Trojans récalcitrants
Résolu
Scipion02
Messages postés
63
Statut
Membre
-
Scipion02 Messages postés 63 Statut Membre -
Scipion02 Messages postés 63 Statut Membre -
Bonjour,
Depuis quelque temps, je suis infecté par un(des ?) trojan(s).
Je reçois régulièrement des fausses alertes du pare feu Windows, m’incitant à aller sur un site web, permettant de télécharger des AdvWare à mon insu. De plus le gestionnaire de tâche à était bloqué.
Apres recherche sur Internet, et scan de avast et de Spybot - Search & Destroy. J’ai réussi à réactiver le gestionnaire de tache, mais je reçois toujours ces fausses alertes du pare-feu.
Que dois-je faire ?
Merci d’avance !
Ps : voici les noms des trojans que le faux pare-feu m’envois :
trojan-spy.win32.keylogger.aa
trojan-spy.html.bankfraud.dq
trojan-downloader.win32.agent.bq
trojan-spy.win32.greenscreen
trojan-clicker.win32.tiny.h
Depuis quelque temps, je suis infecté par un(des ?) trojan(s).
Je reçois régulièrement des fausses alertes du pare feu Windows, m’incitant à aller sur un site web, permettant de télécharger des AdvWare à mon insu. De plus le gestionnaire de tâche à était bloqué.
Apres recherche sur Internet, et scan de avast et de Spybot - Search & Destroy. J’ai réussi à réactiver le gestionnaire de tache, mais je reçois toujours ces fausses alertes du pare-feu.
Que dois-je faire ?
Merci d’avance !
Ps : voici les noms des trojans que le faux pare-feu m’envois :
trojan-spy.win32.keylogger.aa
trojan-spy.html.bankfraud.dq
trojan-downloader.win32.agent.bq
trojan-spy.win32.greenscreen
trojan-clicker.win32.tiny.h
32 réponses
Les Symptômes du trojan, ont visiblement disparus, verdict ? Reste encore des risques ?
ComboFix 08-08-19.06 - Anglais 2008-08-21 22:41:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.291 [GMT 2:00]
Endroit: E:\Documents and Settings\Anglais\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\Anglais\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Program Files\Symantec
E:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
E:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
E:\Program Files\Symantec\LiveUpdate\LISEZMOI.TXT
E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LSETUPRES.DLL
E:\Program Files\Symantec\LiveUpdate\LUALL.EXE
E:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
E:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
E:\Program Files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\LuComServerRes.dll
E:\Program Files\Symantec\LiveUpdate\ludirloc.dat
E:\Program Files\Symantec\LiveUpdate\LUINFO.INF
E:\Program Files\Symantec\LiveUpdate\LUInit.exe
E:\Program Files\Symantec\LiveUpdate\LUInit.ini
E:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
E:\Program Files\Symantec\LiveUpdate\LUINSDLLRES.DLL
E:\Program Files\Symantec\LiveUpdate\luinventoryinst.jar
E:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
E:\Program Files\Symantec\LiveUpdate\LuResult.txt
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegration.dll
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
E:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\MFC71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
E:\Program Files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\providerInst.jar
E:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
E:\Program Files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
E:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
E:\Program Files\Symantec\LiveUpdate\winluproviderinst.jar
E:\Program Files\Symantec\S32EVNT1.DLL
E:\Program Files\Symantec\SYMEVENT.CAT
E:\Program Files\Symantec\SYMEVENT.INF
E:\Program Files\Symantec\SYMEVENT.SYS
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.
2008-08-21 16:40 . 2008-08-21 16:40 <REP> d-------- E:\WINDOWS\ERUNT
2008-08-21 16:35 . 2008-08-21 16:35 <REP> d-------- E:\antivirustest
2008-08-20 18:38 . 2008-08-20 18:38 <REP> d-------- E:\_OTMoveIt
2008-08-20 12:44 . 2008-08-20 13:06 <REP> d-------- E:\Lop SD
2008-08-20 09:34 . 2008-08-20 09:34 <REP> d-------- E:\Program Files\Trend Micro
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\Anglais\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-17 15:01 38,472 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 18:32 . 2008-08-17 15:01 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 10:51 . 2008-08-19 10:57 17,454 --a------ E:\WINDOWS\wininit.ini
2008-08-18 19:23 . 2008-08-18 19:24 <REP> d-------- E:\Program Files\Spybot - Search & Destroy
2008-08-18 19:23 . 2008-08-18 22:10 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 23:40 . 2008-08-17 23:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-08-17 23:40 . 2008-08-17 23:40 1,409 --a------ E:\WINDOWS\QTFont.for
2008-08-11 01:42 . 2008-08-11 01:53 <REP> d-------- E:\WINDOWS\system32\NtmsData
2008-08-10 18:54 . 2008-08-10 18:54 <REP> d-------- E:\Program Files\lracan
2008-08-10 18:40 . 2008-08-18 12:53 <REP> d-------- E:\Documents and Settings\All Users\Application Data\GenInfoCom
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 08:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-10 19:59 --------- d-----w E:\Program Files\Wanadoo
2008-08-10 19:05 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 08:33 --------- d-----w E:\Documents and Settings\Anglais\Application Data\gtk-2.0
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
2006-08-05 09:04 21,924,135 -c--a-w E:\Documents and Settings\Alain\securitoo_controle_parental_orange_r8.exe
1998-08-24 11:09 10,000 -c--a-w E:\WINDOWS\inf\unregpn.exe
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 E:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 E:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_19.57.23.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-21 14:45:23 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:45:23 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-21 14:40:53 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:40:53 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-21 20:45:33 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"webset"="E:\WINDOWS\system32\dglirqzs.exe" [BU]
"comappmon"="E:\WINDOWS\system32\orsrcvsd.exe" [BU]
"ForkEach"="E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe" [BU]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 13:47 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"HlpStrCom"= {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll [2008-08-10 18:54 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NwSapAgent;Agent SAP;E:\WINDOWS\system32\svchost.exe [2004-08-19 18:10]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;E:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 DSCVc;Video Capture;E:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 18:31]
S3 ZDCndis5;ZDCndis5 Protocol Driver;E:\WINDOWS\system32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-29 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6488DF32-3582-2E07-8DD6-842DF26C4684} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 22:46:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: E:\WINDOWS\explorer.exe
-> E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 22:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 20:51:01
ComboFix2.txt 2008-08-20 17:58:03
Pre-Run: 4,707,233,792 octets libres
Post-Run: 4,902,338,560 octets libres
194 --- E O F --- 2008-07-28 19:59:29
ComboFix 08-08-19.06 - Anglais 2008-08-21 22:41:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.291 [GMT 2:00]
Endroit: E:\Documents and Settings\Anglais\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\Anglais\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Program Files\Symantec
E:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
E:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
E:\Program Files\Symantec\LiveUpdate\LISEZMOI.TXT
E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LSETUPRES.DLL
E:\Program Files\Symantec\LiveUpdate\LUALL.EXE
E:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
E:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
E:\Program Files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\LuComServerRes.dll
E:\Program Files\Symantec\LiveUpdate\ludirloc.dat
E:\Program Files\Symantec\LiveUpdate\LUINFO.INF
E:\Program Files\Symantec\LiveUpdate\LUInit.exe
E:\Program Files\Symantec\LiveUpdate\LUInit.ini
E:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
E:\Program Files\Symantec\LiveUpdate\LUINSDLLRES.DLL
E:\Program Files\Symantec\LiveUpdate\luinventoryinst.jar
E:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
E:\Program Files\Symantec\LiveUpdate\LuResult.txt
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegration.dll
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
E:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\MFC71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
E:\Program Files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\providerInst.jar
E:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
E:\Program Files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
E:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
E:\Program Files\Symantec\LiveUpdate\winluproviderinst.jar
E:\Program Files\Symantec\S32EVNT1.DLL
E:\Program Files\Symantec\SYMEVENT.CAT
E:\Program Files\Symantec\SYMEVENT.INF
E:\Program Files\Symantec\SYMEVENT.SYS
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.
