Sujet Précédent Sujet Suivant

Trojan

Fermé
proha - 4 sept. 2008 à 22:11
 proha - 4 sept. 2008 à 22:48
Bonjour,voici le report je veux de l aide svp pour
C\autorun.infWin32/PSW.OnLineGames.NNU trojan et D\autorun.inf Win32/PSW.OnLineGames.NNU trojan


[b]SDFix: Version 1.221 [/b]
Run by HP_Sahibi on 04.09.2008 at 22:27

Microsoft Windows XP [Srm 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\HP_SAH~1\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\HP_SAH~1\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\WINDOWS\svchost.ini - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 22:37:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:40,59,9a,33,76,fe,3b,27,f1,76,5b,70,cd,55,22,78,ed,f3,c7,fa,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f9,89,b5,c6,56,6a,4e,fe,19,02,3a,f2,87,0c,44,8e,cf,..
"khjeh"=hex:c3,ce,53,ec,bd,f5,09,89,eb,df,a5,20,57,2f,2b,94,4f,e8,08,3f,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,89,1a,31,4b,0d,43,bc,88,d8,26,b8,f2,27,b9,ff,eb,71,83,26,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:76199a43
"s2"=dword:bbe52fd4
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:40,59,9a,33,76,fe,3b,27,f1,76,5b,70,cd,55,22,78,ed,f3,c7,fa,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f9,89,b5,c6,56,6a,4e,fe,19,02,3a,f2,87,0c,44,8e,cf,..
"khjeh"=hex:c3,ce,53,ec,bd,f5,09,89,eb,df,a5,20,57,2f,2b,94,4f,e8,08,3f,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,89,1a,31,4b,0d,43,bc,88,d8,26,b8,f2,27,b9,ff,eb,71,83,26,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:40,59,9a,33,76,fe,3b,27,f1,76,5b,70,cd,55,22,78,ed,f3,c7,fa,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f9,89,b5,c6,56,6a,4e,fe,19,02,3a,f2,87,0c,44,8e,cf,..
"khjeh"=hex:c3,ce,53,ec,bd,f5,09,89,eb,df,a5,20,57,2f,2b,94,4f,e8,08,3f,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ae,89,1a,31,4b,0d,43,bc,88,d8,26,b8,f2,27,b9,ff,eb,71,83,26,4e,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MotoGP2\\motogp2.exe"="C:\\Program Files\\MotoGP2\\motogp2.exe:*:Enabled:motogp2"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\KWorld Multimedia\\DVBS\\DVBS.EXE"="C:\\Program Files\\KWorld Multimedia\\DVBS\\DVBS.EXE:*:Enabled:DVBS"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\ProgDVB\\ProgDVB.exe"="C:\\Program Files\\ProgDVB\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\Program Files\\ProgDVB PIP\\ProgDVB.exe"="C:\\Program Files\\ProgDVB PIP\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\Program Files\\Winlirc\\winlirc.exe"="C:\\Program Files\\Winlirc\\winlirc.exe:*:Enabled:winlirc"
"C:\\Program Files\\ProgDVB ek\\ProgDVB.exe"="C:\\Program Files\\ProgDVB ek\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\Program Files\\ProgDVBStd\\ProgDVB.exe"="C:\\Program Files\\ProgDVBStd\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\WINDOWS\\bittorrent.exe"="C:\\WINDOWS\\bittorrent.exe:*:Enabled:bittorrent"
"C:\\Program Files\\Program Files e Kopyalanacak\\ProgDVB PIP\\ProgDVB.exe"="C:\\Program Files\\Program Files e Kopyalanacak\\ProgDVB PIP\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\Program Files\\Program Files e Kopyalanacak\\ProgDVB\\ProgDVB.exe"="C:\\Program Files\\Program Files e Kopyalanacak\\ProgDVB\\ProgDVB.exe:*:Enabled:ProgDVB"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa_server.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa_server.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"="C:\\Program Files\\ProgDVB\\ProgDvbNet.exe:*:Enabled:ProgDvbNet"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Documents and Settings\\HP_Sahibi\\Desktop\\MASAšSTš\\OYUNLAR\\Pocket Tanks Deluxe 1.3\\pockettanks.exe"="C:\\Documents and Settings\\HP_Sahibi\\Desktop\\MASAšSTš\\OYUNLAR\\Pocket Tanks Deluxe 1.3\\pockettanks.exe:*:Enabled:Pocket Tanks"
"C:\\Program Files\\Pikatel KKP AirMax101\\TestProgrami.exe"="C:\\Program Files\\Pikatel KKP AirMax101\\TestProgrami.exe:*:Enabled:Test Programi"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 30 Sep 2006 211 A.SHR --- "C:\BOOT.BAK"
Wed 4 Oct 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 3 Sep 2008 90,163 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Thu 4 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Wed 3 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Tue 18 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 15 Sep 2007 1,272,712 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\183dd00d26903386078af794b855d4fa\BIT2C4.tmp"
Sat 15 Sep 2007 2,392,912 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\20e960814d2dddc2f2c98f6881013c19\BIT2C1.tmp"
Sat 15 Sep 2007 1,199,856 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2358b754b872301be3b59d13055da53c\BIT2C2.tmp"
Fri 15 Jun 2007 2,559,312 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\47ae52f6a925bd5c32e6849b1ebb2638\BIT2CE.tmp"
Sat 15 Sep 2007 4,721,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4d958289df727378a950b3d0a4d67dc0\BIT2C3.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\65ab46151db05a9949495339e2bd4cd1\BIT4B5.tmp"
Mon 1 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7619c9cc91e23f51832d389eb58946e1\BIT96.tmp"
Thu 24 Apr 2008 8,856,616 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\87ef61b404e0fcd78099ed319f57614d\BIT665.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93b93838d4f1ba61d7e585e9bcc4441d\BIT4B4.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9d79d29ac08f276a0f3b9f5cb58f6aa0\BIT4B3.tmp"
Tue 12 Jun 2007 617,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5eb50c3f530f9ad935c86119193a873\BIT2C0.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3b0a8cc51184b9d1e002772c1a68cc6\BIT4B6.tmp"
Sun 16 Sep 2007 798,544 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f4d26348bf3342b3fd1c6f1929d916f3\BIT2C9.tmp"
Tue 30 Nov 2004 253,952 A..HR --- "C:\Documents and Settings\HP_Sahibi\Belgelerim\CruzerLock2(bellek)\PocketCache Trial Version\BackupRestoreBus.dll"
Sun 10 Feb 2008 117,093 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0cb24dc1be2e4f81ccb3c95360a35db4\download\BIT6AB.tmp"
Sun 16 Sep 2007 1,248,571 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1b9f02e1139554e532d9294b7645637a\download\BIT2CB.tmp"
Fri 15 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d983905e49664becea2494d75082b5b\download\BIT233.tmp"
Wed 30 May 2007 87,198 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5529124e9029d6f52e69308b5a45ecc6\download\BIT2B9.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5da74264a5d195ec06c321b2512895d7\download\BIT45F.tmp"
Sat 30 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64034707117c0126e444b95e628869e0\download\BIT266.tmp"
Wed 30 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\89f4455bfd069c6f1a5b4a3cda1709f0\download\BIT2CD.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8ee01a95c45a0096143ebb9a1d728cdb\download\BIT793.tmp"
Wed 30 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98aee150de98580c06ae36dd5dfee054\download\BIT2D0.tmp"
Sun 16 Sep 2007 131,849 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c10a76f932759770c684aeac535e67ec\download\BIT2C8.tmp"
Tue 12 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea8d1c19c4d6e107931d93285b9c5d00\download\BIT235.tmp"
Thu 24 Apr 2008 271,000 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee225835007374d46e676bf4da90d4dd\download\BIT9C0.tmp"
Wed 30 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f6e2a2aa71069b6fc93e12dbbc3a9bd4\download\BIT2CC.tmp"
Fri 15 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\faf94a7a1241751f790a398532149cb1\download\BIT234.tmp"
Fri 13 Oct 2006 6,838 A..H. --- "C:\Documents and Settings\HP_Sahibi\Application Data\Microsoft\Office\Shortcut Bar\Off118.tmp"
Thu 14 Dec 2006 1,558 A..H. --- "C:\Documents and Settings\HP_Sahibi\Application Data\Microsoft\Office\Shortcut Bar\Sk117.tmp"
Sun 17 Dec 2006 473 A..HR --- "C:\Documents and Settings\HP_Sahibi\Belgelerim\CruzerLock2(bellek)\PocketCache Trial Version\BackupStorage\config.bak"

[b]Finished![/b]
A voir également:

1 réponse

Réponse 1 / 1
Utilisateur anonyme
4 sept. 2008 à 22:25
Bonjour

Un problème ça s'explique !
0
proha
4 sept. 2008 à 22:48
voici aussi le report HiJackThis de l aide svp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:08, on 04.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pikatel KKP AirMax101\TestProgrami.exe
C:\Documents and Settings\HP_Sahibi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\HP_SAH~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Test Programi] C:\Program Files\Pikatel KKP AirMax101\KolayKurulumProgrami.exe\KolayKurulumProgrami.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Kolay Kurum Programi] C:\Program Files\Pikatel KKP AirMax101\TestProgrami.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Sahibi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Winlirc.lnk = C:\Program Files\Winlirc\winlirc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\DVB-S 100 Utilities\DVBSRCtl.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses