Forum XP.Net -Sécurité Informatique-

- Dépannages - Prévention - Conseils - Aide -
Nous sommes actuellement le Lun 29 Avr 2024 - 01:53

Voir les messages sans réponses | Voir les sujets actifs


Index du forum » Dépannage, désinfection. » Désinfection: vers, virus, spywares et autres...

Heures au format UTC + 1 heure




Publier un nouveau sujet Répondre au sujet  Page 1 sur 2
  [ 21 messages ]  Aller à la page 1, 2  Suivant
  Sujet précédent | Sujet suivant 
Auteur Message
albator
 Sujet du message: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Ven 5 Déc 2008 - 20:22 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Bonjour à tous!
Au secours!!!
Utilisateur lambda, j'ai consulté tous les forums et tutos imaginables depuis plusieurs jours, en vain. Mon problème : depuis quelques temps, mes deux navigateurs, à savoir IE 7 et firefox 3 m'ouvrent des fenêtres intempestives sans que je puisse y remédier. IE se lance même tout seul, toujours sur les mêmes sites. Le phénomène est exponentiel et rend tout travail sur ma machine très difficile. Je suis protégé par AVG 8 free, Malwarebytes, et Browser hijack retalliator. J'ai installé Hijackthis, version française mais je suis tout simplement incapable d'en interpréter les logs. Une bonne âme pourrait-elle me venir en aide? Merci...
Albator, la dernière des brelles derrière un pc...
Haut
 Profil Envoyer un e-mail  
 
Guardian
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Sam 6 Déc 2008 - 11:49 
Hors-ligne
modérateur
modérateur
Avatar de l’utilisateur

Inscrit le: Mer 7 Sep 2005 - 09:53
Messages: 1358
Bonjour,

Tu peux faire interpréter ton log sur le site, mais avec certaines réserves.
Tout n'est pas sûr 100%, il faut donc être prudent.

Sinon on peut jeter un oeil dessus ici
mais il faudrait nous le poster ;)

Une chose cependant : si ce problème n'intervient que sur un site, cela vient peut-être du site et non de ton PC.
Haut
 Profil  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Sam 6 Déc 2008 - 16:36 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Hello.
Oui poste nous ton rapport.
Guardian a ce que j'ai compris le problème du "même" site c'est qu'il semble que ce soit un site qui ne convienne pas a albator.
:lol:

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mar 9 Déc 2008 - 21:05 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Bonjour à tous,
tout d'abord, merci de vos réponses. Avant de vous poster mon log, j'ai essayé la méthode de nettoyage selon le tuto d'Agnes. J'ai installé ATFCleaner (l'antispy AVG est compris dans l'AVG free 8) et commencé la procédure indiquée. Chose curieuse, je n'arrive pas à démarrer en mode sans échec. J'arrive au menu après avoir appuyé F8, puis je sélectionne mode sans echec et là, écran noir avec curseur qui clignote en haut à gauche et rien ne se passe.
Alors voilà, je vous poste mon log en espérant que quelqu'un pourra m'aider.

Logfile of HijackThis v1.99.1
Scan saved at 20:49:35, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ELAN.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {85117282-fa91-4b9c-ae9b-ed5d68199cce} - C:\WINDOWS\system32\bufesine.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\user body.exe
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKLM\..\Run: [wonekoviye] Rundll32.exe "C:\WINDOWS\system32\loburako.dll",s
O4 - HKLM\..\Run: [5c64676b] rundll32.exe "C:\WINDOWS\system32\yesileya.dll",b
O4 - HKLM\..\Run: [CPM5f5754f7] Rundll32.exe "c:\windows\system32\jotufafu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Audio Peak] C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Trayflaw.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll hnfjcu.dll C:\WINDOWS\system32\nasiliyu.dll c:\windows\system32\jotufafu.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotufafu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Haut
 Profil Envoyer un e-mail  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mar 9 Déc 2008 - 21:57 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Merci,
Voici la suite, ce serait bien de faire les manips assez rapidement pour ne pas laisser aux infections le temps de trop se developper....

Tu peux passer un coup d'ATF si tu le souhaite. cela fait toujours cela de moins a scanner.
:wink:
Télécharge Malwarebytes' Anti-Malware (MBAM)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    Citer:
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport tu le postera dans ta prochaine réponse.
Ensuite redémarre ta machine, et repasse un HJThis.
Tu nous postera les deux le rapport MBAM et le dernier HJThis.
:wink:
J'attends de tes nouvelles.

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 00:49 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Merci de ta réponse, je me sens un petit peu moins seul derrière ma machine... J'avais déjà MBAM, j'ai donc effectué une mise à jour et sauvé le log que je joins ainsi que le nouveau log hijackthis.
Je sais pas si ça a une importance mais j'ai des messages du genre RUNDLL - erreur de chargement de c:\windows\system32\jotufafu.dll - le module spécifié est introuvable. J'ai eu le même avec laburako.dll. Kesako?
De plus, lorsque j'éteins mon PC, windows m'indique que IEXPLORE.EX est en cours d'utilisation et me propose-TERMINER MAINTENANT. IE est fermé lorsque j'ai ce message, est-ce normal?
Je te remercie pour ta précieuse aide.

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 3

10/12/2008 00:33:46
mbam-log-2008-12-10 (00-33-46).txt

Type de recherche: Examen rapide
Eléments examinés: 55321
Temps écoulé: 7 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wonekoviye (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5f5754f7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nasiliyu.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\bufesine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\letuyami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.


Logfile of HijackThis v1.99.1
Scan saved at 00:41:18, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ELAN.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\user body.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Audio Peak] C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Trayflaw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll hnfjcu.dll c:\windows\system32\jotufafu.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Haut
 Profil Envoyer un e-mail  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 08:11 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Ok
Il y a du mieux, je ne peut pas regarder pour le moment car je suis au boulot.
Les messages d'erreur rundll au chargement c'est normal.
Pour IE on va regarder.

