Sujet Précédent Sujet Suivant

Virus

virginie3280 -  
Strik-Strak Messages postés 1386 Statut Contributeur -
Bonjour,
Je crois que je suis infecté de virus, et mon antivirus n'arrete pas de me mettre des alertes cheval de troie....
Je vous fait un scan et met le rapport ici...
Si quelqu'un peut m'aider
Merci
Virginie
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
Slt, ou est le rapport ?? ^^ Sinon, installe Hijackthis stp.
comment l'installer (merci à balltrap34): http://pageperso.aol.fr/balltrap34/Hijenr.gif
pour le rapport et fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm
/!\ Ne fixe rien toi-même ! /!\
mais avant de le lancer pour analyse rend toi sur ton pc ici : C:\Program Files\Hijackthis\HijackThis.exe <--- clique droit sur ce dernier et choisis "renommer" : tape monjack et valide.
!!Déconnecte internet et ferme toute tes applications en cours !!
Fais un scan et poste le rapport généré pour analyse.
1
Réponse 2 / 23
virginie3280
 
Logfile of Spyware Terminator v2.1.1.314 (db:1.0.205.892)
Scan Time: 27/10/2008 18:00:45 length: 1904 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Virus__Spyware_Scan
Scanned Objects: 83098 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
McSACore.exe [McAfee, Inc.] : C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
mcmscsvc.exe [McAfee, Inc.] : C:\Program Files\McAfee\MSC\mcmscsvc.exe
McNASvc.exe [McAfee, Inc.] : C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe
McProxy.exe [McAfee, Inc.] : C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe
Mcshield.exe [McAfee, Inc.] : C:\Program Files\McAfee\VirusScan\Mcshield.exe
MPFSrv.exe [McAfee, Inc.] : C:\Program Files\McAfee\MPF\MPFSrv.exe
MskSrver.exe [McAfee, Inc.] : C:\Program Files\McAfee\MSK\MskSrver.exe
HPZipm12.exe [HP] : C:\WINDOWS\system32\HPZipm12.exe
Monitor.exe [acer Inc.] : C:\Acer\Empowering Technology\eRecovery\Monitor.exe
HPWuSchd2.exe [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MsnMsgr.Exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
mcsysmon.exe [McAfee, Inc.] : C:\Program Files\McAfee\VirusScan\mcsysmon.exe
FxSvr2.exe [Logitech Inc.] : C:\Program Files\Logitech\Video\FxSvr2.exe
WLLoginProxy.exe [Microsoft Corporation] : C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - [McAfee, Inc.] : C:\Program Files\McAfee\MSK\mcapbho.dll
02 - BHO: mxlivemedia browser enhancer - {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F} - : C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
02 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - [McAfee, Inc.] : C:\Program Files\McAfee\VirusScan\scriptsn.dll
02 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - [McAfee, Inc.] : C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
02 - BHO: - {C9A35542-77D9-44F0-831B-73110B3D129F} - : C:\WINDOWS\system32\mlJDuvTL.dll
02 - BHO: - {DD153FDB-E2FB-40D2-8E36-F21C36B51DAD} - : C:\WINDOWS\system32\awtrOgeE.dll

Toolbars
03 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - [McAfee, Inc.] : C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MsnMsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eRecoveryService : [acer Inc.] : C:\Acer\Empowering Technology\eRecovery\Monitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mytjqpyvzhzlw : : C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
04 - Startup: %START_PROGRAMSALL%\Démarrage\Adobe Reader Speed Launch.lnk [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell Extensions
- {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
My Logitech Pictures - {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - [Logitech Inc.] : C:\Program Files\Logitech\Video\Namespc2.dll
Mes dossiers de partage - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

Shell Extecute Hooks
- {{DD153FDB-E2FB-40D2-8E36-F21C36B51DAD}} - : C:\WINDOWS\system32\awtrOgeE.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
McAfee SACore Protocol Handler - {5513F07E-936B-4E52-9B00-067394E91CC5} - [McAfee, Inc.] : C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll

Services
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23 - [Broadcom Corporation] : C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23 - : C:\Acer\Empowering Technology\eRecovery\int15.sys
23 - [McAfee, Inc.] : C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
23 - [McAfee, Inc.] : C:\Program Files\McAfee\MSC\mcmscsvc.exe
23 - [McAfee, Inc.] : C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe
23 - [McAfee, Inc.] : C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe
23 - [McAfee, Inc.] : C:\Program Files\McAfee\VirusScan\Mcshield.exe
23 - [McAfee, Inc.] : C:\Program Files\McAfee\VirusScan\mcsysmon.exe
23 - [McAfee, Inc.] : C:\WINDOWS\system32\drivers\mfeavfk.sys
23 - [McAfee, Inc.] : C:\WINDOWS\system32\drivers\mfebopk.sys
23 - [McAfee, Inc.] : C:\WINDOWS\system32\drivers\mfehidk.sys
23 - [McAfee, Inc.] : C:\WINDOWS\system32\drivers\mfesmfk.sys
23 - [McAfee, Inc.] : C:\WINDOWS\system32\Drivers\Mpfp.sys
23 - [McAfee, Inc.] : C:\Program Files\McAfee\MPF\MPFSrv.exe
23 - [McAfee, Inc.] : C:\Program Files\McAfee\MSK\MskSrver.exe
23 - [NewTech Infosystems, Inc.] : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23 - [HP] : C:\WINDOWS\system32\HPZipm12.exe
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\sisgrp.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\srvkp.sys
23 - [SiS Corporation] : C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23 - [Synaptics, Inc.] : C:\WINDOWS\system32\DRIVERS\SynTP.sys
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrOgeE, DLLName : : C:\WINDOWS\system32\awtrOgeE.dll

Advanced Files Report
%SYSDIR%\hpzll054.dll [Hewlett-Packard Company] [Language Monitor] MD5=8368F1B57150F129935762E7BE9BC4BA SIZE=48128
%PROGRAMFILES%\McAfee\SiteAdvisor\McSACore.exe [McAfee, Inc.] [McAfee SiteAdvisor] MD5=D933FC7C5E51F4DA342A4E1F2BE3F764 SIZE=198944
%PROGRAMFILES%\McAfee\SiteAdvisor\saHook.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=8065DB16371E6FEF4A6095FFCE88AB86 SIZE=12576
%PROGRAMFILES%\McAfee\SiteAdvisor\apengine.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=36CC2D6BFB8E3035724193FBAEA91E29 SIZE=116000
%PROGRAMFILES%\McAfee\SiteAdvisor\saupkeep.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=BCB2A30F0CD4714574FDADBA40FCB5B7 SIZE=353056
%PROGRAMFILES%\McAfee\SiteAdvisor\mcfrmwk.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=57E3D56E0C8DF49FE25B4AD8651433A1 SIZE=70432
%PROGRAMFILES%\McAfee\SiteAdvisor\SACore.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=3C4B6B314CF7F5534C34577477BC664E SIZE=650528
%PROGRAMFILES%\McAfee\SiteAdvisor\SASet.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=5912E2A996F574060235025A2E2DFA1A SIZE=309536
%PROGRAMFILES%\McAfee\SiteAdvisor\cntscan.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=60ACCA23FC004CE0D360111A686624E3 SIZE=206112
%PROGRAMFILES%\McAfee\SiteAdvisor\McSACorePS.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=111DB4557668196A5B9319CDBFA294F9 SIZE=55072
%PROGRAMFILES%\McAfee\MSC\mcregobj\8,0,226,0\mcregobj.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=E8B7A11BBB7E1E47B58BA5BC69D73556 SIZE=300368
%COMMONFILES%\McAfee\MSC\mcutil\8,1,114,0\mcutil.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=CA0732D2F2D582E669C9A408C4E2DCF9 SIZE=128368
%PROGRAMFILES%\McAfee\MSC\mcmscsvc.exe [McAfee, Inc.] [McAfee SecurityCenter] MD5=CB3A8976DE2F65349322DA7627CEA223 SIZE=767976
%PROGRAMFILES%\McAfee\MSC\mcres.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=CF5C2CBCCC496B9157A7C56DA71EA6BB SIZE=80720
%PROGRAMFILES%\McAfee\MSC\mclocres.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=0E04E6436EF65D303F36042035B44C4C SIZE=72648
%PROGRAMFILES%\McAfee\MSC\oem\501\Mccobres.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=F5ED6C98B529F23E6F0B22A2E632A614 SIZE=570944
%PROGRAMFILES%\McAfee\MSC\mccobres.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=0E13798F18F53050AFDD5E665564B1C8 SIZE=690648
%COMMONFILES%\McAfee\MSC\sqlite3.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=377A49EC40546CE62AB424F41D8D0300 SIZE=410072
%COMMONFILES%\McAfee\Core\mccoreps.dll [McAfee, Inc.] [McAfee Core API] MD5=19E0FBD24CB1A016E035BC1A526AA1ED SIZE=90968
%PROGRAMFILES%\McAfee\MSC\mcshllps.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=2BBEBD88F878D07DF1C98D31B08FF545 SIZE=95568
%PROGRAMFILES%\McAfee\VirusScan\mvsap.dll [McAfee, Inc.] [McAfee VirusScan] MD5=A3FF6F525FEC34233F2092F946A2E71D SIZE=185672
%PROGRAMFILES%\McAfee\MPF\MC\MpfMISP.dll [McAfee, Inc.] [McAfee Personal Firewall Plus] MD5=973411647A7FE64A78A463640969EA9D SIZE=1047328
%PROGRAMFILES%\McAfee\MPF\L10N.DLL [McAfee, Inc.] [McAfee Personal Firewall] MD5=3EA0B8314C2901029DB7547C1A3528C1 SIZE=222496
%PROGRAMFILES%\McAfee\MSC\mcmispps.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=71987B191F2FD94CECDF29C3C599D3CB SIZE=168272
%PROGRAMFILES%\McAfee\MSK\mskmisp.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=A3C00D31192E87ACCE6758FBBAEB07E3 SIZE=298312
%PROGRAMFILES%\McAfee\MPS\MPSMisp.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=6F647FEE2C558A016BFD73CCE8F4CA0F SIZE=401696
%PROGRAMFILES%\McAfee\MPS\MpsRes.DLL [McAfee, Inc.] [McAfee Privacy Service] MD5=B6E61E69769267A2089B1FA532F8841A SIZE=455968
%PROGRAMFILES%\McAfee\MSC\McDBMgr.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=292F8E60E8BC0CFFBDF538F78A2CE2B8 SIZE=257872
%PROGRAMFILES%\McAfee.com\Agent\mcagntps.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=34B8ECDBA9B8806578DD3770264E2702 SIZE=66896
%PROGRAMFILES%\McAfee\MSC\mcsubmgr\8,1,133,0\mcsubmgr.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=52B6E1BA4DCC3F22842C0AEE499F4A22 SIZE=492880
%PROGRAMFILES%\McAfee\MSC\mcmscver.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=828C209F104B6776A6A3733DEA524F6F SIZE=320848
%PROGRAMFILES%\McAfee\VirusScan\McVsPP.dll [McAfee, Inc.] [McAfee VirusScan] MD5=392653214BCA3B24D2757E4B65B05082 SIZE=210248
%PROGRAMFILES%\McAfee\MPS\mpspii.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=E3910EB60F461FA6F3344BDCC3B1351F SIZE=259360
%PROGRAMFILES%\McAfee\MPS\mpscfg.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=8DDE39756EDE7CDC8F5B14952DE2D857 SIZE=472352
%PROGRAMFILES%\McAfee\MPS\mpspc.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=D0EBAAA142BEA05497017F0DE61721AE SIZE=231712
%PROGRAMFILES%\McAfee\MSC\mcprotpv.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=C12AF9ADFD6B2A8011CAB87E77CE1408 SIZE=329040
%PROGRAMFILES%\McAfee\MBK\MBKProv.dll [McAfee] [McAfee Data Backup] MD5=8646030FCB89A66BAC819CAF742C6A42 SIZE=437288
%PROGRAMFILES%\McAfee\MSC\McNmcPrv.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=FCF388A3EB9F8286A93FBC94A7804854 SIZE=385768
%PROGRAMFILES%\McAfee\MSC\McNmcRes.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=244B30B37B46968F7DBE0748274CE6E8 SIZE=150928
%PROGRAMFILES%\McAfee\MSC\McNmcLoR.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=0EB72C33AA19EEA9A06C96107261A9E0 SIZE=17616
%PROGRAMFILES%\McAfee\MSC\McNmcCoR.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=C48155355DE3F6E4DAFC5FC58648122E SIZE=15032
%COMMONFILES%\McAfee\MNA\McNASvcPS.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=19B21FDCDD5BF86D86254A8416E407E2 SIZE=85008
%PROGRAMFILES%\McAfee\MSC\McNmcSPS.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=8D687570948C1F728C552EF55E3572F2 SIZE=66848
%PROGRAMFILES%\McAfee\VirusScan\mvscfg.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=6F95ACC764A3755314CCE267B7F8BFAF SIZE=324936
%PROGRAMFILES%\McAfee\VirusScan\naiannps.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=0255E9CEA240A664F403DA759FD50954 SIZE=24392
%PROGRAMFILES%\McAfee\MPF\MC\MPFP.dll [McAfee, Inc.] [McAfee Personal Firewall Plus] MD5=9BB8167C197BA54DADAD677D1DB51AA6 SIZE=730400
%PROGRAMFILES%\McAfee\MSC\mcdemenu.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=2C4913A5581E3B9D032D9A57477BB27C SIZE=435024
%PROGRAMFILES%\McAfee\MPS\mpspv.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=48CAAE900E43D4CC188B257E8AA93A86 SIZE=214304
%PROGRAMFILES%\McAfee\MSC\mcprohlp.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=A1CB12BCE7436EF6EDD7946F9FBC4703 SIZE=240976
%PROGRAMFILES%\McAfee\VirusScan\mvscp.dll [McAfee, Inc.] [McAfee VirusScan] MD5=63DA6121EB851F63EBB95C0C5D78C3A3 SIZE=169288
%PROGRAMFILES%\McAfee\MSC\mcuicfg.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=6808762C4FC147C6D8AF1CE3E9267517 SIZE=116048
%PROGRAMFILES%\McAfee\MSC\mccfgpv.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=CC2CA1AA9623A737EF4905271B3FC62D SIZE=425808
%COMMONFILES%\McAfee\MNA\McNASvc.exe [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=C69E71E00B30B60556D3E096699BD423 SIZE=2458128
%PROGRAMFILES%\McAfee\MSC\McNmcSrv.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=75B5C9F6090D89D4E87A675007063EBB SIZE=1185048
%PROGRAMFILES%\McAfee\MSC\mcmismgr.dll [McAfee, Inc.] [McAfee SecurityCenter] MD5=2B160CD12B622E18AD913905845AECD4 SIZE=431952
%COMMONFILES%\McAfee\MNA\McUJ.dll [McAfee, Inc.] [McAfee Integrated Security Platform] MD5=E150DF39CB8ABB17627071FEF8EA5376 SIZE=336328
%COMMONFILES%\McAfee\McProxy\McProxy.exe [McAfee, Inc.] [McAfee Proxy] MD5=8CF3DA0BE6094C34D7C4A85493E60547 SIZE=359248
%PROGRAMFILES%\McAfee\VirusScan\EscnPlug.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=621FF0E8917AB0FEE5463C117861A460 SIZE=460104
%PROGRAMFILES%\McAfee\VirusScan\esplgres.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=DF0BDE60112E4F50A5A622EDDBC3B4EB SIZE=15136
%PROGRAMFILES%\McAfee\MPS\mps.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=BB84A28D41D68A0CA007C9F5FACCA57D SIZE=636192
%PROGRAMFILES%\McAfee\MSK\mskpxplg.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=95FDCE796BF535C778F45ED53AE2CB92 SIZE=119112
%SYSDIR%\Dunzip32.dll [Inner Media, Inc.] [DynaZIP-32 Multi-Threading UnZIP DLL] MD5=C293127E169B0F2F02BB2CBED1057471 SIZE=143360
%COMMONFILES%\McAfee\Core\McEvtBrk.dll [McAfee, Inc.] [McAfee Core API] MD5=28223D573C66522CF9F9DCE551747E06 SIZE=267600
%PROGRAMFILES%\McAfee\MPS\mpsevh.dll [McAfee, Inc.] [McAfee Privacy Service] MD5=75467A9FA13280E017CFEDE4D05DC8AC SIZE=292128
%PROGRAMFILES%\McAfee\VirusScan\mvslog.dll [McAfee, Inc.] [McAfee VirusScan] MD5=835E11BD5DF2E91F1E241D0EEB5C6E89 SIZE=275784
%PROGRAMFILES%\McAfee\VirusScan\Mcshield.exe [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=33734ABFA52EC8D096A1254D645E9B4F SIZE=144704
%PROGRAMFILES%\McAfee\VirusScan\lockdown.dll [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=0906307AB33EA67610C5F8EC588FD34F SIZE=24896
%PROGRAMFILES%\McAfee\VirusScan\mytilus3.dll [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=77739EAB2C2595DC4F4D5EFEDFA47945 SIZE=66880
%PROGRAMFILES%\McAfee\VirusScan\mytilus3_worker.dll [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=A03ECC2416C792241B66B93725B5EB15 SIZE=251200
%PROGRAMFILES%\McAfee\VirusScan\mytilus3_server.dll [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=546DF14A1661D8C80354C992767A26A8 SIZE=99648
%PROGRAMFILES%\McAfee\VirusScan\Res00\McShield.dll [McAfee, Inc.] [VSCORE.14.0.0.349] MD5=1E648639BD89045A9DF767276AC9731B SIZE=24384
%PROGRAMFILES%\McAfee\VirusScan\ftl.dll [McAfee, Inc.] [VSCORE.14.0.0.349.x86] MD5=CCF0D793988E55D306B38A9EFE0B11DF SIZE=40768
%PROGRAMFILES%\McAfee\VirusScan\naiann.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=B84BD0E69DCACF4FC772B2E6AF1E0204 SIZE=300360
%PROGRAMFILES%\McAfee\VirusScan\mcvsps.dll [McAfee, Inc.] [McAfee VirusScan API] MD5=82202254AD1D2F65C8B58F112ACCBE0D SIZE=173384
%PROGRAMFILES%\McAfee\VirusScan\Engine\5300.2777\mcscan32.dll [McAfee, Inc.] [McScan] MD5=7D2DB489F984628A63AA4D3703B079B4 SIZE=3092646
%PROGRAMFILES%\McAfee\VirusScan\mfebopa.dll [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=0FDAABC9A53555E88B97B62283E17203 SIZE=58688
%PROGRAMFILES%\McAfee\VirusScan\mfehida.dll [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=009AC65799B7D717F2A3682D3C168076 SIZE=18752
%PROGRAMFILES%\McAfee\VirusScan\mfeavfa.dll [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=FB8543292619D904CBAAD4EE9FA8AF64 SIZE=58688
%PROGRAMFILES%\McAfee\MPF\MPFSrv.exe [McAfee, Inc.] [McAfee Personal Firewall] MD5=346F30F1FF73553AA466F4AE7948DA00 SIZE=856864
%COMMONFILES%\McAfee\HackerWatch\HWAPI.dll [McAfee, Inc.] [McAfee HackerWatch] MD5=D07F2BA1451AE4F97985A2870F682A8E SIZE=620648
%PROGRAMFILES%\McAfee\MSK\MskSrver.exe [McAfee, Inc.] [McAfee Anti-Spam] MD5=A05DE3535884270B8D292DCBDD6DED20 SIZE=23880
%PROGRAMFILES%\McAfee\MSK\mskengn.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=1F5876F8E467DAC92F7CF6BBCA74ED74 SIZE=135496
%PROGRAMFILES%\McAfee\MSK\mskwm.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=778A58A1508E6BF895C12BC404A5ABE0 SIZE=198984
%PROGRAMFILES%\McAfee\MSK\mskxaif.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=2670161BC395BE450702BC1424C7A246 SIZE=120136
%PROGRAMFILES%\McAfee\MSK\MSKSet.dll [McAfee, Inc.] [McAfee Anti-Spam] MD5=71A48764B03F8552B94A8233225FD7C7 SIZE=428872
%SYSDIR%\HPZipm12.exe [HP] [HP PML] MD5=2D091A99624FB9E7EEF0A86D872EC0C3 SIZE=73728
%SYSDIR%\SynTPFcs.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=63BC0C63325234379FA86CD14B237017 SIZE=69722
%SYSDIR%\SiSApCom.dll [Silicon Integrated Systems Corporation] [SiSApCom Dynamic Link Library] MD5=E3405FE62E4584DCE568D622FDDBEFCF SIZE=176128
%SYSDIR%\SiSBase.dll [Silicon Integrated Systems Corporation] [SiS (R) Compatible Super VGA SiSBase Dynamic Link Library] MD5=E3159592A1E8CEB874556CB1AC75439C SIZE=49152
%SYSDIR%\SiSHook.dll [Silicon Integrated Systems Corporation] [SiSHook Dynamic Link Library] MD5=D64C9EC3B2C58A79C03F80E7D74239C4 SIZE=28672
%SYSDIR%\SynCOM.dll [Synaptics, Inc.] [COM SDK] MD5=07E1F1997D717A4B1C85BA524BCB664A SIZE=77917
%SYSDIR%\LQCUI2.dll [Logitech Inc.] [Logitech QuickCam] MD5=0689C5550A9C733B59452E75850D1449 SIZE=90112
%SYSDIR%\SynTPAPI.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=434937E43CF87066F73724A0D3122824 SIZE=90202
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\Cdrw32.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK] MD5=CBBF2718E07069637BE8250203C26BFA SIZE=217088
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\CdrMmc32.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK] MD5=A80A31A54B9DC9433D0F5305AA6FD603 SIZE=163840
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\CdrwEx32.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK Library] MD5=9513ABEFD3B7EEE6138DEEF4B8546998 SIZE=69632
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\ImagFile.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK Library] MD5=27DACFE9B4386B9B1797B06ED5BE77BE SIZE=15360
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\BlockDll.dll [Achieva Systems, Inc.] [BlockDll Dynamic Link Library] MD5=0CEDB01D5FB9DC2BADD609E6A2E10677 SIZE=15360
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\Data32.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK Library] MD5=57808B85DBA9CF3D37A455F684C862CA SIZE=147456
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\DataEx32.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK Library] MD5=C2585AF3E763D7D49AF5F9C2D76EE06E SIZE=65536
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\NtiAspi.dll [NewTech Infosystems, Inc.] [NTI CD-Writing SDK] MD5=4977FC5FB82405FD0C4E4B682CE4B0A7 SIZE=49152
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\extResource.dll [acer] [eTech] MD5=48E991E28C190AF94C8FE953CEE23A3D SIZE=65536
%SYSDIR%\lvmaenum.dll [Logitech Inc.] [Logitech QuickCam] MD5=68117BF63279094C974881102B740CB7 SIZE=258048
%SYSDIR%\lvcomcx.dll [Logitech Inc.] [Logitech QuickCam] MD5=A8C8F8EFE7DA315F116526F1EE46A29B SIZE=77824
%PROGRAMFILES%\Logitech\Video\QCUI2.dll [Logitech Inc.] [Logitech QuickCam] MD5=21CCCB3BF3BAA9B4D1171BC600BDE6B3 SIZE=466944
%PROGRAMFILES%\Logitech\Video\LTWVC12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=3C7B1E2C0E0C54FE99852F18B3DC8445 SIZE=856064
%PROGRAMFILES%\Logitech\Video\LTFIL12n.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=2D50FD2FC9B7BD4360229B5A5DB1E572 SIZE=131072
%PROGRAMFILES%\Logitech\Video\LTKRN12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=E09877BA179E67F465DD6EAB44684A19 SIZE=406016
%PROGRAMFILES%\Logitech\Video\LQCUI2.dll [Logitech Inc.] [Logitech QuickCam] MD5=0689C5550A9C733B59452E75850D1449 SIZE=90112
%PROGRAMFILES%\Logitech\Video\LLogTray.dll [Logitech Inc.] [Logitech QuickCam] MD5=FF3C2B3E32F78BE1CA8CD59E13FF4607 SIZE=90112
%PROGRAMFILES%\Logitech\Video\LTDIS12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=70319E2275E78D7D91FA9A8EF34F48FA SIZE=259072
%PROGRAMFILES%\Logitech\Video\LTIMG12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=54240AFF9562BB1BC88BD1BBED29C865 SIZE=164864
%PROGRAMFILES%\Logitech\Video\LTEFX12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=C6DC5023661EE122A296E9D0931AB163 SIZE=207872
%PROGRAMFILES%\Logitech\Video\LFFAX12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9981617DC7BD61AFC8A01E0C2429559D SIZE=78336
%PROGRAMFILES%\Logitech\Video\LFCMP12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=F61EC05FB1B10F088A8BC33C09987C67 SIZE=328704
%PROGRAMFILES%\Logitech\Video\LFTIF12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9181BF08AE5C2B0A2094944B753A6004 SIZE=141312
%PROGRAMFILES%\Logitech\Video\LFBMP12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=747B156D7ADAFA031B3BF816D87E1A6D SIZE=30720
%PROGRAMFILES%\Logitech\Video\FXSvrps.dll [Logitech Inc.] [Logitech QuickCam] MD5=96A04B2305C99D1B2FD48A23173E04F3 SIZE=8192
%PROGRAMFILES%\Windows Live\Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=74F9E855A6A634C99320850758E795C0 SIZE=59728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=6A148850B1B0469C2A68B5CFE2AA5C8B SIZE=3335504
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll [] MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\McAfee\SiteAdvisor\saPlugin.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=822EDF9320894422B26B9916AE706C27 SIZE=189728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=50D3B341178EF2BA876507AB43FFD2C1 SIZE=1818960
%PROGRAMFILES%\Messenger Plus! Live\MPSkins.dll [Patchou] [Messenger Plus! Live] MD5=AE402088F6AA1E22299C68EDBD3AE0ED SIZE=8528
%SYSDIR%\Macromed\Flash\Flash9f.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=48FDF435B8595604E54125B321924510 SIZE=2991488
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll [] MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll [] MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656
%PROGRAMFILES%\McAfee\SiteAdvisor\McBrwctl.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=F09E03FB5F5218209412E4DB76546322 SIZE=247072
%PROGRAMFILES%\McAfee\SiteAdvisor\mcplgSH.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=7B52E7882FE795E9262DBD4BD9CF248E SIZE=76576
%PROGRAMFILES%\McAfee\VirusScan\mcsysmon.exe [McAfee, Inc.] [McAfee VirusScan API] MD5=FD47DF2BCC3544DF65B01AD6B6062430 SIZE=695624
%PROGRAMFILES%\McAfee\VirusScan\mfesmfa.dll [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=AF711D24B9180BABE04E4A80A57F6219 SIZE=17216
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqtra08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=C424694DFDE8016EE0F7450C18788406 SIZE=65536
%PROGRAMFILES%\HP\Digital Imaging\bin\hpotra08.dll [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=133601A55D03031BD16DC6732D8EF1D1 SIZE=212992
%PROGRAMFILES%\HP\Digital Imaging\bin\hpotra08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=F2D66DFB0C74047993DE0AC80859608C SIZE=28672
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqusg.dll [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=A6D7DA27D1DA6337A2C7C97A65ADC460 SIZE=348160
%PROGRAMFILES%\Logitech\Video\FxSvr2.exe [Logitech Inc.] [Logitech QuickCam] MD5=70B68620C41C40580886B808FD7265DA SIZE=192512
%COMMONFILES%\Microsoft Shared\Windows Live\WLLoginProxy.exe [Microsoft Corporation] [Microsoft® Windows Live Login Helper] MD5=7FA0AA2F3DABA5BEB2C4AC1EEC054EFA SIZE=118336
%PROGRAMFILES%\Adobe\Acrobat 7.0\Reader\reader_sl.exe [Adobe Systems Incorporated] [Adobe Acrobat] MD5=DFCB9ADE94A4F8A7C42EEF41101A30AD SIZE=29696
deskpan.dll []
%PROGRAMFILES%\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=8C7EE29A6EF959CE3BECC63AD65D30E5 SIZE=5947482
%PROGRAMFILES%\Logitech\Video\Namespc2.dll [Logitech Inc.] [Logitech QuickCam] MD5=2263BE04A864489E2828A9C4A1EAA5E1 SIZE=135168
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%SYSDIR%\drivers\ALCXWDM.SYS [Realtek Semiconductor Corp.] [Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)] MD5=5DAE13401E4D3B8F132BF5867447D661 SIZE=2311680
%SYSDIR%\svchost.exe -k netsvcs []
%SYSDIR%\DRIVERS\bcmwl5.sys [Broadcom Corporation] [Broadcom 802.11 Network Adapter wireless driver] MD5=38CA1443660D0F5F06887C6A2E692AEB SIZE=369024
%SYSDIR%\svchost -k DcomLaunch []
%SYSDIR%\svchost.exe -k NetworkService []
%SYSDIR%\DRIVERS\HSFHWSIS.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=5D2CC68AB58EF663AF5803D0FAA42D28 SIZE=200576
%SYSDIR%\DRIVERS\HSF_DP.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=DFA8F86C0DBCA7DB948043AA3BE6793B SIZE=1038208
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\int15.sys [] MD5=4D8D5B1C895EA0F2A721B98A7CE198F1 SIZE=69632
%SYSDIR%\svchost.exe -k LocalService []
%SYSDIR%\drivers\mfeavfk.sys [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=C97CBFD71C1C215150A3B3E55F77A7A3 SIZE=79304
%SYSDIR%\drivers\mfebopk.sys [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=5447338B83A1A2354FB2FEA7604387FD SIZE=35240
%SYSDIR%\drivers\mfehidk.sys [McAfee, Inc.] [SYSCORE.14.0.0.291.x86] MD5=6C9A6ED60B8FC3BAF72FE1B1D096445B SIZE=201320
%SYSDIR%\drivers\mfesmfk.sys [McAfee, Inc.] [SYSCORE.14.0.0.284.x86] MD5=299A86B780C9627AAA24E74292363ED2 SIZE=40488
%SYSDIR%\Drivers\Mpfp.sys [McAfee, Inc.] [McAfee Personal Firewall Plus] MD5=E454F42AE5524D695D76EAB5D363B8AC SIZE=113952
%SYSDIR%\DRIVERS\NTIDrvr.sys [NewTech Infosystems, Inc.] MD5=7F1C1F78D709C4A54CBB46EDE7E0B48D SIZE=6144
%SYSDIR%\svchost -k rpcss []
%SYSDIR%\DRIVERS\sisgrp.sys [Silicon Integrated Systems Corporation] [SiS (R) Compatible Super VGA Miniport Driver for Windows XP] MD5=8B3CDB4B1453B3A2E6E7300AABE50D0E SIZE=240640
%SYSDIR%\DRIVERS\SISAGPX.sys [Silicon Integrated Systems Corporation] [SiS AGPv3.5 Filter for Windows XP] MD5=61CA562DEF09A782D26B3E7EDEC5369A SIZE=36992
%SYSDIR%\DRIVERS\srvkp.sys [Silicon Integrated Systems Corporation] [SiS (R) WindowsXP Display Manager] MD5=87A5176A3762B1341619CE63152C1DA9 SIZE=13312
%SYSDIR%\DRIVERS\sisnicxp.sys [SiS Corporation] [NDIS 5.1 NIC Driver] MD5=47F39481BC8941E0D51601A85691448D SIZE=32768
%SYSDIR%\DRIVERS\ssmdrv.sys [Avira GmbH] MD5=3D2829FDE1C52FC64DA5413889CE4DEE SIZE=28352
%SYSDIR%\svchost.exe -k imgsvc []
%SYSDIR%\DRIVERS\SynTP.sys [Synaptics, Inc.] [Synaptics Pointing Device Driver] MD5=EB363DDFBE8B6D51003CCAB29D93D744 SIZE=185824
%SYSDIR%\DRIVERS\HSF_CNXT.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=473EE64C368CE2EED110376C11960259 SIZE=703232
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
%PROGRAMFILES%\Microsoft ActiveSync\aatp.dll []
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setup.ini []
%PROGRAMFILES%\WINCLAMAVSHIELD\Microsoft.VC80.CRT.manifest [] SIZE=522
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcm80.dll [] MD5=CDCC63E967D64ECE3729246720AF4FCC SIZE=479232
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcp80.dll [] MD5=2BC650257FB0867ABD54FD460EC2BAFC SIZE=548864
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcr80.dll [] MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 SIZE=626688

End of Report
0
Réponse 3 / 23
virginie3280
 
AVEC HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:56, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [mytjqpyvzhzlw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.33/g_bin/eng/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_31.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 4 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
Pas de grosse infection, juste 2-3 trucs a changer:

1) Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

Laisse les Mises à jour se télécharger
*** Referme le programme ***

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"

--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.

quand tu demande une analyse, demande en mode sans échec.

Pourquoi en mode sans échec:

*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Mon conseil perso serait deja de changer mcafee pour Antivir et de faire un scan complet en mode sans échec, apres avoir fair les mises a jour bien sur.

Je serais absent quelques heures, mais de retour vers 22h pour continuer la désinfection.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
virginie3280
 
Je vais essayer de faire tout cela
lol
merci
0
Réponse 6 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
De rien, prend ton temps mais fais-le et suis bien les instructions stp.
0
Réponse 7 / 23
virginie3280
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2

28/10/2008 09:10:00
mbam-log-2008-10-28 (09-09-44).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 113031
Temps écoulé: 46 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJDuvTL.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtrOgeE.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac345d7b-52e1-4140-855e-61bd74c9b76f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ac345d7b-52e1-4140-855e-61bd74c9b76f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd153fdb-e2fb-40d2-8e36-f21c36b51dad} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrogee (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dd153fdb-e2fb-40d2-8e36-f21c36b51dad} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FilesSecure (Rogue.Files-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure (Rogue.Files-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd153fdb-e2fb-40d2-8e36-f21c36b51dad} (Trojan.Vundo.H) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljduvtl -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljduvtl -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mlJDuvTL.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LTvuDJlm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LTvuDJlm.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtrOgeE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccdeeba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cbXNDWpo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\urqRHbYp.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\20081027174303546.log (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081027172622406.log (Rogue.ProAntispyware2009) -> No action taken.
C:\WINDOWS\system32\winsoft.nls (Malware.Trace) -> No action taken.
0
Réponse 8 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
As-tu changé pour Antivir? J'aimerais un nouveau scan hijack stp. Sinon tu es infectée par vundo, on va s en occuper après.
0
Réponse 9 / 23
virginie3280
 
je vais mettre antivir et desinstaller macfee et refai un scan hijack...
0
Réponse 10 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
ok. si t arrives fais le scan antivir en mode sans échec et poste les 2 rapports stp.
0
Réponse 11 / 23
virginie3280
 
Premium Security Suite
Date de création du fichier de rapport : mardi 28 octobre 2008 12:33

La recherche porte sur 1369550 souches de virus.

Détenteur de la licence :virginie renart
Numéro de série : 2200385982-ISECE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :ACER-79F6FF2248

Informations de version :
BUILD.DAT : 8.1.0.39 27419 Bytes 19/08/2008 11:49:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:50
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 14:44:28
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:18
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 08:30:28
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:16
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:54
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:48
Version du moteur: 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:22
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 14:13:48
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 13:44:50
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 13:37:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:36
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 07:35:22
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 14:13:48
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 13:44:50
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 15:38:48
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 09:33:22
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 09:33:22
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 13:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:04
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:00
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:29:38
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:38
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:20
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:48
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:38
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:08
RCIMAGE.DLL : 8.0.0.51 2904321 Bytes 21/07/2008 14:48:20
RCTEXT.DLL : 8.0.46.1 90369 Bytes 14/07/2008 11:43:20

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: C:\Program Files\Avira\Avira Premium Security Suite\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : mardi 28 octobre 2008 12:55

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSMSGS.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'msimn.exe' - '1' module(s) sont contrôlés
Processus de recherche 'update.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLLoginProxy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FxSvr2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sistray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MsnMsgr.Exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'regsvr32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SpywareTerminatorShield.Exe' - '1' module(s) sont contrôlés
Processus de recherche 'qttask.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LogiTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVCOMSX.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Monitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPLpr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Keyhook.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AVWEBGRD.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'avmailc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Explorer.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sp_rsser.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avesvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avfwsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SMSS.EXE' - '1' module(s) sont contrôlés
'47' processus ont été contrôlés avec '47' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '78' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <ACER>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\System Volume Information\_restore{3FFD409C-A779-4E68-83FD-8EA2CEAF0EFF}\RP674\A0324614.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Fichier supprimé.
Recherche débutant dans 'D:\' <ACERDATA>

Fin de la recherche : mardi 28 octobre 2008 14:27
Temps nécessaire: 1:54:21 Heure(s)

La recherche a été effectuée intégralement

5340 Les répertoires ont été contrôlés
266220 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
1 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
266217 Fichiers non infectés
8493 Les archives ont été contrôlées
2 Avertissements
1 Consignes
0
Réponse 12 / 23
virginie3280
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:56, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mytjqpyvzhzlw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.33/g_bin/eng/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_31.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira Premium Security Suite Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 13 / 23
virginie3280
 
voila lol
0
Réponse 14 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
t'es encore infectée, mais on avance!

Alors Télécharger Vundofix (par Atribune) sur ton Bureau.
Double-cliquer sur VundoFix.exe afin de le lancer.
Cliquer sur le bouton Scan for Vundo.
Lorsque le scan est complété, cliquer sur le bouton fix Vundo.
Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
Le contenu du rapport est situé dans C:\vundofix.txt, ouvre le et poste-le stp.

Puis dans la foulée, installe Trojan remover. Fais les mises à jour, scan complet.

Encore un truc: Retourne dans Malwarebytes et vérifie dans "Quarantaine" si l'équivalent de ton rapport affiché s'y trouve, dans un tel cas [Supprimer tout], sinon relance un autre scan en mode sans échec et lorsque les scan est complété choisis [Supprimer la sélection] (en bas à gauche).

Reposte après tt ca un scan hijack stp.
0
Réponse 15 / 23
virginie3280
 
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LVUSBSta
ImagePath=system32\drivers\lvusbsta.sys - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=nm
ImagePath=system32\DRIVERS\NMnt.sys - this reference has been left in place
----------
Key=NTIDrvr
ImagePath=system32\DRIVERS\NTIDrvr.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=Pcmcia
ImagePath=system32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=pfc
ImagePath=system32\drivers\pfc.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Pml Driver HPZ12
ImagePath=C:\WINDOWS\system32\HPZipm12.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=QCMerced
ImagePath=system32\DRIVERS\LVCM.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=ScsiPort
ImagePath=%SystemRoot%\system32\drivers\scsiport.sys - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=SiS315
ImagePath=system32\DRIVERS\sisgrp.sys - this reference has been left in place
----------
Key=SISAGP
ImagePath=system32\DRIVERS\SISAGPX.sys - this reference has been left in place
----------
Key=SiSkp
ImagePath=system32\DRIVERS\srvkp.sys - this reference has been left in place
----------
Key=SISNICXP
ImagePath=system32\DRIVERS\sisnicxp.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SNPSTD3
ImagePath=system32\DRIVERS\snpstd3.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sp_rsdrv2
ImagePath=\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - this reference has been left in place
----------
Key=sp_rssrv
ImagePath="C:\Program Files\Spyware Terminator\sp_rsser.exe" - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=sscdbus
ImagePath=system32\DRIVERS\sscdbus.sys - this reference has been left in place
----------
Key=sscdmdfl
ImagePath=system32\DRIVERS\sscdmdfl.sys - this reference has been left in place
----------
Key=sscdmdm
ImagePath=system32\DRIVERS\sscdmdm.sys - this reference has been left in place
----------
Key=ssmdrv
ImagePath=system32\DRIVERS\ssmdrv.sys - this reference has been left in place
----------
Key=ss_bus
ImagePath=system32\DRIVERS\ss_bus.sys - this reference has been left in place
----------
Key=ss_mdfl
ImagePath=system32\DRIVERS\ss_mdfl.sys - this reference has been left in place
----------
Key=ss_mdm
ImagePath=system32\DRIVERS\ss_mdm.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{F03AF93D-C6C3-4FE8-8194-D6D1B5651DC1} - this reference has been left in place
----------
Key=SYMIDSCO
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20061216.001\symidsco.sys - this reference has been left in place [file not found to scan]
----------
Key=SynTP
ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=uagp35
ImagePath=system32\DRIVERS\uagp35.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbaudio
ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\Windows Live\Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
----------
Key=WLSetupSvc
ImagePath="C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

******************************
11:56:04: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
11:56:04: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=dimsntfy
DLLName=%SystemRoot%\System32\dimsntfy.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
11:56:05: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Shell Extension for Malware scanning
CLSID = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll - this ContextMenuHandler has been left in place
----------
Key = SPTContMenu
CLSID = {BD88A479-9623-4897-8546-BC62B9628F44}
C:\Program Files\Spyware Terminator\sptcontmenu.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
11:56:06: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
11:56:06: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F}
C:\WINDOWS\system32\kecnkmoatvcrxmla.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------

******************************
11:56:07: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

******************************
11:56:07: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
11:56:07: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
11:56:07: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = sockspy.dll]
The following AppInit_DLLs are loaded at boot-time:
sockspy.dll - this entry has been left in place [file not found to scan]
----------

******************************
11:56:10: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
Utility Tray.lnk - this links to C:\WINDOWS\system32\sistray.exe and has been left in place
--------------------
HP Digital Imaging Monitor.lnk - this links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe and has been left in place
--------------------
Adobe Reader Speed Launch.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
11:56:11: Scanning ----- SCHEDULED TASKS -----

******************************
11:56:11: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
11:56:11: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ZIntro.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Banksht2.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\FnacComposant.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\OGAControl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\opuc.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\jinstall-6u2.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF - this file has been left in place
C:\WINDOWS\Downloaded Program Files\setup.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURen-us.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURfr-fr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Domino.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Domino.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Marbles.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Marbles.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Mahjong.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Mahjong.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Navy.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Navy.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\install.log - this file has been left in place
C:\WINDOWS\Downloaded Program Files\unagiuninst.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll - this file has been left in place

******************************
11:56:18: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\system32\keyhook.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
--------------------
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe
--------------------
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
--------------------
C:\Program Files\QuickTime\qttask.exe
--------------------
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
--------------------
C:\WINDOWS\System32\regsvr32.exe
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
--------------------
C:\WINDOWS\system32\sistray.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
--------------------
C:\Program Files\Outlook Express\msimn.exe
--------------------
C:\Program Files\Messenger\msmsgs.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Documents and Settings\StEpHaN\Application Data\Simply Super Software\Trojan Remover\wjy67.exe
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------

******************************
11:56:26: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
11:56:26: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.crawler.com/search/ie.aspx?tb_id=60076
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

******************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 29/10/2008 11:56:26
************************************************************
0
Réponse 16 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
t'as tt fait du message 14? Si oui, tu peux aussi reposter un scan hijack stp.
0
Réponse 17 / 23
virginie3280
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

29/10/2008 15:17:57
mbam-log-2008-10-29 (15-17-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124383
Temps écoulé: 2 hour(s), 36 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 18 / 23
virginie3280
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:35, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mytjqpyvzhzlw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.33/g_bin/eng/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_31.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira Premium Security Suite Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 19 / 23
virginie3280
 
voila
j'espere que j'ai bien fait tout ce que tu m'a dit lol
0
Réponse 20 / 23
Strik-Strak Messages postés 1386 Statut Contributeur 376
 
ok on continue, il reste une merde.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses