28 20:48 244 --ah----- C:\sqmnoopt11.sqm
2008-04-28 20:48 . 2008-04-28 20:48 232 --ah----- C:\sqmdata11.sqm
2008-04-28 20:22 . 2008-04-28 20:22 244 --ah----- C:\sqmnoopt10.sqm
2008-04-28 20:22 . 2008-04-28 20:22 244 --ah----- C:\sqmnoopt09.sqm
2008-04-28 20:22 . 2008-04-28 20:22 232 --ah----- C:\sqmdata10.sqm
2008-04-28 20:22 . 2008-04-28 20:22 232 --ah----- C:\sqmdata09.sqm
2008-04-26 13:26 . 2008-04-30 11:58 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Phone Browser
2008-04-26 13:23 . 2008-04-26 13:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-26 13:20 . 2008-04-30 12:09 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\Nokia
2008-04-26 13:18 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-26 13:18 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-26 13:16 . 2008-04-26 13:16 <REP> d-------- C:\Program Files\DIFX
2008-04-26 13:16 . 2008-04-26 13:26 <REP> d-------- C:\Documents and Settings\DUPUY DAMIEN\Application Data\PC Suite
2008-04-26 13:15 . 2008-04-26 13:16 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-26 13:15 . 2008-04-26 13:18 <REP> d-------- C:\Program Files\Nokia
2008-04-26 13:15 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-26 13:15 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-26 13:15 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-26 13:15 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-26 13:15 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-26 13:15 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-26 13:12 . 2008-04-26 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 20:24 --------- d-----w C:\Program Files\PokerStars
2008-05-25 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 18:45 --------- d-----w C:\Documents and Settings\DUPUY DAMIEN\Application Data\Teleca
2008-05-25 18:43 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-05-25 14:43 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-05-25 14:32 --------- d-----w C:\Program Files\Google
2008-05-25 14:22 --------- d-----w C:\Program Files\Yahoo!
2008-05-25 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 13:32 --------- d-----w C:\Program Files\Alwil Software
2008-04-25 13:05 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-25 13:02 --------- d-----w C:\Program Files\MediaInfo
2008-04-25 13:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-11 21:20 461 ----a-w C:\Program Files\INSTALL.LOG
2006-01-13 02:59 284 ----a-w C:\Documents and Settings\DUPUY DAMIEN\Application Data\ViewerApp.dat
.
------- Sigcheck -------
2004-08-05 14:00 17408 0a12207f6a3545613afd49608ee15385 C:\WINDOWS\system32\svchost.exe
2007-06-13 15:22 1039872 e5e7e9f827713eb8adce2dcebcea1d2d C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\backup\sp2gdr\explorer.exe
2004-08-05 14:00 110592 20f24560eea43f37f093d71b90f808ef C:\WINDOWS\system32\services.exe
2004-08-05 14:00 14848 dde849c030dceed24eebb5c7b6d665a1 C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 09:56 6746112]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 07:56 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 17:41 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PzsbBCLzZ"= {54A58EF1-FE0F-245B-3523-23B273E8CA4A} - C:\WINDOWS\system32\kbb.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\hgGXPGyA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-11-07 10:21 114688 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-29 07:33 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-06-29 07:33 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-06-29 07:33 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-06-29 06:25 14720000 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2004-08-19 12:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2534b9-0e07-11dd-aec0-0013cead7456}]
\Shell\AutoRun\command - H:\lpufwi6.com
\Shell\explore\Command - H:\lpufwi6.com
\Shell\open\Command - H:\lpufwi6.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 21:48:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MSVCP71.dll
.
Temps d'accomplissement: 2008-05-26 21:59:38
ComboFix-quarantined-files.txt 2008-05-26 19:58:38
Pre-Run: 19,935,301,632 octets libres
Post-Run: 19,340,636,160 octets libres
219 --- E O F --- 2008-04-13 09:11:34
Je me débrouille un peu mieux que mon ami en informatique, et je recherche le moyen de remttre son PC en état de fonctionnement.
Merci de votre aide.
1 réponse
Bonjour,
Vundo,
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
Vundo,
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