:P

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 11:34 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
ok, vais bosser aussi. Je te remercie pour ton aide. J'ai effectué un scan avec AVG, il a trouvé trois troyan, dont quelque chose comme VUNDO. Je l'ai déjà supprimé plusieurs fois. Concernant IE, il se lance toujours tout seul et me dirige (aujourd'hui) sur les sites hXXp://www.usagc.org/step1landing.aspx? ... andGermdeu - hXXp://ch.celldorado.com/CH/ADS/2457470 ... KfSmdtvd3f.
à+


J'ai édite ton post pour desactiver les adresses... vaut mieux pas que qqu'un y ailes par accident.
:wink:


Haut
 Profil Envoyer un e-mail  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 14:27 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Bonjour,
Merci de la rapidité.
Tu va maintenant passer Lop S&D regarde sur le lien tu as tout tuto et programme.
http://eric.71.mespages.googlepages.com/lop.sd.fr
Télécharges et installe le programme et ensuite déconnecte toi d'internet, pendant le nettoyage désactiver les "gardiens temps réels" ( antivirus antispy AVG Spybot ? ad-aware ? si tu les as activé.)tu les redémarrera quand tu aura fini et avant de te reconnecter sur le NET
et ensuite redémarre puis si tu as le temps repasse MBAM mais surtout fait un nouvel HJThis.
Poste nous les rapports et donne des nouvelles du PC (encore des redirection d'IE ? )
je repasse vers 21H ce soir.
:wink:

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 20:33 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
ok nickel, je vais tenter tout ça. à+
Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 22:07 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Me voilà, j'ai effectué les scans demandés et les joints ci-dessous. Concernant la machine, la galère... j'ai maintenant systématiquement une fenêtre avec le message suivant CMD.EXE - Image incorrecte - l'application ou la DLL C:\WINDOWS\system32\jasutudo.dll n'est pas une image Windows valide. Vérifier à l'aide de votre disquette d'installation.
Ce message débute aussi par IEXPLORE.EXE - FIND.EXE et toute les autres applications que je lance. Cela a rendu le scan avec lopsd très long, vu que je devais cliquer sur ces boîtes de dialogue pour que la recherche continue.
IE semble toujours en marche, même lorsqu'il ne figure pas dans les tâches. Il continue de se lancer tout seul et se dirige sur des sites commençants notamment par CiD.
Voilà, je crois que j'ai essayé de te décrire le(s) problème(s) de la manière la plus complète. Merci pour ton aide.


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : chaton ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:14 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 10/12/2008|21:34 )

--------------------\\ Listing des dossiers dans APPLIC~1

[19/08/2004|13:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[20/10/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[04/11/2007|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[23/04/2008|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/04/2006|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[20/05/2006|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/12/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[26/11/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[04/10/2005|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[04/02/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
[20/11/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtraFilm
[21/10/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fcbwhspc
[23/04/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/07/2005|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[11/07/2005|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[20/11/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
[09/12/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[12/04/2006|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/10/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/08/2004|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/10/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[24/09/2005|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/11/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[19/08/2004|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[04/10/2005|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[23/04/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[11/11/2007|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[10/12/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/07/2006|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/10/2008|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yhcvyluv

[18/06/2006|18:52] C:\DOCUME~1\chaton\APPLIC~1\ACD Systems
[23/04/2008|19:21] C:\DOCUME~1\chaton\APPLIC~1\Adobe
[21/05/2006|11:40] C:\DOCUME~1\chaton\APPLIC~1\Apple Computer
[26/07/2005|10:31] C:\DOCUME~1\chaton\APPLIC~1\Arcsoft
[26/11/2008|23:07] C:\DOCUME~1\chaton\APPLIC~1\Azureus
[20/11/2008|20:34] C:\DOCUME~1\chaton\APPLIC~1\Blah 1
[05/10/2005|13:46] C:\DOCUME~1\chaton\APPLIC~1\Brother
[20/07/2005|05:35] C:\DOCUME~1\chaton\APPLIC~1\CyberLink
[29/10/2008|11:15] C:\DOCUME~1\chaton\APPLIC~1\DivX
[13/10/2007|15:54] C:\DOCUME~1\chaton\APPLIC~1\EFC
[02/05/2006|11:01] C:\DOCUME~1\chaton\APPLIC~1\Elaborate Bytes
[20/11/2008|10:21] C:\DOCUME~1\chaton\APPLIC~1\ExtraFilm
[24/09/2005|10:30] C:\DOCUME~1\chaton\APPLIC~1\FotoWire
[05/09/2006|21:07] C:\DOCUME~1\chaton\APPLIC~1\Google
[22/10/2008|09:34] C:\DOCUME~1\chaton\APPLIC~1\Help
[19/08/2004|13:24] C:\DOCUME~1\chaton\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\chaton\APPLIC~1\Intel
[12/05/2007|14:38] C:\DOCUME~1\chaton\APPLIC~1\Jasc Software Inc
[19/07/2005|10:52] C:\DOCUME~1\chaton\APPLIC~1\Leadertech
[22/07/2005|14:16] C:\DOCUME~1\chaton\APPLIC~1\Macromedia
[21/10/2008|13:28] C:\DOCUME~1\chaton\APPLIC~1\Malwarebytes
[19/11/2008|19:44] C:\DOCUME~1\chaton\APPLIC~1\Microsoft
[26/11/2008|09:48] C:\DOCUME~1\chaton\APPLIC~1\Mozilla
[01/12/2008|19:04] C:\DOCUME~1\chaton\APPLIC~1\MSNInstaller
[24/07/2005|18:14] C:\DOCUME~1\chaton\APPLIC~1\Nikon
[09/12/2008|16:22] C:\DOCUME~1\chaton\APPLIC~1\Roxio
[03/11/2008|16:26] C:\DOCUME~1\chaton\APPLIC~1\Skype
[03/11/2008|15:00] C:\DOCUME~1\chaton\APPLIC~1\skypePM
[14/10/2007|17:03] C:\DOCUME~1\chaton\APPLIC~1\SlySoft
[19/07/2005|10:53] C:\DOCUME~1\chaton\APPLIC~1\Sonic
[11/07/2005|18:55] C:\DOCUME~1\chaton\APPLIC~1\Sun
[19/07/2005|10:39] C:\DOCUME~1\chaton\APPLIC~1\Symantec
[19/10/2008|18:24] C:\DOCUME~1\chaton\APPLIC~1\TmpRecentIcons
[26/11/2008|21:53] C:\DOCUME~1\chaton\APPLIC~1\uTorrent
[23/11/2008|22:36] C:\DOCUME~1\chaton\APPLIC~1\vlc
[23/03/2008|16:45] C:\DOCUME~1\chaton\APPLIC~1\WinRAR
[30/03/2006|12:22] C:\DOCUME~1\chaton\APPLIC~1\WIS

[19/08/2004|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[19/08/2004|13:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[20/10/2008|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/04/2008|19:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
[05/03/2007|09:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[20/10/2008|08:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[22/07/2005|13:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/12/2008 21:00][--ah-----] C:\WINDOWS\tasks\A365E1E991FA9ED9.job
[10/12/2008 21:31][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[10/12/2008 20:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A365E1E991FA9ED9.job )=( c:\docume~1\chaton\applic~1\blah1~1\Baseextra32.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[24/11/2008|17:32] C:\Program Files\7-Zip
[26/12/2007|20:13] C:\Program Files\Abigs
[21/09/2008|13:05] C:\Program Files\Adobe
[11/07/2005|18:58] C:\Program Files\Apoint
[24/07/2005|18:09] C:\Program Files\ArcSoft
[11/07/2005|18:56] C:\Program Files\ATI Technologies
[09/04/2006|19:49] C:\Program Files\Auralog
[19/10/2008|17:08] C:\Program Files\AVG
[26/11/2008|21:03] C:\Program Files\Bit Che
[20/11/2008|20:34] C:\Program Files\Blah 1
[12/03/2006|08:33] C:\Program Files\BrevierPALM
[11/07/2005|18:59] C:\Program Files\Broadcom
[04/10/2005|13:53] C:\Program Files\Brother
[22/10/2008|08:41] C:\Program Files\CCleaner
[04/02/2008|11:01] C:\Program Files\Citrix
[09/12/2008|21:47] C:\Program Files\CleanUp!
[04/10/2005|13:53] C:\Program Files\Common Files
[19/08/2004|13:15] C:\Program Files\ComPlus Applications
[11/07/2005|18:42] C:\Program Files\CONEXANT
[11/07/2005|18:59] C:\Program Files\CyberLink
[11/07/2005|19:03] C:\Program Files\Dell
[11/07/2005|18:57] C:\Program Files\Digital Line Detect
[11/11/2007|18:17] C:\Program Files\DivX
[19/04/2006|13:49] C:\Program Files\Documed AG
[10/01/2007|09:45] C:\Program Files\Documents To Go
[12/04/2006|09:56] C:\Program Files\Elaborate Bytes
[11/04/2008|09:30] C:\Program Files\eMule
[23/11/2007|11:29] C:\Program Files\Extra Film Digitorder
[20/11/2008|10:21] C:\Program Files\ExtraFilm Designer EFCH French
[09/12/2008|21:42] C:\Program Files\Fichiers communs
[05/03/2007|11:03] C:\Program Files\FotoStation Easy
[18/03/2008|15:04] C:\Program Files\GeTax2005
[18/03/2008|15:05] C:\Program Files\GeTax2006
[07/02/2008|20:16] C:\Program Files\GeTaxPP2007
[25/10/2008|17:14] C:\Program Files\Google
[10/12/2008|00:41] C:\Program Files\Hijackthis Version Fran‡aise
[31/10/2008|14:14] C:\Program Files\InstallShield Installation Information
[11/07/2005|18:56] C:\Program Files\Intel
[11/07/2005|18:57] C:\Program Files\Intel, Inc
[11/11/2007|18:35] C:\Program Files\InterActual
[17/10/2008|08:44] C:\Program Files\Internet Explorer
[04/11/2007|23:08] C:\Program Files\Jasc Software Inc
[28/11/2008|20:34] C:\Program Files\Java
[09/12/2008|21:44] C:\Program Files\Lavasoft
[24/09/2005|10:29] C:\Program Files\Logitech
[10/12/2008|00:19] C:\Program Files\Malwarebytes' Anti-Malware
[21/10/2008|16:44] C:\Program Files\Messenger
[19/08/2004|13:18] C:\Program Files\microsoft frontpage
[19/11/2008|19:43] C:\Program Files\Microsoft Office
[11/07/2005|19:01] C:\Program Files\Microsoft Visual Studio
[11/07/2005|19:09] C:\Program Files\Microsoft Works
[11/07/2005|19:01] C:\Program Files\Microsoft.NET
[22/04/2008|16:28] C:\Program Files\Mindscape
[11/07/2005|18:57] C:\Program Files\Modem Helper
[21/10/2008|16:38] C:\Program Files\Movie Maker
[10/12/2008|21:31] C:\Program Files\Mozilla Firefox
[19/11/2008|19:42] C:\Program Files\MSECACHE
[01/12/2008|19:04] C:\Program Files\MSN
[19/08/2004|13:14] C:\Program Files\MSN Gaming Zone
[09/10/2007|15:54] C:\Program Files\MSN Messenger
[17/11/2006|08:51] C:\Program Files\MSXML 4.0
[21/10/2008|16:34] C:\Program Files\NetMeeting
[11/07/2005|18:57] C:\Program Files\NetWaiting
[24/07/2005|18:11] C:\Program Files\Nikon
[09/11/2007|20:19] C:\Program Files\Nouveau dossier
[19/08/2004|13:15] C:\Program Files\Online Services
[21/10/2008|16:34] C:\Program Files\Outlook Express
[22/10/2008|09:34] C:\Program Files\Palm
[20/05/2006|23:52] C:\Program Files\QuickTime
[22/10/2008|08:56] C:\Program Files\RegCleaner
[11/11/2007|18:32] C:\Program Files\Roxio
[04/10/2005|13:51] C:\Program Files\ScanSoft
[19/08/2004|13:16] C:\Program Files\Services en ligne
[11/11/2007|18:27] C:\Program Files\SightSpeed
[11/07/2005|18:43] C:\Program Files\Sigmatel
[23/04/2008|19:56] C:\Program Files\Skype
[12/04/2006|09:53] C:\Program Files\SlySoft
[04/11/2007|23:10] C:\Program Files\Sonic
[16/10/2005|15:05] C:\Program Files\Sony Corporation
[09/12/2008|21:53] C:\Program Files\Spybot - Search & Destroy
[19/08/2004|13:24] C:\Program Files\Uninstall Information
[06/11/2007|20:25] C:\Program Files\uTorrent
[23/11/2008|22:33] C:\Program Files\VideoLAN
[26/11/2008|21:45] C:\Program Files\Vuze
[04/11/2007|23:16] C:\Program Files\Windows Installer Clean Up
[23/03/2008|16:09] C:\Program Files\Windows Media Connect 2
[21/10/2008|16:34] C:\Program Files\Windows Media Player
[21/10/2008|16:34] C:\Program Files\Windows NT
[19/08/2004|13:16] C:\Program Files\WindowsUpdate
[18/03/2008|15:02] C:\Program Files\WistitiSoft
[19/08/2004|13:18] C:\Program Files\xerox
[18/03/2008|15:03] C:\Program Files\Yahoo!
[27/03/2006|14:45] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[20/11/2008|14:51] C:\Program Files\Fichiers communs\Adobe
[12/04/2006|10:05] C:\Program Files\Fichiers communs\Adobe Systems Shared
[11/07/2005|19:01] C:\Program Files\Fichiers communs\DESIGNER
[24/09/2005|10:29] C:\Program Files\Fichiers communs\FotoWire
[04/10/2005|13:53] C:\Program Files\Fichiers communs\InstallShield
[11/07/2005|18:54] C:\Program Files\Fichiers communs\Java
[24/09/2005|10:28] C:\Program Files\Fichiers communs\Logitech
[19/11/2008|19:43] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\MSSoap
[16/10/2005|15:05] C:\Program Files\Fichiers communs\muvee Technologies
[05/11/2007|19:41] C:\Program Files\Fichiers communs\Nikon
[19/08/2004|13:10] C:\Program Files\Fichiers communs\ODBC
[11/11/2007|18:25] C:\Program Files\Fichiers communs\Roxio Shared
[04/10/2005|13:51] C:\Program Files\Fichiers communs\ScanSoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\Services
[11/11/2007|18:22] C:\Program Files\Fichiers communs\SightSpeed
[23/04/2008|19:56] C:\Program Files\Fichiers communs\Skype
[11/11/2007|18:30] C:\Program Files\Fichiers communs\Sonic Shared
[19/08/2004|13:10] C:\Program Files\Fichiers communs\SpeechEngines
[11/11/2007|18:30] C:\Program Files\Fichiers communs\SureThing Shared
[20/10/2008|14:46] C:\Program Files\Fichiers communs\Symantec Shared
[21/10/2008|16:34] C:\Program Files\Fichiers communs\System
[11/07/2005|19:02] C:\Program Files\Fichiers communs\TiVo Shared
[09/12/2008|21:42] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 71 Processes )

IEXPLORE.EXE ~ [PID:888]
IEXPLORE.EXE ~ [PID:3128]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1
C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Base extra 32.exe
C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\cafwwxip.exe
C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Trayflaw.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\user body.exe
C:\DOCUME~1\chaton\APPLIC~1\blah1~1
C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Base extra 32.exe
C:\DOCUME~1\chaton\APPLIC~1\blah1~1\cafwwxip.exe
C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Trayflaw.exe
C:\Program Files\blah1~1
C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec
C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\DivoCodec.lnk
C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\HomePage.lnk
C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\Uninstall.lnk
C:\DOCUME~1\chaton\Cookies\chaton@advertising.marketnetwork[2].txt
C:\WINDOWS\Tasks\A365E1E991FA9ED9.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CreativeTwoInter]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\chaton\\APPLIC~1\\BLAH1~1\\Trayflaw.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Audio Peak"="C:\\DOCUME~1\\chaton\\APPLIC~1\\BLAH1~1\\Trayflaw.exe"
"Audio Peak"="C:\\DOCUME~1\\chaton\\APPLIC~1\\BLAH1~1\\Trayflaw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"="C:\\Documents and Settings\\All Users\\Application Data\\INTERNET SPAM SUPPORT AUDIO\\user body.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 21:49:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSlrvd.dat



[F:2][D:1]-> C:\DOCUME~1\chaton\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\chaton\Cookies
[F:117][D:4]-> C:\DOCUME~1\chaton\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008|21:54 - Option : [1]

--------------------\\ Fin du rapport a 21:54:14


Logfile of HijackThis v1.99.1
Scan saved at 21:55:27, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ELAN.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\user body.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Audio Peak] C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Trayflaw.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll hnfjcu.dll c:\windows\system32\jotufafu.dll,C:\WINDOWS\system32\jasutudo.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Haut
 Profil Envoyer un e-mail  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Mer 10 Déc 2008 - 23:00 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Je me doute que c'est fastidieux...mais au vu de ce qui est installé sur la machine ( qquelques logiciels de P2P) je dirais que ce n'est pas surprenant.
Tu as trois belles infections, donc pas évident a virer d'un seul coup.
Vu que la machine est assez atteinte je ne voudrais pas agir de manière trop brutale au risque de la planter.
Bon continue et sois précis car tes observations sont importantes et utiles.

Ok pour commencer tu lance HJThis et tu coche puis corrige ces lignes.

O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\user body.exe
O4 - HKCU\..\Run: [Audio Peak] C:\DOCUME~1\chaton\APPLIC~1\BLAH1~1\Trayflaw.exe
O20 - AppInit_DLLs: avgrsstx.dll hnfjcu.dll c:\windows\system32\jotufafu.dll,C:\WINDOWS\system32\jasutudo.dll

Ensuite passe lopS&D en choisissant l'option 2 laisse faire le nettoyage. (le premier coup était un scan et pas le nettoyage j'aurais du le préciser...)
/!\ Ne ferme pas la fenêtre lors de la suppression ! /!\
Sauvegarde le rapport généré sur le bureau.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

reboote ta machine puis lance un scan MBAM.
reboote encore et fais un dernier HJThis.
Poste le rapport LopS&D Vundo HJThis et MBam

une fois ceci fait, Vérifie si tu as de nouveau accès au Mode sans echec
Tu nous dis ensuite.
A+ Bon courage.
:wink:

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Jeu 11 Déc 2008 - 23:27 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Hello,

Yes, ça va mieux!!!j'ai suivi ton tuto, je pense qu'il y a déjà eu un bon nettoyage. J'ai lancé mes deux navigateurs, pas de fenêtres intempestives depuis 10 min, ni de redirection. ça fait du bien au moral!!! Petit bémol, je ne peux toujours pas redémarrer en mode sans échec, status quo.

Les fenêtres d'erreur d'images ont disparu! youhouhou!

Je sais pas si cela peu aider mais AVG a détecté un cheval de troie, décrit comme : C:\Windows\system32\Sipaneya.dll BHO.GPT.
Quant à LopSD, il n'a rien détecté.
Encore merci pour ta précieuse aide.

Je te poste les logs demandés.


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : chaton ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:14 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 11/12/2008|21:19 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Base extra 32.exe
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\cafwwxip.exe
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1\Trayflaw.exe
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\DivoCodec.lnk
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\HomePage.lnk
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec\Uninstall.lnk
Supprime! - C:\DOCUME~1\chaton\Cookies\chaton@advertising.marketnetwork[2].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
Supprime! - C:\DOCUME~1\chaton\APPLIC~1\blah1~1
Supprime! - C:\Program Files\blah1~1
Supprime! - C:\DOCUME~1\chaton\MENUDM~1\PROGRA~1\DivoCodec
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[19/08/2004|13:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[20/10/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[04/11/2007|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[23/04/2008|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/04/2006|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[20/05/2006|23:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/12/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[26/11/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[04/10/2005|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[04/02/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
[20/11/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtraFilm
[21/10/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fcbwhspc
[23/04/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/07/2005|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[11/07/2005|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[09/12/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[12/04/2006|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/10/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/08/2004|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/10/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[24/09/2005|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/11/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[19/08/2004|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[04/10/2005|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[23/04/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[11/11/2007|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[10/12/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/07/2006|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/10/2008|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yhcvyluv

[18/06/2006|18:52] C:\DOCUME~1\chaton\APPLIC~1\ACD Systems
[23/04/2008|19:21] C:\DOCUME~1\chaton\APPLIC~1\Adobe
[21/05/2006|11:40] C:\DOCUME~1\chaton\APPLIC~1\Apple Computer
[26/07/2005|10:31] C:\DOCUME~1\chaton\APPLIC~1\Arcsoft
[26/11/2008|23:07] C:\DOCUME~1\chaton\APPLIC~1\Azureus
[05/10/2005|13:46] C:\DOCUME~1\chaton\APPLIC~1\Brother
[20/07/2005|05:35] C:\DOCUME~1\chaton\APPLIC~1\CyberLink
[29/10/2008|11:15] C:\DOCUME~1\chaton\APPLIC~1\DivX
[13/10/2007|15:54] C:\DOCUME~1\chaton\APPLIC~1\EFC
[02/05/2006|11:01] C:\DOCUME~1\chaton\APPLIC~1\Elaborate Bytes
[20/11/2008|10:21] C:\DOCUME~1\chaton\APPLIC~1\ExtraFilm
[24/09/2005|10:30] C:\DOCUME~1\chaton\APPLIC~1\FotoWire
[05/09/2006|21:07] C:\DOCUME~1\chaton\APPLIC~1\Google
[22/10/2008|09:34] C:\DOCUME~1\chaton\APPLIC~1\Help
[19/08/2004|13:24] C:\DOCUME~1\chaton\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\chaton\APPLIC~1\Intel
[12/05/2007|14:38] C:\DOCUME~1\chaton\APPLIC~1\Jasc Software Inc
[19/07/2005|10:52] C:\DOCUME~1\chaton\APPLIC~1\Leadertech
[22/07/2005|14:16] C:\DOCUME~1\chaton\APPLIC~1\Macromedia
[21/10/2008|13:28] C:\DOCUME~1\chaton\APPLIC~1\Malwarebytes
[19/11/2008|19:44] C:\DOCUME~1\chaton\APPLIC~1\Microsoft
[26/11/2008|09:48] C:\DOCUME~1\chaton\APPLIC~1\Mozilla
[01/12/2008|19:04] C:\DOCUME~1\chaton\APPLIC~1\MSNInstaller
[24/07/2005|18:14] C:\DOCUME~1\chaton\APPLIC~1\Nikon
[09/12/2008|16:22] C:\DOCUME~1\chaton\APPLIC~1\Roxio
[03/11/2008|16:26] C:\DOCUME~1\chaton\APPLIC~1\Skype
[03/11/2008|15:00] C:\DOCUME~1\chaton\APPLIC~1\skypePM
[14/10/2007|17:03] C:\DOCUME~1\chaton\APPLIC~1\SlySoft
[19/07/2005|10:53] C:\DOCUME~1\chaton\APPLIC~1\Sonic
[11/07/2005|18:55] C:\DOCUME~1\chaton\APPLIC~1\Sun
[19/07/2005|10:39] C:\DOCUME~1\chaton\APPLIC~1\Symantec
[19/10/2008|18:24] C:\DOCUME~1\chaton\APPLIC~1\TmpRecentIcons
[26/11/2008|21:53] C:\DOCUME~1\chaton\APPLIC~1\uTorrent
[23/11/2008|22:36] C:\DOCUME~1\chaton\APPLIC~1\vlc
[23/03/2008|16:45] C:\DOCUME~1\chaton\APPLIC~1\WinRAR
[30/03/2006|12:22] C:\DOCUME~1\chaton\APPLIC~1\WIS

[19/08/2004|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[11/07/2005|18:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[11/07/2005|19:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[19/08/2004|13:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2005|18:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2005|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[20/10/2008|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/04/2008|19:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
[05/03/2007|09:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[20/10/2008|08:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[22/07/2005|13:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/12/2008 11:42][--ah-----] C:\WINDOWS\tasks\AFDD967291A20756.job
[11/12/2008 21:16][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[11/12/2008 21:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AFDD967291A20756.job )=( c:\docume~1\chaton\applic~1\blah1~1\Baseextra32.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[24/11/2008|17:32] C:\Program Files\7-Zip
[26/12/2007|20:13] C:\Program Files\Abigs
[21/09/2008|13:05] C:\Program Files\Adobe
[11/07/2005|18:58] C:\Program Files\Apoint
[24/07/2005|18:09] C:\Program Files\ArcSoft
[11/07/2005|18:56] C:\Program Files\ATI Technologies
[09/04/2006|19:49] C:\Program Files\Auralog
[19/10/2008|17:08] C:\Program Files\AVG
[26/11/2008|21:03] C:\Program Files\Bit Che
[12/03/2006|08:33] C:\Program Files\BrevierPALM
[11/07/2005|18:59] C:\Program Files\Broadcom
[04/10/2005|13:53] C:\Program Files\Brother
[22/10/2008|08:41] C:\Program Files\CCleaner
[04/02/2008|11:01] C:\Program Files\Citrix
[09/12/2008|21:47] C:\Program Files\CleanUp!
[04/10/2005|13:53] C:\Program Files\Common Files
[19/08/2004|13:15] C:\Program Files\ComPlus Applications
[11/07/2005|18:42] C:\Program Files\CONEXANT
[11/07/2005|18:59] C:\Program Files\CyberLink
[11/07/2005|19:03] C:\Program Files\Dell
[11/07/2005|18:57] C:\Program Files\Digital Line Detect
[11/11/2007|18:17] C:\Program Files\DivX
[19/04/2006|13:49] C:\Program Files\Documed AG
[10/01/2007|09:45] C:\Program Files\Documents To Go
[12/04/2006|09:56] C:\Program Files\Elaborate Bytes
[11/04/2008|09:30] C:\Program Files\eMule
[23/11/2007|11:29] C:\Program Files\Extra Film Digitorder
[20/11/2008|10:21] C:\Program Files\ExtraFilm Designer EFCH French
[09/12/2008|21:42] C:\Program Files\Fichiers communs
[05/03/2007|11:03] C:\Program Files\FotoStation Easy
[18/03/2008|15:04] C:\Program Files\GeTax2005
[18/03/2008|15:05] C:\Program Files\GeTax2006
[07/02/2008|20:16] C:\Program Files\GeTaxPP2007
[25/10/2008|17:14] C:\Program Files\Google
[11/12/2008|21:10] C:\Program Files\Hijackthis Version Fran‡aise
[31/10/2008|14:14] C:\Program Files\InstallShield Installation Information
[11/07/2005|18:56] C:\Program Files\Intel
[11/07/2005|18:57] C:\Program Files\Intel, Inc
[11/11/2007|18:35] C:\Program Files\InterActual
[17/10/2008|08:44] C:\Program Files\Internet Explorer
[04/11/2007|23:08] C:\Program Files\Jasc Software Inc
[28/11/2008|20:34] C:\Program Files\Java
[09/12/2008|21:44] C:\Program Files\Lavasoft
[24/09/2005|10:29] C:\Program Files\Logitech
[10/12/2008|00:19] C:\Program Files\Malwarebytes' Anti-Malware
[21/10/2008|16:44] C:\Program Files\Messenger
[19/08/2004|13:18] C:\Program Files\microsoft frontpage
[19/11/2008|19:43] C:\Program Files\Microsoft Office
[11/07/2005|19:01] C:\Program Files\Microsoft Visual Studio
[11/07/2005|19:09] C:\Program Files\Microsoft Works
[11/07/2005|19:01] C:\Program Files\Microsoft.NET
[22/04/2008|16:28] C:\Program Files\Mindscape
[11/07/2005|18:57] C:\Program Files\Modem Helper
[21/10/2008|16:38] C:\Program Files\Movie Maker
[11/12/2008|19:45] C:\Program Files\Mozilla Firefox
[19/11/2008|19:42] C:\Program Files\MSECACHE
[01/12/2008|19:04] C:\Program Files\MSN
[19/08/2004|13:14] C:\Program Files\MSN Gaming Zone
[09/10/2007|15:54] C:\Program Files\MSN Messenger
[17/11/2006|08:51] C:\Program Files\MSXML 4.0
[21/10/2008|16:34] C:\Program Files\NetMeeting
[11/07/2005|18:57] C:\Program Files\NetWaiting
[24/07/2005|18:11] C:\Program Files\Nikon
[09/11/2007|20:19] C:\Program Files\Nouveau dossier
[19/08/2004|13:15] C:\Program Files\Online Services
[21/10/2008|16:34] C:\Program Files\Outlook Express
[22/10/2008|09:34] C:\Program Files\Palm
[20/05/2006|23:52] C:\Program Files\QuickTime
[22/10/2008|08:56] C:\Program Files\RegCleaner
[11/11/2007|18:32] C:\Program Files\Roxio
[04/10/2005|13:51] C:\Program Files\ScanSoft
[19/08/2004|13:16] C:\Program Files\Services en ligne
[11/11/2007|18:27] C:\Program Files\SightSpeed
[11/07/2005|18:43] C:\Program Files\Sigmatel
[23/04/2008|19:56] C:\Program Files\Skype
[12/04/2006|09:53] C:\Program Files\SlySoft
[04/11/2007|23:10] C:\Program Files\Sonic
[16/10/2005|15:05] C:\Program Files\Sony Corporation
[09/12/2008|21:53] C:\Program Files\Spybot - Search & Destroy
[19/08/2004|13:24] C:\Program Files\Uninstall Information
[06/11/2007|20:25] C:\Program Files\uTorrent
[23/11/2008|22:33] C:\Program Files\VideoLAN
[26/11/2008|21:45] C:\Program Files\Vuze
[04/11/2007|23:16] C:\Program Files\Windows Installer Clean Up
[23/03/2008|16:09] C:\Program Files\Windows Media Connect 2
[21/10/2008|16:34] C:\Program Files\Windows Media Player
[21/10/2008|16:34] C:\Program Files\Windows NT
[19/08/2004|13:16] C:\Program Files\WindowsUpdate
[18/03/2008|15:02] C:\Program Files\WistitiSoft
[19/08/2004|13:18] C:\Program Files\xerox
[18/03/2008|15:03] C:\Program Files\Yahoo!
[27/03/2006|14:45] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[20/11/2008|14:51] C:\Program Files\Fichiers communs\Adobe
[12/04/2006|10:05] C:\Program Files\Fichiers communs\Adobe Systems Shared
[11/07/2005|19:01] C:\Program Files\Fichiers communs\DESIGNER
[24/09/2005|10:29] C:\Program Files\Fichiers communs\FotoWire
[04/10/2005|13:53] C:\Program Files\Fichiers communs\InstallShield
[11/07/2005|18:54] C:\Program Files\Fichiers communs\Java
[24/09/2005|10:28] C:\Program Files\Fichiers communs\Logitech
[19/11/2008|19:43] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\MSSoap
[16/10/2005|15:05] C:\Program Files\Fichiers communs\muvee Technologies
[05/11/2007|19:41] C:\Program Files\Fichiers communs\Nikon
[19/08/2004|13:10] C:\Program Files\Fichiers communs\ODBC
[11/11/2007|18:25] C:\Program Files\Fichiers communs\Roxio Shared
[04/10/2005|13:51] C:\Program Files\Fichiers communs\ScanSoft Shared
[19/08/2004|13:16] C:\Program Files\Fichiers communs\Services
[11/11/2007|18:22] C:\Program Files\Fichiers communs\SightSpeed
[23/04/2008|19:56] C:\Program Files\Fichiers communs\Skype
[11/11/2007|18:30] C:\Program Files\Fichiers communs\Sonic Shared
[19/08/2004|13:10] C:\Program Files\Fichiers communs\SpeechEngines
[11/11/2007|18:30] C:\Program Files\Fichiers communs\SureThing Shared
[20/10/2008|14:46] C:\Program Files\Fichiers communs\Symantec Shared
[21/10/2008|16:34] C:\Program Files\Fichiers communs\System
[11/07/2005|19:02] C:\Program Files\Fichiers communs\TiVo Shared
[09/12/2008|21:42] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 71 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\WINDOWS\Tasks\AFDD967291A20756.job

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 21:20:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSlrvd.dat



[F:4][D:2]-> C:\DOCUME~1\chaton\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\chaton\Cookies
[F:14][D:4]-> C:\DOCUME~1\chaton\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/12/2008|21:54 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/12/2008|21:20 - Option : [2]

--------------------\\ Fin du rapport a 21:20:59


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 3

10/12/2008 00:33:46
mbam-log-2008-12-10 (00-33-46).txt

Type de recherche: Examen rapide
Eléments examinés: 55321
Temps écoulé: 7 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85117282-fa91-4b9c-ae9b-ed5d68199cce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wonekoviye (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5f5754f7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nasiliyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nasiliyu.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\bufesine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nasiliyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\letuyami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.


Logfile of HijackThis v1.99.1
Scan saved at 22:57:06, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ELAN.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


VundoFix V7.0.6

Scan started at 21:26:58 11/12/2008

Listing files found while scanning....

No infected files were found.
Haut
 Profil Envoyer un e-mail  
 
AgnesD
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Ven 12 Déc 2008 - 11:25 
Hors-ligne
Site Admin
Site Admin
Avatar de l’utilisateur

Inscrit le: Dim 4 Sep 2005 - 13:42
Messages: 2866
Localisation: Hérault
Ok merci de ta réponse.
Voici la suite.
Tu peux déjà enlever LopS&D et vundofix qui ne devraient plus nous servir.

=>Télécharge combofix.exe
sauvegarde le sur ton bureau et pas ailleurs!
Double clique sur Combofix.exe puis suis les instructions.
Quand il aura fini, il va générer un rapport.
Poste le dans ta prochaine réponse avec un nouveau log Hijackthis.

Note Ne pas cliquer dans la fenêtre de combofix et ne rien faire d'autre durant le passage de l'outil.
En général cela prend 10 minutes mais cela peut être plus long selon le niveau d'infection.

Voila j'attends de tes nouvelles.
:)

_________________
Image
Image

Haut
 Profil Envoyer un e-mail  
 
albator
 Sujet du message: Re: Fenêtres intempestives - interprétation log Hijackthis
MessagePublié: Sam 13 Déc 2008 - 19:39 
Hors-ligne
Débutant
Débutant

Inscrit le: Mer 3 Déc 2008 - 12:21
Messages: 13
Salut Agnes,
J'ai effectué les dernières manips, selon tes instructions. Je te poste les rapports demandés. Mon PC fonctionne nettement mieux, plus de fenêtres intempestives, plus de redirection et de démarrage automatique d'IE. Idem pour Firefox. Quant au démarrage en mode sans échec, toujours impossible. Je te souhaite un excellent week-end et encore merci pour ton aide.

ComboFix 08-12-12.05 - chaton 2008-12-13 18:44:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.589 [GMT 1:00]
Lancé depuis: c:\documents and settings\chaton\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\dejegima.dll
c:\windows\system32\duhavevo.dll
c:\windows\system32\jasutudo.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\TDSSlrvd.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://designer.extrafilm.ch
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.

2008-12-11 21:26 . 2008-12-11 21:26 <REP> d-------- C:\VundoFix Backups
2008-12-10 21:20 . 2008-12-11 21:20 <REP> d-------- C:\Lop SD
2008-12-09 21:47 . 2008-12-09 21:47 <REP> d-------- c:\program files\CleanUp!
2008-12-09 21:44 . 2008-12-09 21:44 <REP> d-------- c:\program files\Lavasoft
2008-12-09 21:43 . 2008-12-09 21:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 21:42 . 2008-12-09 21:42 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-05 23:09 . 2008-12-05 23:09 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-03 12:04 . 2008-12-11 22:56 <REP> d-------- c:\program files\Hijackthis Version Française
2008-12-02 10:42 . 2004-03-09 13:00 132,880 --a------ c:\windows\system32\MSINET.OCX
2008-12-01 19:04 . 2008-12-01 19:04 <REP> d-------- c:\documents and settings\chaton\Application Data\MSNInstaller
2008-11-28 20:35 . 2008-11-28 20:35 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 21:45 . 2008-11-26 23:07 <REP> d-------- c:\documents and settings\chaton\Application Data\Azureus
2008-11-26 21:45 . 2008-11-26 21:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-11-26 21:44 . 2008-11-26 21:45 <REP> d-------- c:\program files\Vuze
2008-11-26 09:48 . 2008-11-26 09:48 0 --a------ c:\windows\nsreg.dat
2008-11-24 17:32 . 2008-11-24 17:32 <REP> d-------- c:\program files\7-Zip
2008-11-23 22:34 . 2008-11-23 22:36 <REP> d-------- c:\documents and settings\chaton\Application Data\vlc
2008-11-23 22:33 . 2008-11-23 22:33 <REP> d-------- c:\program files\VideoLAN
2008-11-20 14:51 . 2008-11-20 14:51 <REP> d-------- c:\windows\system32\Adobe
2008-11-20 10:21 . 2008-11-20 10:21 <REP> d-------- c:\documents and settings\chaton\Application Data\ExtraFilm
2008-11-20 10:20 . 2008-12-12 10:49 <REP> d-------- c:\program files\ExtraFilm Designer EFCH French
2008-11-20 10:20 . 2008-11-20 10:20 <REP> d-------- c:\documents and settings\All Users\Application Data\ExtraFilm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 23:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-09 20:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 15:22 --------- d-----w c:\documents and settings\chaton\Application Data\Roxio
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 19:13 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-01 19:13 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-01 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-28 19:34 --------- d-----w c:\program files\Java
2008-11-26 20:53 --------- d-----w c:\documents and settings\chaton\Application Data\uTorrent
2008-11-26 20:03 --------- d-----w c:\program files\Bit Che
2008-11-20 13:51 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-19 18:42 --------- d-----w c:\program files\MSECACHE
2008-11-03 15:26 --------- d-----w c:\documents and settings\chaton\Application Data\Skype
2008-11-03 14:00 --------- d-----w c:\documents and settings\chaton\Application Data\skypePM
2008-10-31 13:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 10:15 --------- d-----w c:\documents and settings\chaton\Application Data\DivX
2008-10-25 16:14 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-22 08:34 --------- d-----w c:\program files\Palm
2008-10-22 07:56 --------- d-----w c:\program files\RegCleaner
2008-10-22 07:41 --------- d-----w c:\program files\CCleaner
2008-10-21 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\fcbwhspc
2008-10-21 12:28 --------- d-----w c:\documents and settings\chaton\Application Data\Malwarebytes
2008-10-21 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-20 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\yhcvyluv
2008-10-20 20:52 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-20 13:46 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-10-20 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 16:08 --------- d-----w c:\program files\AVG
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2008-04-23 18:57 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-04 10:00 60,968 ----a-w c:\documents and settings\chaton\GoToAssistDownloadHelper.exe
2007-11-06 21:08 7,467,056 ----a-w c:\program files\spybotsd15.exe
2007-11-04 20:48 357,424 ----a-w c:\program files\msicuu2.exe
2005-10-16 15:10 560 ----a-w c:\documents and settings\chaton\Application Data\ViewerApp.dat
2005-07-14 10:12 345,600 ----a-w c:\program files\SafeXP.exe
2004-09-11 14:16 12,864 ----a-w c:\program files\SafeXPHelp-FR.htm
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RemoveElanIcon"="c:\windows\system32\ELAN.exe" [2002-03-05 32768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-20 155648]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\chaton\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-07-29 299008]

c:\documents and settings\chaton\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-07-29 299008]

c:\documents and settings\chaton\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-07-29 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-07-01 24576]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-11 24576]
FotoStation Easy AutoLaunch.lnk - c:\program files\FotoStation Easy\FotoStation Easy AutoLaunch.exe [2005-07-24 49152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-09-24 450560]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-10-16 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-10-16 106496]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-04 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-04 11:00 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\1XConfig.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-20 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-20 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-20 76040]
R2 EFUploadSrv;ExtraFilm upload service;"c:\program files\ExtraFilm Designer EFCH French\EFUploadSrv.exe" [2008-10-01 1712128]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys []
S3 AtmLane;Émulation réseau ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-19 55808]
S4 Tlnddraiptd;Tlnddraiptd;c:\windows\system32\drivers\avc.sys [2006-04-12 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c429b528-9a0c-11dc-9965-00123fd7fe70}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\AFDD967291A20756.job
- c:\docume~1\chaton\applic~1\blah1~1\Base extra 32.exe []

2008-12-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-TDSSoiqt.sys


.
------- Examen supplémentaire -------
.
uLocal Page =
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.ca/index.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.extrafilm.ch/ImageUploader5.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader4.ocx
O16 -: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98}
hxxp://www.extrafilm.ch/ImageUploader4.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader4.inf
FF - ProfilePath - c:\documents and settings\chaton\Application Data\Mozilla\Firefox\Profiles\lj6oayy9.default\
FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 18:48:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 18:53:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-13 17:53:36

Avant-CF: 14 865 653 760 octets libres
Après-CF: 14,723,817,472 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

296 --- E O F --- 2008-11-19 17:59:26


Logfile of HijackThis v1.99.1
Scan saved at 19:11:57, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ELAN.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/_plateforme/Upload ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer EFCH French\EFUploadSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Haut
 Profil Envoyer un e-mail  
 
Afficher les messages depuis:  Trier par  
Publier un nouveau sujet Répondre au sujet  Page 1 sur 2
  [ 21 messages ]  Aller à la page 1, 2  Suivant

Index du forum » Dépannage, désinfection. » Désinfection: vers, virus, spywares et autres...

Heures au format UTC + 1 heure


Qui est en ligne ?

Utilisateurs parcourant actuellement ce forum : Aucun utilisateur inscrit et 2 invités

Vous ne pouvez pas publier de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas insérer de pièces jointes dans ce forum

Rechercher pour:
Sauter vers:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Translated by Xaphos © 2007, 2008, 2009 phpBB.fr