2008-08-21 16:40 . 2008-08-21 16:40 <REP> d-------- E:\WINDOWS\ERUNT
2008-08-21 16:35 . 2008-08-21 16:35 <REP> d-------- E:\antivirustest
2008-08-20 18:38 . 2008-08-20 18:38 <REP> d-------- E:\_OTMoveIt
2008-08-20 12:44 . 2008-08-20 13:06 <REP> d-------- E:\Lop SD
2008-08-20 09:34 . 2008-08-20 09:34 <REP> d-------- E:\Program Files\Trend Micro
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\Anglais\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-17 15:01 38,472 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 18:32 . 2008-08-17 15:01 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 10:51 . 2008-08-19 10:57 17,454 --a------ E:\WINDOWS\wininit.ini
2008-08-18 19:23 . 2008-08-18 19:24 <REP> d-------- E:\Program Files\Spybot - Search & Destroy
2008-08-18 19:23 . 2008-08-18 22:10 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 23:40 . 2008-08-17 23:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-08-17 23:40 . 2008-08-17 23:40 1,409 --a------ E:\WINDOWS\QTFont.for
2008-08-11 01:42 . 2008-08-11 01:53 <REP> d-------- E:\WINDOWS\system32\NtmsData
2008-08-10 18:54 . 2008-08-10 18:54 <REP> d-------- E:\Program Files\lracan
2008-08-10 18:40 . 2008-08-18 12:53 <REP> d-------- E:\Documents and Settings\All Users\Application Data\GenInfoCom
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 08:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-10 19:59 --------- d-----w E:\Program Files\Wanadoo
2008-08-10 19:05 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 08:33 --------- d-----w E:\Documents and Settings\Anglais\Application Data\gtk-2.0
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
2006-08-05 09:04 21,924,135 -c--a-w E:\Documents and Settings\Alain\securitoo_controle_parental_orange_r8.exe
1998-08-24 11:09 10,000 -c--a-w E:\WINDOWS\inf\unregpn.exe
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 E:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 E:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_19.57.23.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-21 14:45:23 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:45:23 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-21 14:40:53 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:40:53 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-21 20:45:33 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"webset"="E:\WINDOWS\system32\dglirqzs.exe" [BU]
"comappmon"="E:\WINDOWS\system32\orsrcvsd.exe" [BU]
"ForkEach"="E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe" [BU]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 13:47 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"HlpStrCom"= {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll [2008-08-10 18:54 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NwSapAgent;Agent SAP;E:\WINDOWS\system32\svchost.exe [2004-08-19 18:10]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;E:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 DSCVc;Video Capture;E:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 18:31]
S3 ZDCndis5;ZDCndis5 Protocol Driver;E:\WINDOWS\system32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-29 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6488DF32-3582-2E07-8DD6-842DF26C4684} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 22:46:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: E:\WINDOWS\explorer.exe
-> E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 22:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 20:51:01
ComboFix2.txt 2008-08-20 17:58:03
Pre-Run: 4,707,233,792 octets libres
Post-Run: 4,902,338,560 octets libres
194 --- E O F --- 2008-07-28 19:59:29
Les symptôme du trojan on disparus (à savoir les fausses alerte du pare-feu), il reste encore des risques ?
ComboFix 08-08-19.06 - Anglais 2008-08-21 22:41:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.291 [GMT 2:00]
Endroit: E:\Documents and Settings\Anglais\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\Anglais\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Program Files\Symantec
E:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
E:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
E:\Program Files\Symantec\LiveUpdate\LISEZMOI.TXT
E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LSETUPRES.DLL
E:\Program Files\Symantec\LiveUpdate\LUALL.EXE
E:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
E:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
E:\Program Files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\LuComServerRes.dll
E:\Program Files\Symantec\LiveUpdate\ludirloc.dat
E:\Program Files\Symantec\LiveUpdate\LUINFO.INF
E:\Program Files\Symantec\LiveUpdate\LUInit.exe
E:\Program Files\Symantec\LiveUpdate\LUInit.ini
E:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
E:\Program Files\Symantec\LiveUpdate\LUINSDLLRES.DLL
E:\Program Files\Symantec\LiveUpdate\luinventoryinst.jar
E:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
E:\Program Files\Symantec\LiveUpdate\LuResult.txt
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegration.dll
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
E:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\MFC71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
E:\Program Files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\providerInst.jar
E:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
E:\Program Files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
E:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
E:\Program Files\Symantec\LiveUpdate\winluproviderinst.jar
E:\Program Files\Symantec\S32EVNT1.DLL
E:\Program Files\Symantec\SYMEVENT.CAT
E:\Program Files\Symantec\SYMEVENT.INF
E:\Program Files\Symantec\SYMEVENT.SYS
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.
2008-08-21 16:40 . 2008-08-21 16:40 <REP> d-------- E:\WINDOWS\ERUNT
2008-08-21 16:35 . 2008-08-21 16:35 <REP> d-------- E:\antivirustest
2008-08-20 18:38 . 2008-08-20 18:38 <REP> d-------- E:\_OTMoveIt
2008-08-20 12:44 . 2008-08-20 13:06 <REP> d-------- E:\Lop SD
2008-08-20 09:34 . 2008-08-20 09:34 <REP> d-------- E:\Program Files\Trend Micro
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\Anglais\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-17 15:01 38,472 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 18:32 . 2008-08-17 15:01 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 10:51 . 2008-08-19 10:57 17,454 --a------ E:\WINDOWS\wininit.ini
2008-08-18 19:23 . 2008-08-18 19:24 <REP> d-------- E:\Program Files\Spybot - Search & Destroy
2008-08-18 19:23 . 2008-08-18 22:10 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 23:40 . 2008-08-17 23:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-08-17 23:40 . 2008-08-17 23:40 1,409 --a------ E:\WINDOWS\QTFont.for
2008-08-11 01:42 . 2008-08-11 01:53 <REP> d-------- E:\WINDOWS\system32\NtmsData
2008-08-10 18:54 . 2008-08-10 18:54 <REP> d-------- E:\Program Files\lracan
2008-08-10 18:40 . 2008-08-18 12:53 <REP> d-------- E:\Documents and Settings\All Users\Application Data\GenInfoCom
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 08:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-10 19:59 --------- d-----w E:\Program Files\Wanadoo
2008-08-10 19:05 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 08:33 --------- d-----w E:\Documents and Settings\Anglais\Application Data\gtk-2.0
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
2006-08-05 09:04 21,924,135 -c--a-w E:\Documents and Settings\Alain\securitoo_controle_parental_orange_r8.exe
1998-08-24 11:09 10,000 -c--a-w E:\WINDOWS\inf\unregpn.exe
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 E:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 E:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_19.57.23.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-21 14:45:23 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:45:23 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-21 14:40:53 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:40:53 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-21 20:45:33 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"webset"="E:\WINDOWS\system32\dglirqzs.exe" [BU]
"comappmon"="E:\WINDOWS\system32\orsrcvsd.exe" [BU]
"ForkEach"="E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe" [BU]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 13:47 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"HlpStrCom"= {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll [2008-08-10 18:54 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NwSapAgent;Agent SAP;E:\WINDOWS\system32\svchost.exe [2004-08-19 18:10]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;E:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 DSCVc;Video Capture;E:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 18:31]
S3 ZDCndis5;ZDCndis5 Protocol Driver;E:\WINDOWS\system32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-29 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6488DF32-3582-2E07-8DD6-842DF26C4684} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 22:46:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: E:\WINDOWS\explorer.exe
-> E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 22:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 20:51:01
ComboFix2.txt 2008-08-20 17:58:03
Pre-Run: 4,707,233,792 octets libres
Post-Run: 4,902,338,560 octets libres
194 --- E O F --- 2008-07-28 19:59:29
ComboFix 08-08-19.06 - Anglais 2008-08-21 22:41:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.291 [GMT 2:00]
Endroit: E:\Documents and Settings\Anglais\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\Anglais\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Program Files\Symantec
E:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
E:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
E:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
E:\Program Files\Symantec\LiveUpdate\LISEZMOI.TXT
E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LSETUPRES.DLL
E:\Program Files\Symantec\LiveUpdate\LUALL.EXE
E:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
E:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
E:\Program Files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\LuComServerRes.dll
E:\Program Files\Symantec\LiveUpdate\ludirloc.dat
E:\Program Files\Symantec\LiveUpdate\LUINFO.INF
E:\Program Files\Symantec\LiveUpdate\LUInit.exe
E:\Program Files\Symantec\LiveUpdate\LUInit.ini
E:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
E:\Program Files\Symantec\LiveUpdate\LUINSDLLRES.DLL
E:\Program Files\Symantec\LiveUpdate\luinventoryinst.jar
E:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
E:\Program Files\Symantec\LiveUpdate\LuResult.txt
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegration.dll
E:\Program Files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
E:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
E:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
E:\Program Files\Symantec\LiveUpdate\MFC71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
E:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
E:\Program Files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
E:\Program Files\Symantec\LiveUpdate\providerInst.jar
E:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
E:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
E:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
E:\Program Files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
E:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
E:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
E:\Program Files\Symantec\LiveUpdate\winluproviderinst.jar
E:\Program Files\Symantec\S32EVNT1.DLL
E:\Program Files\Symantec\SYMEVENT.CAT
E:\Program Files\Symantec\SYMEVENT.INF
E:\Program Files\Symantec\SYMEVENT.SYS
E:\WINDOWS\system32\honmhalm.exe
E:\WINDOWS\system32\jmvipaze.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.
2008-08-21 16:40 . 2008-08-21 16:40 <REP> d-------- E:\WINDOWS\ERUNT
2008-08-21 16:35 . 2008-08-21 16:35 <REP> d-------- E:\antivirustest
2008-08-20 18:38 . 2008-08-20 18:38 <REP> d-------- E:\_OTMoveIt
2008-08-20 12:44 . 2008-08-20 13:06 <REP> d-------- E:\Lop SD
2008-08-20 09:34 . 2008-08-20 09:34 <REP> d-------- E:\Program Files\Trend Micro
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\Anglais\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-19 18:32 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 18:32 . 2008-08-17 15:01 38,472 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 18:32 . 2008-08-17 15:01 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 10:51 . 2008-08-19 10:57 17,454 --a------ E:\WINDOWS\wininit.ini
2008-08-18 19:23 . 2008-08-18 19:24 <REP> d-------- E:\Program Files\Spybot - Search & Destroy
2008-08-18 19:23 . 2008-08-18 22:10 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 23:40 . 2008-08-17 23:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-08-17 23:40 . 2008-08-17 23:40 1,409 --a------ E:\WINDOWS\QTFont.for
2008-08-11 01:42 . 2008-08-11 01:53 <REP> d-------- E:\WINDOWS\system32\NtmsData
2008-08-10 18:54 . 2008-08-10 18:54 <REP> d-------- E:\Program Files\lracan
2008-08-10 18:40 . 2008-08-18 12:53 <REP> d-------- E:\Documents and Settings\All Users\Application Data\GenInfoCom
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 08:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-10 19:59 --------- d-----w E:\Program Files\Wanadoo
2008-08-10 19:05 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 08:33 --------- d-----w E:\Documents and Settings\Anglais\Application Data\gtk-2.0
2008-06-20 17:41 247,808 ----a-w E:\WINDOWS\system32\mswsock.dll
2006-08-05 09:04 21,924,135 -c--a-w E:\Documents and Settings\Alain\securitoo_controle_parental_orange_r8.exe
1998-08-24 11:09 10,000 -c--a-w E:\WINDOWS\inf\unregpn.exe
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 E:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 E:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 E:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 E:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_19.57.23.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-21 14:45:23 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:45:23 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-21 14:40:53 11,419,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-21 14:40:53 155,648 ----a-w E:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-21 20:45:33 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"webset"="E:\WINDOWS\system32\dglirqzs.exe" [BU]
"comappmon"="E:\WINDOWS\system32\orsrcvsd.exe" [BU]
"ForkEach"="E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe" [BU]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 13:47 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"HlpStrCom"= {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll [2008-08-10 18:54 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NwSapAgent;Agent SAP;E:\WINDOWS\system32\svchost.exe [2004-08-19 18:10]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;E:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 DSCVc;Video Capture;E:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 18:31]
S3 ZDCndis5;ZDCndis5 Protocol Driver;E:\WINDOWS\system32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-29 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6488DF32-3582-2E07-8DD6-842DF26C4684} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 22:46:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: E:\WINDOWS\explorer.exe
-> E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 22:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 20:51:01
ComboFix2.txt 2008-08-20 17:58:03
Pre-Run: 4,707,233,792 octets libres
Post-Run: 4,902,338,560 octets libres
194 --- E O F --- 2008-07-28 19:59:29
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Poste un nouveau rapport HijackThis
https://www.ccleaner.com/ccleaner/download
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Poste un nouveau rapport HijackThis
Tadam :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:04, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [webset] E:\WINDOWS\system32\dglirqzs.exe
O4 - HKCU\..\Run: [comappmon] E:\WINDOWS\system32\orsrcvsd.exe
O4 - HKCU\..\Run: [ForkEach] E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O21 - SSODL: HlpStrCom - {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:04, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [webset] E:\WINDOWS\system32\dglirqzs.exe
O4 - HKCU\..\Run: [comappmon] E:\WINDOWS\system32\orsrcvsd.exe
O4 - HKCU\..\Run: [ForkEach] E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O21 - SSODL: HlpStrCom - {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKCU\..\Run: [webset] E:\WINDOWS\system32\dglirqzs.exe
O4 - HKCU\..\Run: [comappmon] E:\WINDOWS\system32\orsrcvsd.exe
O4 - HKCU\..\Run: [ForkEach] E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O21 - SSODL: HlpStrCom - {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
---> Poste un nouveau rapport HijackThis
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKCU\..\Run: [webset] E:\WINDOWS\system32\dglirqzs.exe
O4 - HKCU\..\Run: [comappmon] E:\WINDOWS\system32\orsrcvsd.exe
O4 - HKCU\..\Run: [ForkEach] E:\DOCUME~1\Anglais\APPLIC~1\Greycake\Eq tray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O21 - SSODL: HlpStrCom - {3C613E47-AFA7-E725-1FAB-08C886C75476} - E:\Program Files\lracan\HlpStrCom.dll
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
---> Poste un nouveau rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:13, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\calc.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Scan saved at 17:14:13, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\calc.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.
---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot
Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.
Puis recommence ce que je t'ai demandé de faire.
Pour HijackThis, si des lignes n'apparaissent plus, tu ne les coches pas tout simplement.
---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot
Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.
Puis recommence ce que je t'ai demandé de faire.
Pour HijackThis, si des lignes n'apparaissent plus, tu ne les coches pas tout simplement.
Désolé pour le temps :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:39, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:39, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Eurf oublié.
Alors je viens de mettre à jour Java, et par contre je ne me sers (quasiment) jamais de Ie.
Alors je viens de mettre à jour Java, et par contre je ne me sers (quasiment) jamais de Ie.
Bien , je reposte donc j'imagine, le rapport modifié :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:18, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] E:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:18, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\livecall.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] E:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F362E72C-E709-4354-A6C9-613672B1BC9F}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
