|
| Auteur |
Message |
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
 Posté le: 10 Mar 2008 0:01 Sujet du message: |
 |
|
Voici le rapport :
ComboFix 08-03-09.1 - Owner 2008-03-09 21:54:07.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.251 [GMT 1:00]
Endroit: C:\Documents and Settings\Owner.LAURENT\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\video activex access
C:\WINDOWS\system32\jgldog11.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 09:13 . 2008-03-09 15:40 <REP> d-------- C:\Program Files\MSNFix
2008-03-08 11:08 . 2008-03-08 11:08 244 --ah----- C:\sqmnoopt17.sqm
2008-03-08 11:08 . 2008-03-08 11:08 232 --ah----- C:\sqmdata17.sqm
2008-03-07 10:26 . 2008-03-07 10:26 244 --ah----- C:\sqmnoopt16.sqm
2008-03-07 10:26 . 2008-03-07 10:26 232 --ah----- C:\sqmdata16.sqm
2008-03-07 00:49 . 2008-03-07 00:49 244 --ah----- C:\sqmnoopt15.sqm
2008-03-07 00:49 . 2008-03-07 00:49 232 --ah----- C:\sqmdata15.sqm
2008-03-06 10:04 . 2008-03-06 10:04 244 --ah----- C:\sqmnoopt14.sqm
2008-03-06 10:04 . 2008-03-06 10:04 232 --ah----- C:\sqmdata14.sqm
2008-03-05 23:59 . 2008-03-05 23:59 244 --ah----- C:\sqmnoopt13.sqm
2008-03-05 23:59 . 2008-03-05 23:59 232 --ah----- C:\sqmdata13.sqm
2008-03-05 18:33 . 2008-03-05 18:33 1,409 --a------ C:\WINDOWS\system32\tmpDD385.FOT
2008-03-05 18:33 . 2008-03-05 18:33 1,409 --a------ C:\WINDOWS\system32\tmp7C485.FOT
2008-03-05 18:33 . 2008-03-05 18:33 1,409 --a------ C:\WINDOWS\system32\tmp2A585.FOT
2008-03-05 18:33 . 2008-03-05 18:33 1,409 --a------ C:\WINDOWS\system32\tmp13385.FOT
2008-03-04 23:22 . 2008-03-04 23:22 <REP> d-------- C:\Program Files\Avira
2008-03-04 23:22 . 2008-03-04 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-04 01:08 . 2008-03-04 01:08 244 --ah----- C:\sqmnoopt12.sqm
2008-03-04 01:08 . 2008-03-04 01:08 232 --ah----- C:\sqmdata12.sqm
2008-03-04 00:14 . 2008-03-04 00:14 244 --ah----- C:\sqmnoopt11.sqm
2008-03-04 00:14 . 2008-03-04 00:14 232 --ah----- C:\sqmdata11.sqm
2008-03-03 18:48 . 2008-03-03 18:48 244 --ah----- C:\sqmnoopt10.sqm
2008-03-03 18:48 . 2008-03-03 18:48 232 --ah----- C:\sqmdata10.sqm
2008-03-03 17:43 . 2008-03-03 17:43 <REP> d-------- C:\Documents and Settings\Owner.LAURENT\Application Data\Grisoft
2008-03-03 17:42 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-03 11:21 . 2008-03-03 11:21 244 --ah----- C:\sqmnoopt09.sqm
2008-03-03 11:21 . 2008-03-03 11:21 232 --ah----- C:\sqmdata09.sqm
2008-03-03 11:10 . 2008-03-03 11:10 244 --ah----- C:\sqmnoopt08.sqm
2008-03-03 11:10 . 2008-03-03 11:10 232 --ah----- C:\sqmdata08.sqm
2008-03-01 19:35 . 2008-03-01 19:35 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-02-15 22:33 . 2008-02-15 22:33 <REP> d-------- C:\Program Files\Lavasoft
2008-02-15 22:33 . 2008-02-15 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 22:30 . 2008-02-15 22:30 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-09 13:59 . 2008-03-04 10:08 200 --a------ C:\WINDOWS\INSECTE.JEU
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 20:45 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-08 08:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 08:18 --------- d-----w C:\Program Files\Macromedia
2008-03-08 08:15 1,056 --sha-w C:\jchjaw3o.sys
2008-03-07 09:16 --------- d-----w C:\Documents and Settings\Owner.LAURENT\Application Data\uTorrent
2008-03-05 17:32 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-05 17:32 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-05 17:32 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-03 23:22 --------- d-----w C:\Program Files\DivX
2008-03-03 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 16:26 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 21:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-02-15 21:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-15 21:24 --------- d-----w C:\Program Files\Pochette Express 2
2008-02-15 21:24 --------- d-----w C:\Program Files\Mobile Studio
2008-02-15 21:24 --------- d-----w C:\Program Files\LiveUpdate
2008-02-15 21:24 --------- d-----w C:\Program Files\Freeplayer
2008-02-14 08:08 --------- d-----w C:\Documents and Settings\Owner.LAURENT\Application Data\Apple Computer
2008-02-09 12:09 --------- d-----w C:\Program Files\Micro Application
2008-01-28 08:50 --------- d-----w C:\Program Files\3D Invaders
2008-01-26 19:32 --------- d-----w C:\Program Files\uTorrent
2008-01-21 13:02 --------- d-----w C:\Documents and Settings\Owner.LAURENT\Application Data\vlc
2008-01-20 13:05 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 12:49 --------- d-----w C:\Program Files\Total Video Converter
2008-01-20 12:49 --------- d-----w C:\Program Files\AliveMedia
2008-01-19 21:40 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-01-19 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 16:33 --------- d-----w C:\Program Files\Videora
2008-01-19 16:33 --------- d-----w C:\Program Files\BitComet
2008-01-19 16:16 --------- d-----w C:\Program Files\Red Kawa
2008-01-19 15:05 --------- d-----w C:\Program Files\Free
2008-01-19 11:15 --------- d-----w C:\Documents and Settings\Owner.LAURENT\Application Data\Skype
2008-01-17 21:35 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-01-17 21:25 --------- d-----w C:\Documents and Settings\Owner.LAURENT\Application Data\Shareaza
2008-01-17 21:08 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-17 21:08 --------- d-----w C:\Program Files\Shareaza
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-07-24 16:41 24,888 ----a-w C:\Documents and Settings\Owner.LAURENT\Application Data\GDIPFONTCACHEV1.DAT
