Sujet Précédent Sujet Suivant

Hijackthis merci de maider

Fermé
jowel - 12 sept. 2008 à 01:06
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 13 sept. 2008 à 01:08
Bonjour, est-ce que quel qu'un peut analyser mon log Hijackthis, merci a lavance. :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:18, on 2008-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Gpl bin.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mix Info] C:\DOCUME~1\jowel\APPLIC~1\ITCHID~1\Hole jump.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

18 réponses

Réponse 1 / 18
jowel
12 sept. 2008 à 01:18
--------------------\\ Lop S&D 4.2.4-2 XP/Vista


"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 2008-09-11|20:14 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2008-08-14|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-08-14|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-09-10|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[2008-09-01|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
[2008-09-09|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
[2008-08-24|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[2008-09-02|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-10|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-08-04|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-09-02|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-08-14|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-08-19|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-11|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[2008-08-27|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Outspark
[2008-08-19|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-09-11|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-09-11|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[2008-08-19|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-09-11|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-08-27|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-08-23|20:40] C:\DOCUME~1\jowel\APPLIC~1\Ace
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Adobe
[2008-08-25|17:38] C:\DOCUME~1\jowel\APPLIC~1\Apple Computer
[2008-09-10|22:35] C:\DOCUME~1\jowel\APPLIC~1\AVGTOOLBAR
[2008-09-03|12:07] C:\DOCUME~1\jowel\APPLIC~1\DivX
[2008-08-30|19:04] C:\DOCUME~1\jowel\APPLIC~1\DNA
[2008-09-01|15:34] C:\DOCUME~1\jowel\APPLIC~1\eGames
[2008-08-24|16:24] C:\DOCUME~1\jowel\APPLIC~1\Go-Go Gourmet Chef of the Year
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Google
[2008-08-04|13:36] C:\DOCUME~1\jowel\APPLIC~1\Identities
[2008-09-10|21:33] C:\DOCUME~1\jowel\APPLIC~1\itch idol
[2008-09-11|16:57] C:\DOCUME~1\jowel\APPLIC~1\LimeWire
[2008-08-29|15:23] C:\DOCUME~1\jowel\APPLIC~1\Macromedia
[2008-09-10|21:26] C:\DOCUME~1\jowel\APPLIC~1\Microsoft
[2008-09-09|23:13] C:\DOCUME~1\jowel\APPLIC~1\OpenOffice.org2
[2008-09-04|11:21] C:\DOCUME~1\jowel\APPLIC~1\Pi Eye Games
[2008-09-06|19:16] C:\DOCUME~1\jowel\APPLIC~1\Roxio
[2008-08-24|14:04] C:\DOCUME~1\jowel\APPLIC~1\SulusGames
[2008-09-11|11:26] C:\DOCUME~1\jowel\APPLIC~1\uTorrent
[2008-09-11|01:42] C:\DOCUME~1\jowel\APPLIC~1\Winamp

[2008-09-10|21:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-09-10|21:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-08-28|17:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-09-11 20:00][--ah-----] C:\WINDOWS\tasks\A8E2AA73918120EB.job
[2008-09-08 10:00][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-09-11 19:29][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[2008-09-11 11:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-23 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A8E2AA73918120EB.job )=( c:\docume~1\jowel\applic~1\itchid~1\Blahplanjugs.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-08-25|01:17] C:\Program Files\After The End
[2008-08-25|21:50] C:\Program Files\Air Strike 2
[2008-08-27|01:34] C:\Program Files\Air Strike II Gulf Thunder
[2008-08-19|12:22] C:\Program Files\Aliant
[2008-08-24|18:46] C:\Program Files\Alien Outbreak 2 Invasion
[2008-09-11|11:40] C:\Program Files\Alwil Software
[2008-09-10|21:58] C:\Program Files\Apple Software Update
[2008-08-25|11:57] C:\Program Files\AstroAvenger
[2008-08-30|14:52] C:\Program Files\ATI Technologies
[2008-09-10|21:28] C:\Program Files\AVG
[2008-08-25|20:50] C:\Program Files\Battle Castles
[2008-08-14|09:53] C:\Program Files\Bonjour
[2008-09-10|21:59] C:\Program Files\Circle Developement
[2008-09-01|13:26] C:\Program Files\Common Files
[2008-08-04|13:26] C:\Program Files\ComPlus Applications
[2008-08-24|17:22] C:\Program Files\Crimsonland
[2008-08-25|21:43] C:\Program Files\Devastation Zone Troopers
[2008-09-10|22:01] C:\Program Files\DivX
[2008-09-10|22:01] C:\Program Files\DNA
[2008-08-30|18:17] C:\Program Files\Electronic Arts
[2008-09-01|20:39] C:\Program Files\Evil Invasion
[2008-09-02|20:33] C:\Program Files\Google
[2008-08-25|01:07] C:\Program Files\Gunner 2
[2008-08-27|01:46] C:\Program Files\Heavy Weapon
[2008-08-10|19:28] C:\Program Files\Hewlett-Packard
[2008-08-10|19:28] C:\Program Files\HP
[2008-08-30|14:52] C:\Program Files\InstallShield Installation Information
[2008-09-04|14:48] C:\Program Files\Internet Explorer
[2008-08-14|09:53] C:\Program Files\iPod
[2008-09-09|10:54] C:\Program Files\itch idol
[2008-09-10|22:04] C:\Program Files\iTunes
[2008-08-09|18:29] C:\Program Files\Java
[2008-09-02|13:37] C:\Program Files\Jets N Guns
[2008-09-02|12:16] C:\Program Files\Kungfu Master
[2008-08-27|13:03] C:\Program Files\Larva Mortus
[2008-09-11|14:47] C:\Program Files\LimeWire
[2008-08-04|22:49] C:\Program Files\Logitech
[2008-08-27|01:24] C:\Program Files\Master of Defense
[2008-09-10|22:05] C:\Program Files\Messenger
[2008-09-11|01:14] C:\Program Files\Messenger Plus! Live
[2008-08-27|01:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-08-04|13:30] C:\Program Files\microsoft frontpage
[2008-08-29|18:45] C:\Program Files\Mighty Rodent
[2008-08-19|12:23] C:\Program Files\Motive
[2008-09-10|22:06] C:\Program Files\Movie Maker
[2008-08-04|13:25] C:\Program Files\MSN
[2008-08-04|13:26] C:\Program Files\MSN Gaming Zone
[2008-09-11|01:14] C:\Program Files\MSN Messenger
[2008-08-27|01:51] C:\Program Files\MSXML 4.0
[2008-08-27|01:53] C:\Program Files\MSXML 6.0
[2008-09-10|22:06] C:\Program Files\NetMeeting
[2008-08-04|13:28] C:\Program Files\Online Services
[2008-08-04|15:59] C:\Program Files\OpenOffice.org 2.1
[2008-09-04|14:46] C:\Program Files\Outlook Express
[2008-08-27|19:54] C:\Program Files\Outspark
[2008-09-04|11:20] C:\Program Files\Project Xenoclone
[2008-09-10|22:14] C:\Program Files\QuickTime
[2008-09-08|00:20] C:\Program Files\Rage Of Magic 2
[2008-08-19|15:29] C:\Program Files\ReflexiveArcade
[2008-08-29|18:45] C:\Program Files\RIP
[2008-08-29|19:10] C:\Program Files\RIP 3 The Last Hero
[2008-09-01|20:39] C:\Program Files\RIP Strike Back
[2008-08-04|14:17] C:\Program Files\Roxio
[2008-08-19|16:41] C:\Program Files\Sallys Spa
[2008-09-10|22:16] C:\Program Files\Sigma_Team
[2008-09-11|10:49] C:\Program Files\Spybot - Search & Destroy
[2008-08-25|01:00] C:\Program Files\Star Defender 4
[2008-09-11|20:04] C:\Program Files\Trend Micro
[2008-08-04|13:36] C:\Program Files\Uninstall Information
[2008-09-11|11:23] C:\Program Files\uTorrent
[2008-09-11|01:44] C:\Program Files\Winamp
[2008-09-11|01:44] C:\Program Files\Winamp Remote
[2008-08-19|13:06] C:\Program Files\Windows Live
[2008-09-10|22:16] C:\Program Files\Windows Media Connect 2
[2008-09-10|22:16] C:\Program Files\Windows Media Player
[2008-09-10|22:16] C:\Program Files\Windows NT
[2008-08-04|13:28] C:\Program Files\WindowsUpdate
[2008-08-04|13:30] C:\Program Files\xerox
[2008-08-25|00:22] C:\Program Files\Zombie Shooter

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2008-08-14|09:52] C:\Program Files\Common Files\Apple
[2008-08-25|01:01] C:\Program Files\Common Files\DirectX
[2008-09-01|13:26] C:\Program Files\Common Files\Download Manager
[2008-08-10|19:27] C:\Program Files\Common Files\HP
[2008-08-04|22:49] C:\Program Files\Common Files\InstallShield
[2008-08-09|11:37] C:\Program Files\Common Files\Java
[2008-09-10|22:00] C:\Program Files\Common Files\LogiShrd
[2008-08-30|18:17] C:\Program Files\Common Files\Microsoft Shared
[2008-09-10|22:00] C:\Program Files\Common Files\Motive
[2008-08-04|13:27] C:\Program Files\Common Files\MSSoap
[2008-08-04|10:14] C:\Program Files\Common Files\ODBC
[2008-08-04|14:18] C:\Program Files\Common Files\Roxio Shared
[2008-08-04|13:27] C:\Program Files\Common Files\Services
[2008-08-04|10:14] C:\Program Files\Common Files\SpeechEngines
[2008-09-04|14:46] C:\Program Files\Common Files\System
[2008-08-19|13:07] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 50 Processes )

iexplore.exe ~ [PID:1916]
iexplore.exe ~ [PID:2116]
iexplore.exe ~ [PID:5256]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Gpl bin.exe
C:\DOCUME~1\jowel\APPLIC~1\itchid~1
C:\Program Files\itchid~1
C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_8f5a.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_eaae.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsaC.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsxE.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsz8.tmp
C:\Program Files\Circle Developement
C:\DOCUME~1\jowel\Cookies\jowel@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\A8E2AA73918120EB.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mix Info"="C:\\DOCUME~1\\jowel\\APPLIC~1\\ITCHID~1\\Hole jump.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Gpl bin.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:16:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:40][D:31]-> C:\DOCUME~1\jowel\LOCALS~1\Temp
[F:70][D:0]-> C:\DOCUME~1\jowel\Cookies
[F:16743][D:20]-> C:\DOCUME~1\jowel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-09-11|20:18 - Option : [1]

--------------------\\ Fin du rapport a 20:18:09



Merci :)
0
Réponse 2 / 18
jowel
12 sept. 2008 à 01:18
--------------------\\ Lop S&D 4.2.4-2 XP/Vista


"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 2008-09-11|20:14 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2008-08-14|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-08-14|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-09-10|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[2008-09-01|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
[2008-09-09|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
[2008-08-24|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[2008-09-02|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-10|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-08-04|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-09-02|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-08-14|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-08-19|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-11|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[2008-08-27|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Outspark
[2008-08-19|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-09-11|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-09-11|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[2008-08-19|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-09-11|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-08-27|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-08-23|20:40] C:\DOCUME~1\jowel\APPLIC~1\Ace
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Adobe
[2008-08-25|17:38] C:\DOCUME~1\jowel\APPLIC~1\Apple Computer
[2008-09-10|22:35] C:\DOCUME~1\jowel\APPLIC~1\AVGTOOLBAR
[2008-09-03|12:07] C:\DOCUME~1\jowel\APPLIC~1\DivX
[2008-08-30|19:04] C:\DOCUME~1\jowel\APPLIC~1\DNA
[2008-09-01|15:34] C:\DOCUME~1\jowel\APPLIC~1\eGames
[2008-08-24|16:24] C:\DOCUME~1\jowel\APPLIC~1\Go-Go Gourmet Chef of the Year
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Google
[2008-08-04|13:36] C:\DOCUME~1\jowel\APPLIC~1\Identities
[2008-09-10|21:33] C:\DOCUME~1\jowel\APPLIC~1\itch idol
[2008-09-11|16:57] C:\DOCUME~1\jowel\APPLIC~1\LimeWire
[2008-08-29|15:23] C:\DOCUME~1\jowel\APPLIC~1\Macromedia
[2008-09-10|21:26] C:\DOCUME~1\jowel\APPLIC~1\Microsoft
[2008-09-09|23:13] C:\DOCUME~1\jowel\APPLIC~1\OpenOffice.org2
[2008-09-04|11:21] C:\DOCUME~1\jowel\APPLIC~1\Pi Eye Games
[2008-09-06|19:16] C:\DOCUME~1\jowel\APPLIC~1\Roxio
[2008-08-24|14:04] C:\DOCUME~1\jowel\APPLIC~1\SulusGames
[2008-09-11|11:26] C:\DOCUME~1\jowel\APPLIC~1\uTorrent
[2008-09-11|01:42] C:\DOCUME~1\jowel\APPLIC~1\Winamp

[2008-09-10|21:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-09-10|21:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-08-28|17:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-09-11 20:00][--ah-----] C:\WINDOWS\tasks\A8E2AA73918120EB.job
[2008-09-08 10:00][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-09-11 19:29][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[2008-09-11 11:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-23 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A8E2AA73918120EB.job )=( c:\docume~1\jowel\applic~1\itchid~1\Blahplanjugs.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-08-25|01:17] C:\Program Files\After The End
[2008-08-25|21:50] C:\Program Files\Air Strike 2
[2008-08-27|01:34] C:\Program Files\Air Strike II Gulf Thunder
[2008-08-19|12:22] C:\Program Files\Aliant
[2008-08-24|18:46] C:\Program Files\Alien Outbreak 2 Invasion
[2008-09-11|11:40] C:\Program Files\Alwil Software
[2008-09-10|21:58] C:\Program Files\Apple Software Update
[2008-08-25|11:57] C:\Program Files\AstroAvenger
[2008-08-30|14:52] C:\Program Files\ATI Technologies
[2008-09-10|21:28] C:\Program Files\AVG
[2008-08-25|20:50] C:\Program Files\Battle Castles
[2008-08-14|09:53] C:\Program Files\Bonjour
[2008-09-10|21:59] C:\Program Files\Circle Developement
[2008-09-01|13:26] C:\Program Files\Common Files
[2008-08-04|13:26] C:\Program Files\ComPlus Applications
[2008-08-24|17:22] C:\Program Files\Crimsonland
[2008-08-25|21:43] C:\Program Files\Devastation Zone Troopers
[2008-09-10|22:01] C:\Program Files\DivX
[2008-09-10|22:01] C:\Program Files\DNA
[2008-08-30|18:17] C:\Program Files\Electronic Arts
[2008-09-01|20:39] C:\Program Files\Evil Invasion
[2008-09-02|20:33] C:\Program Files\Google
[2008-08-25|01:07] C:\Program Files\Gunner 2
[2008-08-27|01:46] C:\Program Files\Heavy Weapon
[2008-08-10|19:28] C:\Program Files\Hewlett-Packard
[2008-08-10|19:28] C:\Program Files\HP
[2008-08-30|14:52] C:\Program Files\InstallShield Installation Information
[2008-09-04|14:48] C:\Program Files\Internet Explorer
[2008-08-14|09:53] C:\Program Files\iPod
[2008-09-09|10:54] C:\Program Files\itch idol
[2008-09-10|22:04] C:\Program Files\iTunes
[2008-08-09|18:29] C:\Program Files\Java
[2008-09-02|13:37] C:\Program Files\Jets N Guns
[2008-09-02|12:16] C:\Program Files\Kungfu Master
[2008-08-27|13:03] C:\Program Files\Larva Mortus
[2008-09-11|14:47] C:\Program Files\LimeWire
[2008-08-04|22:49] C:\Program Files\Logitech
[2008-08-27|01:24] C:\Program Files\Master of Defense
[2008-09-10|22:05] C:\Program Files\Messenger
[2008-09-11|01:14] C:\Program Files\Messenger Plus! Live
[2008-08-27|01:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-08-04|13:30] C:\Program Files\microsoft frontpage
[2008-08-29|18:45] C:\Program Files\Mighty Rodent
[2008-08-19|12:23] C:\Program Files\Motive
[2008-09-10|22:06] C:\Program Files\Movie Maker
[2008-08-04|13:25] C:\Program Files\MSN
[2008-08-04|13:26] C:\Program Files\MSN Gaming Zone
[2008-09-11|01:14] C:\Program Files\MSN Messenger
[2008-08-27|01:51] C:\Program Files\MSXML 4.0
[2008-08-27|01:53] C:\Program Files\MSXML 6.0
[2008-09-10|22:06] C:\Program Files\NetMeeting
[2008-08-04|13:28] C:\Program Files\Online Services
[2008-08-04|15:59] C:\Program Files\OpenOffice.org 2.1
[2008-09-04|14:46] C:\Program Files\Outlook Express
[2008-08-27|19:54] C:\Program Files\Outspark
[2008-09-04|11:20] C:\Program Files\Project Xenoclone
[2008-09-10|22:14] C:\Program Files\QuickTime
[2008-09-08|00:20] C:\Program Files\Rage Of Magic 2
[2008-08-19|15:29] C:\Program Files\ReflexiveArcade
[2008-08-29|18:45] C:\Program Files\RIP
[2008-08-29|19:10] C:\Program Files\RIP 3 The Last Hero
[2008-09-01|20:39] C:\Program Files\RIP Strike Back
[2008-08-04|14:17] C:\Program Files\Roxio
[2008-08-19|16:41] C:\Program Files\Sallys Spa
[2008-09-10|22:16] C:\Program Files\Sigma_Team
[2008-09-11|10:49] C:\Program Files\Spybot - Search & Destroy
[2008-08-25|01:00] C:\Program Files\Star Defender 4
[2008-09-11|20:04] C:\Program Files\Trend Micro
[2008-08-04|13:36] C:\Program Files\Uninstall Information
[2008-09-11|11:23] C:\Program Files\uTorrent
[2008-09-11|01:44] C:\Program Files\Winamp
[2008-09-11|01:44] C:\Program Files\Winamp Remote
[2008-08-19|13:06] C:\Program Files\Windows Live
[2008-09-10|22:16] C:\Program Files\Windows Media Connect 2
[2008-09-10|22:16] C:\Program Files\Windows Media Player
[2008-09-10|22:16] C:\Program Files\Windows NT
[2008-08-04|13:28] C:\Program Files\WindowsUpdate
[2008-08-04|13:30] C:\Program Files\xerox
[2008-08-25|00:22] C:\Program Files\Zombie Shooter

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2008-08-14|09:52] C:\Program Files\Common Files\Apple
[2008-08-25|01:01] C:\Program Files\Common Files\DirectX
[2008-09-01|13:26] C:\Program Files\Common Files\Download Manager
[2008-08-10|19:27] C:\Program Files\Common Files\HP
[2008-08-04|22:49] C:\Program Files\Common Files\InstallShield
[2008-08-09|11:37] C:\Program Files\Common Files\Java
[2008-09-10|22:00] C:\Program Files\Common Files\LogiShrd
[2008-08-30|18:17] C:\Program Files\Common Files\Microsoft Shared
[2008-09-10|22:00] C:\Program Files\Common Files\Motive
[2008-08-04|13:27] C:\Program Files\Common Files\MSSoap
[2008-08-04|10:14] C:\Program Files\Common Files\ODBC
[2008-08-04|14:18] C:\Program Files\Common Files\Roxio Shared
[2008-08-04|13:27] C:\Program Files\Common Files\Services
[2008-08-04|10:14] C:\Program Files\Common Files\SpeechEngines
[2008-09-04|14:46] C:\Program Files\Common Files\System
[2008-08-19|13:07] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 50 Processes )

iexplore.exe ~ [PID:1916]
iexplore.exe ~ [PID:2116]
iexplore.exe ~ [PID:5256]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Gpl bin.exe
C:\DOCUME~1\jowel\APPLIC~1\itchid~1
C:\Program Files\itchid~1
C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_8f5a.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_eaae.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsaC.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsxE.tmp
C:\DOCUME~1\jowel\LOCALS~1\Temp\nsz8.tmp
C:\Program Files\Circle Developement
C:\DOCUME~1\jowel\Cookies\jowel@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\A8E2AA73918120EB.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mix Info"="C:\\DOCUME~1\\jowel\\APPLIC~1\\ITCHID~1\\Hole jump.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"="C:\\Documents and Settings\\All Users\\Application Data\\Frag great bend logo\\Gpl bin.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:16:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:40][D:31]-> C:\DOCUME~1\jowel\LOCALS~1\Temp
[F:70][D:0]-> C:\DOCUME~1\jowel\Cookies
[F:16743][D:20]-> C:\DOCUME~1\jowel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-09-11|20:18 - Option : [1]

--------------------\\ Fin du rapport a 20:18:09



Merci :)
0
Réponse 3 / 18
jowel
12 sept. 2008 à 01:24
--------------------\\ Lop S&D 4.2.4-2 XP/Vista


"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [2] ( 2008-09-11|20:21 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Gpl bin.exe
Supprime! - C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_8f5a.tmp
Supprime! - C:\DOCUME~1\jowel\LOCALS~1\Temp\msgpl_eaae.tmp
Supprime! - C:\DOCUME~1\jowel\LOCALS~1\Temp\nsaC.tmp
Supprime! - C:\DOCUME~1\jowel\LOCALS~1\Temp\nsxE.tmp
Supprime! - C:\DOCUME~1\jowel\LOCALS~1\Temp\nsz8.tmp
Supprime! - C:\DOCUME~1\jowel\Cookies\jowel@adopt.euroclick[1].txt
Supprime! - C:\WINDOWS\Tasks\A8E2AA73918120EB.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
Supprime! - C:\DOCUME~1\jowel\APPLIC~1\itchid~1
Supprime! - C:\Program Files\itchid~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[2008-08-14|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-08-14|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-09-10|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[2008-09-01|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
[2008-08-24|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[2008-09-02|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-10|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-08-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-08-04|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-09-02|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-08-14|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[2008-08-19|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[2008-09-11|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[2008-08-27|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Outspark
[2008-08-19|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-09-11|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-09-11|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[2008-08-19|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-09-11|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-08-27|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-08-23|20:40] C:\DOCUME~1\jowel\APPLIC~1\Ace
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Adobe
[2008-08-25|17:38] C:\DOCUME~1\jowel\APPLIC~1\Apple Computer
[2008-09-10|22:35] C:\DOCUME~1\jowel\APPLIC~1\AVGTOOLBAR
[2008-09-03|12:07] C:\DOCUME~1\jowel\APPLIC~1\DivX
[2008-08-30|19:04] C:\DOCUME~1\jowel\APPLIC~1\DNA
[2008-09-01|15:34] C:\DOCUME~1\jowel\APPLIC~1\eGames
[2008-08-24|16:24] C:\DOCUME~1\jowel\APPLIC~1\Go-Go Gourmet Chef of the Year
[2008-09-02|13:47] C:\DOCUME~1\jowel\APPLIC~1\Google
[2008-08-04|13:36] C:\DOCUME~1\jowel\APPLIC~1\Identities
[2008-09-11|16:57] C:\DOCUME~1\jowel\APPLIC~1\LimeWire
[2008-08-29|15:23] C:\DOCUME~1\jowel\APPLIC~1\Macromedia
[2008-09-10|21:26] C:\DOCUME~1\jowel\APPLIC~1\Microsoft
[2008-09-09|23:13] C:\DOCUME~1\jowel\APPLIC~1\OpenOffice.org2
[2008-09-04|11:21] C:\DOCUME~1\jowel\APPLIC~1\Pi Eye Games
[2008-09-06|19:16] C:\DOCUME~1\jowel\APPLIC~1\Roxio
[2008-08-24|14:04] C:\DOCUME~1\jowel\APPLIC~1\SulusGames
[2008-09-11|11:26] C:\DOCUME~1\jowel\APPLIC~1\uTorrent
[2008-09-11|01:42] C:\DOCUME~1\jowel\APPLIC~1\Winamp

[2008-09-10|21:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-09-10|21:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2008-08-28|17:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-09-08 10:00][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-09-11 19:29][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[2008-09-11 11:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-23 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-08-25|01:17] C:\Program Files\After The End
[2008-08-25|21:50] C:\Program Files\Air Strike 2
[2008-08-27|01:34] C:\Program Files\Air Strike II Gulf Thunder
[2008-08-19|12:22] C:\Program Files\Aliant
[2008-08-24|18:46] C:\Program Files\Alien Outbreak 2 Invasion
[2008-09-11|11:40] C:\Program Files\Alwil Software
[2008-09-10|21:58] C:\Program Files\Apple Software Update
[2008-08-25|11:57] C:\Program Files\AstroAvenger
[2008-08-30|14:52] C:\Program Files\ATI Technologies
[2008-09-10|21:28] C:\Program Files\AVG
[2008-08-25|20:50] C:\Program Files\Battle Castles
[2008-08-14|09:53] C:\Program Files\Bonjour
[2008-09-01|13:26] C:\Program Files\Common Files
[2008-08-04|13:26] C:\Program Files\ComPlus Applications
[2008-08-24|17:22] C:\Program Files\Crimsonland
[2008-08-25|21:43] C:\Program Files\Devastation Zone Troopers
[2008-09-10|22:01] C:\Program Files\DivX
[2008-09-10|22:01] C:\Program Files\DNA
[2008-08-30|18:17] C:\Program Files\Electronic Arts
[2008-09-01|20:39] C:\Program Files\Evil Invasion
[2008-09-02|20:33] C:\Program Files\Google
[2008-08-25|01:07] C:\Program Files\Gunner 2
[2008-08-27|01:46] C:\Program Files\Heavy Weapon
[2008-08-10|19:28] C:\Program Files\Hewlett-Packard
[2008-08-10|19:28] C:\Program Files\HP
[2008-08-30|14:52] C:\Program Files\InstallShield Installation Information
[2008-09-04|14:48] C:\Program Files\Internet Explorer
[2008-08-14|09:53] C:\Program Files\iPod
[2008-09-10|22:04] C:\Program Files\iTunes
[2008-08-09|18:29] C:\Program Files\Java
[2008-09-02|13:37] C:\Program Files\Jets N Guns
[2008-09-02|12:16] C:\Program Files\Kungfu Master
[2008-08-27|13:03] C:\Program Files\Larva Mortus
[2008-09-11|14:47] C:\Program Files\LimeWire
[2008-08-04|22:49] C:\Program Files\Logitech
[2008-08-27|01:24] C:\Program Files\Master of Defense
[2008-09-10|22:05] C:\Program Files\Messenger
[2008-09-11|01:14] C:\Program Files\Messenger Plus! Live
[2008-08-27|01:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-08-04|13:30] C:\Program Files\microsoft frontpage
[2008-08-29|18:45] C:\Program Files\Mighty Rodent
[2008-08-19|12:23] C:\Program Files\Motive
[2008-09-10|22:06] C:\Program Files\Movie Maker
[2008-08-04|13:25] C:\Program Files\MSN
[2008-08-04|13:26] C:\Program Files\MSN Gaming Zone
[2008-09-11|01:14] C:\Program Files\MSN Messenger
[2008-08-27|01:51] C:\Program Files\MSXML 4.0
[2008-08-27|01:53] C:\Program Files\MSXML 6.0
[2008-09-10|22:06] C:\Program Files\NetMeeting
[2008-08-04|13:28] C:\Program Files\Online Services
[2008-08-04|15:59] C:\Program Files\OpenOffice.org 2.1
[2008-09-04|14:46] C:\Program Files\Outlook Express
[2008-08-27|19:54] C:\Program Files\Outspark
[2008-09-04|11:20] C:\Program Files\Project Xenoclone
[2008-09-10|22:14] C:\Program Files\QuickTime
[2008-09-08|00:20] C:\Program Files\Rage Of Magic 2
[2008-08-19|15:29] C:\Program Files\ReflexiveArcade
[2008-08-29|18:45] C:\Program Files\RIP
[2008-08-29|19:10] C:\Program Files\RIP 3 The Last Hero
[2008-09-01|20:39] C:\Program Files\RIP Strike Back
[2008-08-04|14:17] C:\Program Files\Roxio
[2008-08-19|16:41] C:\Program Files\Sallys Spa
[2008-09-10|22:16] C:\Program Files\Sigma_Team
[2008-09-11|10:49] C:\Program Files\Spybot - Search & Destroy
[2008-08-25|01:00] C:\Program Files\Star Defender 4
[2008-09-11|20:04] C:\Program Files\Trend Micro
[2008-08-04|13:36] C:\Program Files\Uninstall Information
[2008-09-11|11:23] C:\Program Files\uTorrent
[2008-09-11|01:44] C:\Program Files\Winamp
[2008-09-11|01:44] C:\Program Files\Winamp Remote
[2008-08-19|13:06] C:\Program Files\Windows Live
[2008-09-10|22:16] C:\Program Files\Windows Media Connect 2
[2008-09-10|22:16] C:\Program Files\Windows Media Player
[2008-09-10|22:16] C:\Program Files\Windows NT
[2008-08-04|13:28] C:\Program Files\WindowsUpdate
[2008-08-04|13:30] C:\Program Files\xerox
[2008-08-25|00:22] C:\Program Files\Zombie Shooter

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2008-08-14|09:52] C:\Program Files\Common Files\Apple
[2008-08-25|01:01] C:\Program Files\Common Files\DirectX
[2008-09-01|13:26] C:\Program Files\Common Files\Download Manager
[2008-08-10|19:27] C:\Program Files\Common Files\HP
[2008-08-04|22:49] C:\Program Files\Common Files\InstallShield
[2008-08-09|11:37] C:\Program Files\Common Files\Java
[2008-09-10|22:00] C:\Program Files\Common Files\LogiShrd
[2008-08-30|18:17] C:\Program Files\Common Files\Microsoft Shared
[2008-09-10|22:00] C:\Program Files\Common Files\Motive
[2008-08-04|13:27] C:\Program Files\Common Files\MSSoap
[2008-08-04|10:14] C:\Program Files\Common Files\ODBC
[2008-08-04|14:18] C:\Program Files\Common Files\Roxio Shared
[2008-08-04|13:27] C:\Program Files\Common Files\Services
[2008-08-04|10:14] C:\Program Files\Common Files\SpeechEngines
[2008-09-04|14:46] C:\Program Files\Common Files\System
[2008-08-19|13:07] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:22:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:42][D:23]-> C:\DOCUME~1\jowel\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\jowel\Cookies
[F:16790][D:20]-> C:\DOCUME~1\jowel\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-09-11|20:18 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2008-09-11|20:24 - Option : [2]

--------------------\\ Fin du rapport a 20:24:17


Meric vieu :)
0
Réponse 4 / 18
jowel
12 sept. 2008 à 01:48
Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.1.2600 Service Pack 3

2008-09-11 20:48:10
mbam-log-2008-09-11 (20-48-10).txt

Scan type: Quick Scan
Objects scanned: 58893
Time elapsed: 17 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks buddy
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
jowel
12 sept. 2008 à 22:05
Revoici mon log HiJackThis, est-ce que quel qu'un peut le reverifier? Question detre sure que je ne suis plus infecter :) merci a lavance de votre aide et de votre temps :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:26, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
0
Réponse 6 / 18
jowel
13 sept. 2008 à 00:20
Voici mon rapport hijackthis apres redemarrage, merci mon vieux ;)

---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:12, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
0
Réponse 7 / 18
jowel
13 sept. 2008 à 00:43
Mauvaise version de windows. update en francais sur un windows anglais... jai du telecharger IE 7. les mise a jours son en progression, je te tien au courant dans quel que secondes
0
Réponse 8 / 18
jowel
13 sept. 2008 à 01:00
Bon le voici... :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:44, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Sigma Team Toolbar - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - C:\Program Files\Sigma_Team\tbSig0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
0
Réponse 9 / 18
jowel
13 sept. 2008 à 01:06
Cela semble stable, merci.!
0
Réponse 10 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
12 sept. 2008 à 01:08
Salut,

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
-1
Réponse 11 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
12 sept. 2008 à 01:20
---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
-1
Réponse 12 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
12 sept. 2008 à 01:28
---> Désinstalle Lop S&D

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
-1
Réponse 13 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
12 sept. 2008 à 01:51
Désinstalle Avast et garde AVG.
-1
Réponse 14 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
12 sept. 2008 à 23:22
---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
-1
Réponse 15 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
13 sept. 2008 à 00:23
Tu n'as pas mis à jour Internet Explorer.
-1
Réponse 16 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
13 sept. 2008 à 00:47
Ok.
-1
Réponse 17 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
13 sept. 2008 à 01:03
Plus de problème ?
-1
Réponse 18 / 18
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 300
13 sept. 2008 à 01:08
Ok ;)
-1

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
hijackthis merci de m aider
yangisis -
jess15 -

1 réponse
Rapport hijackthis (attend conseil)merçi
régis(14) -
Utilisateur anonyme -

8 réponses
psp 1004 gros probleme merci de maider
psycat17 -
Utilisateur anonyme -

15 réponses
Analyse rapport Hijackthis
Utilisateur anonyme -
Malekal_morte- -

20 réponses