Sujet Précédent Sujet Suivant

Virus

al -  
jamelpalmer Messages postés 7 Statut Membre -
Bonjour,
voilà depuis quelques jours j'ai un trojan qui se ballade dans mon pc. Je pensais que mon anti virus avait raison de lui mais non il a l'air bien coriace. Alors après quelques lectures par ici voilà ce que j'ai fais
J'ai téléchargé TRojan Remover et suivi les insctructions, puis hijackthis , et j'ai relancé un scan.
j'ai posté tous les rapports si ça peut vous aider.
Je suis sous XP, j'ai la dernière version de mozilla firefox, et internet explorer je l'utilise de temps en temps et ce n'est pas la dernière version mais je ne sais pas quelle version c'est.
mon anti virus est eset nod 32
je suis sous windows XP, mon pc est un portable acer travelmate 4020 qui va fêter ses 3 ans.
MErci


voici le rapport

***** THE SYSTEM HAS BEEN RESTARTED *****
24/09/2008 00:39:38: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\WRNotifier - already removed
=======================================================
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[kamsoft] - already deleted
=======================================================
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\WINDOWS\system32\WRLogonNTF.dll to C:\WINDOWS\system32\WRLogonNTF.dll.vir
(C:\WINDOWS\system32\WRLogonNTF.dll does not appear to exist)
24/09/2008 00:39:39: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 00:32:35 24 sept. 2008
Using Database v7146
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: FAT32
Data directory: C:\Documents and Settings\al\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
00:32:36: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
00:32:36: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
00:32:36: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
00:32:37: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 07/04/2005
Modified: 08/02/2005
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 07/04/2005
Modified: 08/02/2005
Company: Intel Corporation
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
98394 bytes
Created: 08/04/2005
Modified: 07/10/2004
Company: Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
688218 bytes
Created: 08/04/2005
Modified: 07/10/2004
Company: Synaptics, Inc.
--------------------
Value Name: RemoteControl
Value Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
32768 bytes
Created: 08/04/2005
Modified: 15/07/2004
Company: Cyberlink Corp.
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: EPM-DM
Value Data: c:\acer\epm\epm-dm.exe
c:\acer\epm\epm-dm.exe
188416 bytes
Created: 07/11/2005
Modified: 28/03/2005
Company: Acer Inc
--------------------
Value Name: ePowerManagement
Value Data: C:\Acer\ePM\ePM.exe boot
C:\Acer\ePM\ePM.exe
2880512 bytes
Created: 07/11/2005
Modified: 24/03/2005
Company: Acer Value Labs, Taiwan
--------------------
Value Name: LManager
Value Data: C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Launch Manager\QtZgAcer.EXE
319488 bytes
Created: 07/11/2005
Modified: 28/03/2005
Company: Dritek System Inc.
--------------------
Value Name: eRecoveryService
Value Data: C:\Windows\System32\Check.exe
C:\Windows\System32\Check.exe
245760 bytes
Created: 07/11/2005
Modified: 23/03/2005
Company: acer Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 17/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: PrinTray
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
36864 bytes
Created: 17/06/2006
Modified: 05/07/2001
Company: Lexmark
--------------------
Value Name: nod32kui
Value Data: "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
C:\Program Files\Eset\nod32kui.exe
921600 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company: Eset
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008
Modified: 11/01/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: LogitechCommunicationsManager
Value Data: "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
284184 bytes
Created: 31/10/2006
Modified: 31/10/2006
Company: Logitech Inc.
--------------------
Value Name: LogitechQuickCamRibbon
Value Data: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
746520 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company:
--------------------
Value Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
Value Data: C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
479232 bytes
Created: 15/07/2005
Modified: 15/07/2005
Company: Google Inc.
--------------------
Value Name: LVCOMSX
Value Data: "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
244512 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company: Logitech Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created: 24/09/2008
Modified: 20/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: Configuration de la C-BOX
Value Data: C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe [file not found to scan]
--------------------
Value Name: updateMgr
Value Data: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [file not found to scan]
--------------------
Value Name: H/PC Connection Agent
Value Data: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
1211176 bytes
Created: 21/06/2006
Modified: 21/06/2006
Company: Microsoft Corporation
--------------------
Value Name: kamsoft
Value Data: C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo.exe
-RHS- 99449 bytes
Created: 14/09/2008
Modified: 17/09/2008
Company:
C:\WINDOWS\system32\ckvo.exe - this registry value has been removed
C:\WINDOWS\system32\ckvo.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ckvo.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\ckvo.exe - file renamed to: C:\WINDOWS\system32\ckvo.exe.vir
--------------------
Value Name: LogitechSetup
Value Data: E:\Setup\Setup.exe /start /restart /l:fra
E:\Setup\Setup.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

************************************************************
00:33:09: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
00:33:09: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
00:33:09: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmarque.scr
C:\WINDOWS\system32\ssmarque.scr
20992 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
00:33:10: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
102280 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company:
----------

************************************************************
00:33:10: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 04/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
00:33:11: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AMON
ImagePath: \??\C:\WINDOWS\system32\drivers\amon.sys
C:\WINDOWS\system32\drivers\amon.sys
502368 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company: Eset
----------
Key: anbmService
ImagePath: C:\Acer\eManager\anbmServ.exe
C:\Acer\eManager\anbmServ.exe
1287168 bytes
Created: 16/08/2004
Modified: 16/08/2004
Company: OSA Technologies Inc.
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
175360 bytes
Created: 08/04/2005
Modified: 21/05/2003
Company: Broadcom Corporation
----------
Key: bcm4sbxp
ImagePath: system32\DRIVERS\bcm4sbxp.sys
C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
44032 bytes
Created: 08/04/2005
Modified: 25/09/2003
Company: Broadcom Corporation
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
101120 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272768 bytes
Created: 08/04/2005
Modified: 14/06/2008
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
34048 bytes
Created: 07/04/2005
Modified: 24/06/2004
Company: Conexant Systems Inc.
----------
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
276480 bytes
Created: 07/04/2005
Modified: 24/06/2004
Company: Conexant Systems Inc.
----------
Key: CVirtA
ImagePath: system32\DRIVERS\CVirtA.sys
C:\WINDOWS\system32\DRIVERS\CVirtA.sys
5315 bytes
Created: 23/07/2007
Modified: 17/05/2005
Company: Cisco Systems, Inc.
----------
Key: DKbFltr
ImagePath: System32\Drivers\DKbFltr.sys
C:\WINDOWS\System32\Drivers\DKbFltr.sys
16896 bytes
Created: 07/11/2005
Modified: 08/12/2004
Company: Dritek System Inc.
----------
Key: EpmPsd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-psd.sys
C:\WINDOWS\system32\drivers\epm-psd.sys
4096 bytes
Created: 07/11/2005
Modified: 19/07/2004
Company: Acer Value Labs, USA
----------
Key: EpmShd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-shd.sys
C:\WINDOWS\system32\drivers\epm-shd.sys
78208 bytes
Created: 07/11/2005
Modified: 24/03/2005
Company: Acer Value Labs, USA
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [file not found to scan]
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 31/08/2007
Modified: 04/01/2007
Company: Google
----------
Key: hamachi
ImagePath: system32\DRIVERS\hamachi.sys
C:\WINDOWS\system32\DRIVERS\hamachi.sys
25280 bytes
Created: 27/04/2008
Modified: 27/04/2008
Company: LogMeIn, Inc.
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
207616 bytes
Created: 08/04/2005
Modified: 24/01/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
804572 bytes
Created: 07/04/2005
Modified: 08/02/2005
Company: Intel Corporation
----------
Key: iBurstu
ImagePath: system32\DRIVERS\iBurstu.sys
C:\WINDOWS\system32\DRIVERS\iBurstu.sys [file not found to scan]
----------
Key: int15.sys
ImagePath: \??\C:\Program Files\acer\eRecovery\int15.sys
C:\Program Files\acer\eRecovery\int15.sys
69632 bytes
Created: 07/11/2005
Modified: 13/01/2005
Company:
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
311296 bytes
Created: 17/06/2006
Modified: 05/07/2001
Company: Lexmark International, Inc.
----------
Key: LVcKap
ImagePath: system32\DRIVERS\LVcKap.sys
C:\WINDOWS\system32\DRIVERS\LVcKap.sys
1678368 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company:
----------
Key: LVMVDrv
ImagePath: system32\DRIVERS\LVMVDrv.sys
C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
1962912 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company: Logitech Inc.
----------
Key: LVPr2Mon
ImagePath: system32\DRIVERS\LVPr2Mon.sys
C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
24736 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company:
----------
Key: LVPrcSrv
ImagePath: c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
109344 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company: Logitech Inc.
----------
Key: LVSrvLauncher
ImagePath: C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
101152 bytes
Created: 15/11/2006
Modified: 15/11/2006
Company: Logitech Inc.
----------
Key: LVUSBSta
ImagePath: system32\drivers\lvusbsta.sys
C:\WINDOWS\system32\drivers\lvusbsta.sys
-R- 40352 bytes
Created: 30/07/2008
Modified: 11/11/2006
Company: Logitech Inc.
----------
Key: NBXG7031
ImagePath: system32\DRIVERS\WlanUIG.sys
C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
381312 bytes
Created: 17/09/2004
Modified: 17/09/2004
Company: Conexant Systems, Inc.
----------
Key: NOD32krn
ImagePath: "C:\Program Files\Eset\nod32krn.exe"
C:\Program Files\Eset\nod32krn.exe
507904 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company: Eset
----------
Key: NPF
ImagePath: system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\npf.sys
30336 bytes
Created: 09/03/2006
Modified: 04/04/2003
Company: Politecnico di Torino
----------
Key: NSCIRDA
ImagePath: system32\DRIVERS\nscirda.sys
C:\WINDOWS\system32\DRIVERS\nscirda.sys
28672 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: National Semiconductor Corporation
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 08/04/2005
Modified: 08/04/2005
Company: NewTech Infosystems, Inc.
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 08/04/2005
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: osaio
ImagePath: \SystemRoot\system32\drivers\osaio.sys
C:\WINDOWS\system32\drivers\osaio.sys
8704 bytes
Created: 04/03/2005
Modified: 04/03/2005
Company: Avocent/OSA Technologies Inc.
----------
Key: osanbm
ImagePath: \SystemRoot\system32\drivers\osanbm.sys
C:\WINDOWS\system32\drivers\osanbm.sys
4010 bytes
Created: 14/01/2005
Modified: 14/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: PalmUSBD
ImagePath: system32\drivers\PalmUSBD.sys
C:\WINDOWS\system32\drivers\PalmUSBD.sys
16694 bytes
Created: 09/06/2004
Modified: 24/12/2007
Company: PalmSource, Inc.
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS [file not found to scan]
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS [file not found to scan]
----------
Key: PCASp50
ImagePath: System32\Drivers\PCASp50.sys
C:\WINDOWS\System32\Drivers\PCASp50.sys
20096 bytes
Created: 19/11/2005
Modified: 19/11/2005
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PID_0928
ImagePath: system32\DRIVERS\LV561AV.SYS
C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
-R- 487328 bytes
Created: 30/07/2008
Modified: 11/11/2006
Company: Logitech Inc.
----------
Key: QCDonner
ImagePath: system32\DRIVERS\OVCD.sys
C:\WINDOWS\system32\DRIVERS\OVCD.sys
28032 bytes
Created: 28/11/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: RegSrvc
ImagePath: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [file not found to scan]
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59136 bytes
Created: 08/04/2005
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe
77824 bytes
Created: 09/03/2006
Modified: 04/04/2003
Company:
----------
Key: S24EventMonitor
ImagePath: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [file not found to scan]
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys [file not found to scan]
----------
Key: SNDSrvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
206552 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 15/11/2005
Modified: 17/08/2001
Company: Sony Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{C1A95C09-3E15-44AA-B114-CE9AB4E5FAE8}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 08/04/2005
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
11512 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Program Files\Symantec\SYMEVENT.SYS
C:\Program Files\Symantec\SYMEVENT.SYS
123712 bytes
Created: 08/11/2005
Modified: 28/07/2005
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
173208 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
36984 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
47192 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17976 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
267192 bytes
Created: 05/04/2005
Modified: 05/04/2005
Company: Symantec Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
185824 bytes
Created: 08/04/2005
Modified: 07/10/2004
Company: Synaptics, Inc.
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225856 bytes
Created: 08/04/2005
Modified: 20/06/2008
Company: Microsoft Corporation
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\system32\vsdatant.sys
C:\WINDOWS\system32\vsdatant.sys [file not found to scan]
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3222784 bytes
Created: 08/04/2005
Modified: 29/10/2004
Company: Intel® Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

************************************************************
00:33:20: Scanning -----VXD ENTRIES-----

************************************************************
00:33:20: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 07/04/2005
Modified: 08/02/2005
Company: Intel Corporation
----------
Key : WRNotifier
DLLName: WRLogonNTF.dll
WRLogonNTF.dll - this reference has been removed
C:\WINDOWS\system32\WRLogonNTF.dll - marked for renaming when the PC is restarted (if it exists)
----------

************************************************************
00:33:31: Scanning ----- CONTEXTMENUHANDLERS -----
Key: axcrypt.File
CLSID: {D8EA8D47-9DFB-4D45-87E8-40EF3F8935D2}
Path: C:\Program Files\Axon Data\AxCrypt\1.6.2.3\AxCrypt.dll
C:\Program Files\Axon Data\AxCrypt\1.6.2.3\AxCrypt.dll
122880 bytes
Created: 26/02/2006
Modified: 26/02/2006
Company: Axantum Software AB
----------
Key: NOD32 Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\Eset\nodshex.dll
C:\Program Files\Eset\nodshex.dll
57344 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company:
----------

************************************************************
00:33:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
00:33:32: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 17/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------

************************************************************
00:33:32: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
00:33:32: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
00:33:32: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
00:33:32: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
00:33:32: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
00:33:33: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

************************************************************
00:33:33: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 08/04/2005
Modified: 08/04/2005
Company:
--------------------
C:\Program Files\Microsoft Office\Office10\OSA.EXE
83360 bytes
Created: 13/02/2001
Modified: 13/02/2001
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------
C:\Program Files\palmOne\Hotsync.exe
471040 bytes
Created: 09/06/2004
Modified: 09/06/2004
Company: PalmSource, Inc
HotSync Manager.lnk - links to C:\Program Files\palmOne\Hotsync.exe
--------------------
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
28672 bytes
Created: 24/12/2007
Modified: 24/12/2007
Company: DataViz, Inc.
DataViz Inc Messenger.lnk - links to C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
00:33:33: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
00:33:33: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
00:33:33: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: SHOWALL\"CheckedValue"
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 08/11/2005
Modified: 27/02/2007
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 08/11/2005
Modified: 27/02/2007
Company:
----------
Checking autorun.inf in C:\
C:\autorun.inf: Access Error
----------
Checking autorun.inf in D:\
D:\autorun.inf: Access Error
----------
--------------------
Additional checks completed

************************************************************
00:33:42: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe - file already scanned
--------------------
C:\Acer\eManager\anbmServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Eset\nod32krn.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\acer\epm\epm-dm.exe - file already scanned
--------------------
C:\Program Files\Launch Manager\QtZgAcer.EXE - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe - file already scanned
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Program Files\Microsoft ActiveSync\wcescomm.exe - file already scanned
--------------------
C:\PROGRA~1\MICROS~3\rapimgr.exe
--------------------
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
--------------------
C:\Program Files\acer\eRecovery\Monitor.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Documents and Settings\al\Application Data\Simply Super Software\Trojan Remover\rneFA7.exe
FileSize: 2552384
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
00:33:45: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
00:33:45: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
00:33:45: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 00:33:45 24 sept. 2008
Total Scan time: 00:01:09
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
24/09/2008 00:33:51: restart commenced
************************************************************

Ensuite j'ai téléchargé Hijackthis
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:05, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:fra
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: EvtEng - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
A voir également:

10 réponses

Réponse 1 / 10
al
 
Merci pour la réponse rapide.
j'ai effectué le scan en mode sans échec et voilà le rapport (en fait j'avais au préalable effectué en mode normal mais j'avais fermé trop vite avant de supprimer les fichiers :( )
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1200
Windows 5.1.2600 Service Pack 3

24/09/2008 07:10:11
mbam-log-2008-09-24 (07-10-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 105344
Temps écoulé: 4 hour(s), 26 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\al\Bureau\Votre devis Australie actualise´.pdf (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut

1) Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.