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1995-09-24 09:02 243,472 --sha-w C:\WINDOWS\system32\vbar2232.dll
1998-06-30 13:14 368,912 --sha-w C:\WINDOWS\system32\vbar332.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-01-15 19:39 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-04 23:27 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-01 11:04:34 110592]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Apps\\Powercinema\\PowerCinema.exe"=
"C:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\DOCUME~1\\OWNER~1.LAU\\LOCALS~1\\Temp\\services.exe"=
R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2006-03-04 09:49]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2006-03-04 09:49]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 GDFwSvc;Pare-feu personnel G DATA;C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe []
S3 GDInterceptor;GDInterceptor;C:\WINDOWS\system32\interceptor.sys [2006-02-11 21:34]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2006-03-04 09:50]
S4 AVKProxy;AVKProxy;C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2005-09-29 16:31]
S4 AVKWCtl;Gardien d'AVK;C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85e129ca-a82f-11da-a094-0040caad07ff}]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f1b75ae-9232-11da-b741-0040caad07ff}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:37:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 21:57:31
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
? [776]
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 3
**************************************************************************
.
Temps d'accomplissement: 2008-03-09 21:58:35
ComboFix-quarantined-files.txt 2008-03-09 20:58:15
.
2008-02-13 09:13:16 --- E O F ---
Au redémarrage mon navigateur par défaut a été modifié. Il est passé sur Interner explorer alors que j'utilise Mozilla.
J'ai remis ça en ordre mais je préfère te le signaler
Merci |
|
| Revenir en haut de page |
|
 |
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Mar 2008 15:02 Sujet du message: |
|
|
| Ça peut arriver ;) Reposte un rapport Hijackthis. |
|
| Revenir en haut de page |
|
|
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
| Posté le: 10 Mar 2008 15:08 Sujet du message: |
|
|
Nouveau rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 14:06:03, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Capture all picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapAll.htm
O8 - Extra context menu item: Capture picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapOne.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1074362386750
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5EA7C3A-DCCE-4EBF-9685-F5A03AFDDD53}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merci  |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Mar 2008 15:27 Sujet du message: |
|
|
| Fix les deux mêmes lignes pour voir. |
|
| Revenir en haut de page |
|
|
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
| Posté le: 10 Mar 2008 18:05 Sujet du message: |
|
|
Bonsoir,
Désolé de te poser autant de problèmes, mais quelles 2 mêmes lignes faut-il que je fix ???
Merci de ta patience..  |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Mar 2008 19:33 Sujet du message: |
|
|
Re,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
;) |
|
| Revenir en haut de page |
|
|
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
| Posté le: 10 Mar 2008 20:00 Sujet du message: |
|
|
Re,
Voilà les 2 lignes Fixées, la F2 est toujours là...
Logfile of HijackThis v1.99.1
Scan saved at 18:55:06, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner.LAURENT\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Capture all picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapAll.htm
O8 - Extra context menu item: Capture picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapOne.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1074362386750
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5EA7C3A-DCCE-4EBF-9685-F5A03AFDDD53}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merci |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Mar 2008 20:15 Sujet du message: |
|
|
| Tu peux fixer ces lignes en sans échec pour voir ? |
|
| Revenir en haut de page |
|
|
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
| Posté le: 10 Mar 2008 20:50 Sujet du message: |
|
|
Fix et rapport en mode sans échec :
Logfile of HijackThis v1.99.1
Scan saved at 19:37:23, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.LAURENT\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Capture all picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapAll.htm
O8 - Extra context menu item: Capture picture by Capture Studio - C:\Program Files\FLISoft\Capture Studio\CapOne.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1074362386750
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5EA7C3A-DCCE-4EBF-9685-F5A03AFDDD53}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Merci |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Mar 2008 22:31 Sujet du message: |
|
|
Il résiste bien :/
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici. |
|
| Revenir en haut de page |
|
|
ouam
Newbie
Inscrit le: 02 Jan 2006
Message(s): 31
|
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 11 Mar 2008 13:35 Sujet du message: |
|
|
Re,
On va tenter autre chose.
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Rootkit::
C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\services.exe
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse | | |
FAQ
Charte
Rechercher
Membres
S'enregistrer
Profil
Vérifier ses messages privés
Connexion
