| Auteur |
Message |
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
 Posté le: 02 Fév 2008 22:56 Sujet du message: Virus mass-mailer et autres |
 |
|
Bonjour,
mon ordinateur est infecté par une multitude de virus, notamment le virus "mass-mailer".
J'ai deja essayé un scan avec Kaspersky mais rien n'y fait, le virus réapparait.
Vous trouverez, ci-dessous un log de HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:55:18, on 02.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\Documents and Settings\Jean-Daniel\Application Data\U3\02105C6101B338D1\LaunchPad.exe
H:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper10.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [HP_AIO_SETUP_MUTEX] C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Taux d'occupation du microprocesseur.lnk = C:\WINNT\SYSTEM32\TASKMGR.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.artevod.com
O15 - Trusted Zone: http://www.cede.ch
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141799496437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: System Commander MBR check (WinMBR) - Unknown owner - C:\SC\WINMBR.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Merci d'avance à la personne qui voudra bien m'aider. |
|
| Revenir en haut de page |
|
 |
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 03 Fév 2008 21:21 Sujet du message: |
|
|
Bonjour,
Quel emplacement ? |
|
| Revenir en haut de page |
|
|
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
| Posté le: 04 Fév 2008 9:33 Sujet du message: |
|
|
Bonjour,
je ne comprends pas la question, qu'entendez-vous par "Quel emplacement ?" |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 04 Fév 2008 19:28 Sujet du message: |
|
|
| Où se situe mass-mailer dans ton pc ? C:\... |
|
| Revenir en haut de page |
|
|
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
| Posté le: 06 Fév 2008 22:55 Sujet du message: |
|
|
Salut,
en fait je ne sais pas où se situe le virus, c'est Avast qui me disait que ce programm eenvoyait des e-mails. C'est tout ce que je peux dire.
Maintenant j'ai des icones qui sont apparues sur mon bureau, style Pocker en ligne etc ...
Est-ce qu'avec le log Hijackthis on peut savoir de quoi je suis infecté ?
Merci de m'aider.
A+ |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 07 Fév 2008 13:58 Sujet du message: |
|
|
On va vérifier quelque chose avec Combofix.
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
|
|
| Revenir en haut de page |
|
|
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
| Posté le: 07 Fév 2008 21:19 Sujet du message: |
|
|
Salut,
voici le log combofix :
ComboFix 08-02.05.3 - Jean-Daniel 2008-02-07 19:29:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.599 [GMT 1:00]
Endroit: C:\Documents and Settings\Jean-Daniel\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jean-Daniel\Bureau\Find Spyware Remover.lnk
C:\Documents and Settings\Jean-Daniel\Bureau\Free Online Dating.lnk
C:\Documents and Settings\Jean-Daniel\Bureau\Go to Casino.lnk
C:\Program Files\Helper
C:\Program Files\Helper\Helper10.dll
C:\Program Files\Helper\superfindout.dll
C:\Program Files\spoolsv.exe
C:\Program Files\Temporary
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
----- BITS: Possible sites infectés -----
hxxp://meoryprof.info
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.
2008-01-31 18:55 . 2008-01-31 19:14 3,640 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-01-25 06:47 . 2008-01-25 06:47 91,492 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-01-25 06:47 . 2008-01-25 06:47 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-01-25 06:46 . 2008-01-25 06:46 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-25 06:46 . 2008-02-07 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-25 06:46 . 2008-02-07 19:34 455,200 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-01-25 06:46 . 2008-02-07 19:34 8,480 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-01-25 06:46 . 2008-02-03 02:07 7,904 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-01-25 06:46 . 2008-02-03 02:07 1,676 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-01-25 06:45 . 2008-01-25 06:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-24 07:20 . 2008-01-24 07:20 <REP> d-------- C:\Program Files\Lavasoft
2008-01-24 07:20 . 2008-01-24 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 07:17 . 2008-01-24 07:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 12:39 . 2008-01-23 12:39 0 --a------ C:\WINDOWS\SYSTEM32\MI62.tmp
2008-01-22 21:15 . 2008-01-22 21:15 176,128 --ah----- C:\WINDOWS\SYSTEM32\BIT63.tmp
2008-01-21 12:56 . 2008-01-21 12:56 54,764 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
2008-01-17 23:15 . 2008-01-23 12:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 23:15 . 2008-01-17 23:15 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:28 --------- d-----w C:\Documents and Settings\Jean-Daniel\Application Data\U3
2008-01-22 16:14 14,336 ----a-w C:\WINDOWS\SYSTEM32\svchost.exe
2008-01-22 16:14 14,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
2008-01-18 05:55 --------- d-----w C:\Program Files\eMule
2007-12-29 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-12-26 14:52 --------- d-----w C:\Program Files\VaudTax2007
2007-12-26 14:51 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-17 23:44 219,664 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 16:02 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 16:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-07-26 12:04 52,560 ----a-w C:\Documents and Settings\Jean-Daniel\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"VS.Net_Resource_Pack_18196"="" []
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 14:49 619008]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 05:47 68856]
"WintelUpdate"="C:\bhij.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-02 09:16 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 14:40 61440]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 11:30 335872]
"AsioReg"="REGSVR32.exe" [2004-08-20 00:10 12288 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CtHelper.exe]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2006-04-13 10:58 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"HP_AIO_SETUP_MUTEX"="C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe" [2002-11-20 17:10 204800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 12:30:16 113664]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2004-11-20 00:59:06 237568]
Taux d'occupation du microprocesseur.lnk - C:\WINDOWS\SYSTEM32\TASKMGR.EXE [2002-08-30 08:00:00 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2002-05-21 02:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S2 WinMBR;System Commander MBR check;C:\SC\WINMBR.EXE [2004-04-15 10:37]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\RSC4USB.sys [2005-06-03 11:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 Siemens_Sx1Swup;Siemens_Sx1Swup.SvcDesc%;C:\WINDOWS\system32\Drivers\Siemens_Sx1Swup.sys [2004-12-24 13:40]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 02:54]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-02 23:00:21 C:\WINDOWS\Tasks\Sauvegarde avec rsync.job"
- C:\Program Files\cwRsync\bin\MainCommand.cmd
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:34:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HP_AIO_SETUP_MUTEX = C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
Temps d'accomplissement: 2008-02-07 19:35:45
ComboFix-quarantined-files.txt 2008-02-07 18:35:42
.
2008-01-08 21:01:08 --- E O F ---
Merci pour le coup de main ! |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
|
| Revenir en haut de page |
|
|
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
| Posté le: 08 Fév 2008 9:22 Sujet du message: |
|
|
Salut,
voici le log Combofix :
ComboFix 08-02.05.3 - Jean-Daniel 2008-02-08 7:32:37.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.593 [GMT 1:00]
Endroit: C:\Documents and Settings\Jean-Daniel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jean-Daniel\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE
C:\bhij.exe
C:\WINDOWS\SYSTEM32\BIT63.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\WINDOWS\SYSTEM32\MI62.tmp
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\WINDOWS\SYSTEM32\BIT63.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\astq.tga
C:\WINDOWS\SYSTEM32\MI62.tmp
C:\WINDOWS\system32\svchost.exe:exm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FFI
-------\FFI
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
.
2008-01-31 18:55 . 2008-01-31 19:14 3,640 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-01-25 06:47 . 2008-01-25 06:47 91,492 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-01-25 06:47 . 2008-01-25 06:47 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-01-25 06:46 . 2008-01-25 06:46 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-25 06:46 . 2008-02-08 07:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-25 06:46 . 2008-02-08 07:39 569,888 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-01-25 06:46 . 2008-02-08 07:40 12,064 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-01-25 06:46 . 2008-02-08 07:38 9,728 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-01-25 06:46 . 2008-02-08 07:38 2,156 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-01-25 06:45 . 2008-01-25 06:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-24 07:20 . 2008-01-24 07:20 <REP> d-------- C:\Program Files\Lavasoft
2008-01-24 07:20 . 2008-01-24 07:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 07:17 . 2008-01-24 07:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-17 23:15 . 2008-01-23 12:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 23:15 . 2008-01-17 23:15 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 19:17 --------- d-----w C:\Documents and Settings\Jean-Daniel\Application Data\U3
2008-01-18 05:55 --------- d-----w C:\Program Files\eMule
2007-12-29 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-12-26 14:52 --------- d-----w C:\Program Files\VaudTax2007
2007-12-26 14:51 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 16:02 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 16:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-07-26 12:04 52,560 ----a-w C:\Documents and Settings\Jean-Daniel\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 14:49 619008]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 05:47 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-02 09:16 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-10-11 14:40 61440]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 11:30 335872]
"AsioReg"="REGSVR32.exe" [2004-08-20 00:10 12288 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CtHelper.exe]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2006-04-13 10:58 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"HP_AIO_SETUP_MUTEX"="C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2002-05-21 02:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
S1 astq;astq;C:\WINDOWS\system32\drivers\astq.tga []
S2 WinMBR;System Commander MBR check;C:\SC\WINMBR.EXE [2004-04-15 10:37]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 16:27]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\RSC4USB.sys [2005-06-03 11:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 Siemens_Sx1Swup;Siemens_Sx1Swup.SvcDesc%;C:\WINDOWS\system32\Drivers\Siemens_Sx1Swup.sys [2004-12-24 13:40]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 02:54]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-07 18:59:25 C:\WINDOWS\Tasks\Sauvegarde avec rsync.job"
- C:\Program Files\cwRsync\bin\MainCommand.cmd
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 07:40:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HP_AIO_SETUP_MUTEX = C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-08 7:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 06:46:36
ComboFix2.txt 2008-02-07 18:35:46
.
2008-01-08 21:01:08 --- E O F ---
... et le log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 08:19:05, on 08.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime Alternative\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\Documents and Settings\Jean-Daniel\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [HP_AIO_SETUP_MUTEX] C:\DOCUME~1\JEAN-D~1\LOCALS~1\TEMP\HP OFFICEJET G SERIES\CDIMAGE\setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Taux d'occupation du microprocesseur.lnk = C:\WINNT\SYSTEM32\TASKMGR.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.artevod.com
O15 - Trusted Zone: http://www.cede.ch
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141799496437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: System Commander MBR check (WinMBR) - Unknown owner - C:\SC\WINMBR.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
A+ |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 08 Fév 2008 20:23 Sujet du message: |
|
|
| C'est mieux ? |
|
| Revenir en haut de page |
|
|
jeandanielgasser
Newbie
Inscrit le: 07 Déc 2007
Message(s): 30
Localisation: Bussigny, Suisse
|
| Posté le: 10 Fév 2008 15:23 Sujet du message: |
|
|
Salut,
vouiiii, ça marche, plus de problèmes !
Merci !
 |
|
| Revenir en haut de page |
|
|
Angeldark
Equipe Sécurité
Inscrit le: 23 Mai 2007
Message(s): 113
|
| Posté le: 10 Fév 2008 15:47 Sujet du message: |
|
|
| Tu as des questions ? |
|
| Revenir en haut de page |
|
|
| Publicité |
|
|
FAQ
Charte
Rechercher
Membres
S'enregistrer
Profil
Vérifier ses messages privés
Connexion