Salut a Toute La Communautè Par Manque De Curiosité On Risque De Mourir Ignorant
j'ai un peu de connaissance mais je m'estime comme un debutant
Tu es libre de penser que tu es con, mais con de penser que ­tu es libre...merci a australe13
-1
Réponse 2 / 10
al
 
bonjour
merci
voilà le rapport

[b]SDFix: Version 1.228 [/b]
Run by al on 24/09/2008 at 08:56

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\antiv.exe - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 09:34:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 8 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 18 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 27 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
slt,

fais msnfix

Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et place les fichiers dans C:\MSNFix (très important).
- et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, sa te le marque en haut de la fenetre
exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
-1
Réponse 3 / 10
al
 
read file error: C:\DOCUME~1\al\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\al\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
0
Réponse 4 / 10
al
 
je pense pas avoir posté le rapport qui correspondait
j'ai relancé msn fix
et il me dit aucune infection détectée
mais j'arrive pas à avoir le rapport :( j'ai relancé pour voir si cette fois ça marche.
merci beaucoup
mais là c'est bon il est parti ?
mon pc est tout propre?
et je peux tout désinstaller ?
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
tu peut reposter un rapport hijackthis stp pour qu'on fassent le point
-1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
al
 
le voilà
merci encore

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:30, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:fra
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: EvtEng - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
---) Relance HijackThis et choisis Do a system scan only

---) Coche les cases qui sont devant les lignes suivantes :

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)

---) Fais ensuite "fix checked"

apres sa tu fait toolbar s&d

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)


Salut a Toute La Communautè Par Manque De Curiosité On Risque De Mourir Ignorant
j'ai un peu de connaissance mais je m'estime comme un debutant
Tu es libre de penser que tu es con, mais con de penser que ­tu es libre...merci a australe13
-1
Réponse 6 / 10
al
 
voilà
-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : al ( Administrator )
BOOT : Normal boot
Antivirus : Eset NOD32 antivirus system 2.51 2.51 (Activated)
C:\ (Local Disk) - FAT32 - Total : 26 Go Free : 10 Go
D:\ (Local Disk) - FAT32 - Total : 26 Go Free : 4 Go
E:\ (CD or DVD)
G:\ (Local Disk) - FAT32 - Total : 232 Go Free : 41 Go

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [1] ( 24/09/2008|12:55 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 24/09/2008|12:56 - Option : [1]

-----------\\ Fin du rapport a 12:56:42,95
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
la ton rapport hijackthis est propre

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
-1
Réponse 7 / 10
al
 
merci beaucoup pour tout
juste une question pour essayer de comprendre, j'étais obligée de télécharger 7 trucs différents pour en finir avec ce trojan?
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut

moi je ne t'est fait que 4 fix

malvarbyte anti malware pour eliminer ckvo

sdfix pour le trjan


toolbar sd lui le rapport etait prore c'etait par precaution

msn fix lui n'a pas fonctionner

tools cleaner pour nettoyer les fix qui nous on servit j'attend toujour le rapport pour voir si tout a etait suprimer

malwarbyte tu le garde tout comme ccleaner et tu fera des scan regulierment


tu va telecharger Ccleaner https://www.ccleaner.com/ccleaner/download

ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).

Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

içi mode d'emploi pour ccleaner

https://www.malekal.com/tutoriel-ccleaner/

et celui la c'est le cinquieme lol
-1
Réponse 8 / 10
al
 
bon en fait je suis pas une bonne élève, et j'avais tout viré :( même malwarbyte et compagnie. là je viens de lancer c cleaner et voilà
c'est bon là ou je dois reprendre malwa...
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut

malwarbyte tu le reprend au meme endroit sur le poste 1 lol
-1
Réponse 9 / 10
jamelpalmer Messages postés 7 Statut Membre
 
slt à tous j'aimerais avoir de l'aide à propos des trojans.on m'a dit qu'il fallait faire une demande avant de poster un rapport donc j'attends votre reponse
merci de me repondre
0
Réponse 10 / 10
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Bonjour ;

telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le raport generer
et on attendant une reponse tu peut refaire un scan malwarbyte mais on mode sans echec car beaucoup plus efficace

comment demarer on mode sans echec içi tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

tu enregistre le raport generer de facon a le retrouver et tu poste le nouveau rapport raport
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses