A voir également:
- A L'AIDE MOE!!!
- Zone téléchargement moe - Guide
- Extreme down moe - Guide
- God moe - Guide
- Zone telechargement moe - Guide
- Tirexo. moe - Guide
43 réponses
salut nico
bon on reprend tout de zero.
commence par désinstaller Security iGuard, qui est un faux utilitaire de sécurité.
imprime ou enregitre dans le bloc note ce qui suit pour etre sur de ne rien oublier.
ensuite:
-> Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
-> désactive la restauration systéme
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
Puis important:
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC (apres l'ecran du bios)
--------------
Lance hijackthis et Fixe:
(cocher au début de chaques lignes valider avec fix checked)
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Goo] C:\WINDOWS\Vai.exe
O4 - HKLM\..\Run: [Nda] C:\WINDOWS\Rqe.exe
O4 - HKLM\..\Run: [Vck] C:\WINDOWS\Jhq.exe
O4 - HKLM\..\Run: [Ivt] C:\WINDOWS\Tju.exe
O4 - HKLM\..\Run: [Akq] C:\WINDOWS\Vst.exe
O4 - HKLM\..\Run: [Csh] C:\WINDOWS\Inp.exe
O4 - HKLM\..\Run: [Lpd] C:\WINDOWS\Cla.exe
O4 - HKLM\..\Run: [Rml] C:\WINDOWS\System32\Qll.exe
O4 - HKLM\..\Run: [Joo] C:\WINDOWS\System32\Fqm.exe
O4 - HKLM\..\Run: [Nkv] C:\WINDOWS\Afe.exe
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\Iac.exe
O4 - HKLM\..\Run: [Bbn] C:\WINDOWS\Hat.exe
O4 - HKLM\..\Run: [Dca] C:\WINDOWS\Bvq.exe
O4 - HKLM\..\Run: [Ghe] C:\WINDOWS\System32\Rfe.exe
O4 - HKLM\..\Run: [Sic] C:\WINDOWS\Bun.exe
O4 - HKLM\..\Run: [Gfa] C:\WINDOWS\Jqr.exe
O4 - HKLM\..\Run: [Bfn] C:\WINDOWS\System32\Mjf.exe
O4 - HKLM\..\Run: [Arj] C:\WINDOWS\Vri.exe
O4 - HKLM\..\Run: [Aoo] C:\WINDOWS\System32\Hog.exe
O4 - HKLM\..\Run: [Lrj] C:\WINDOWS\Bsj.exe
O4 - HKLM\..\Run: [Bjs] C:\WINDOWS\Vsq.exe
O4 - HKLM\..\Run: [Spn] C:\WINDOWS\System32\Jsk.exe
O4 - HKLM\..\Run: [Ijq] C:\WINDOWS\Boc.exe
O4 - HKLM\..\Run: [Fcf] C:\WINDOWS\System32\Oos.exe
O4 - HKLM\..\Run: [Aol] C:\WINDOWS\System32\Vuh.exe
O4 - HKLM\..\Run: [Nhf] C:\WINDOWS\Poh.exe
O4 - HKLM\..\Run: [Kfq] C:\WINDOWS\System32\Tdi.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jpg.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\System32\Gdh.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\Slf.exe
O4 - HKLM\..\Run: [Qcn] C:\WINDOWS\System32\Quj.exe
O4 - HKLM\..\Run: [Seo] C:\WINDOWS\System32\Mho.exe
O4 - HKLM\..\Run: [Mul] C:\WINDOWS\Mah.exe
O4 - HKLM\..\Run: [Ggs] C:\WINDOWS\System32\Kau.exe
O4 - HKLM\..\Run: [Its] C:\WINDOWS\Kvb.exe
O4 - HKLM\..\Run: [Osl] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Ipr] C:\WINDOWS\System32\Kse.exe
O4 - HKLM\..\Run: [Edc] C:\WINDOWS\System32\Kvc.exe
O4 - HKLM\..\Run: [Nus] C:\WINDOWS\Uvf.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\System32\Tdk.exe
O4 - HKLM\..\Run: [Odj] C:\WINDOWS\System32\Mgt.exe
O4 - HKLM\..\Run: [Tmf] C:\WINDOWS\Qfr.exe
O4 - HKLM\..\Run: [Naa] C:\WINDOWS\System32\Hta.exe
O4 - HKLM\..\Run: [Nvi] C:\WINDOWS\Ltt.exe
O4 - HKLM\..\Run: [Rgl] C:\WINDOWS\Rip.exe
O4 - HKCU\..\Run: [Goo] C:\WINDOWS\Vai.exe
O4 - HKCU\..\Run: [Nda] C:\WINDOWS\Rqe.exe
O4 - HKCU\..\Run: [Vck] C:\WINDOWS\Jhq.exe
O4 - HKCU\..\Run: [Ivt] C:\WINDOWS\Tju.exe
O4 - HKCU\..\Run: [Akq] C:\WINDOWS\Vst.exe
O4 - HKCU\..\Run: [Csh] C:\WINDOWS\Inp.exe
O4 - HKCU\..\Run: [Lpd] C:\WINDOWS\Cla.exe
O4 - HKCU\..\Run: [Rml] C:\WINDOWS\System32\Qll.exe
O4 - HKCU\..\Run: [Joo] C:\WINDOWS\System32\Fqm.exe
O4 - HKCU\..\Run: [Nkv] C:\WINDOWS\Afe.exe
O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\Iac.exe
O4 - HKCU\..\Run: [Bbn] C:\WINDOWS\Hat.exe
O4 - HKCU\..\Run: [Dca] C:\WINDOWS\Bvq.exe
O4 - HKCU\..\Run: [Ghe] C:\WINDOWS\System32\Rfe.exe
O4 - HKCU\..\Run: [Sic] C:\WINDOWS\Bun.exe
O4 - HKCU\..\Run: [Gfa] C:\WINDOWS\Jqr.exe
O4 - HKCU\..\Run: [Bfn] C:\WINDOWS\System32\Mjf.exe
O4 - HKCU\..\Run: [Arj] C:\WINDOWS\Vri.exe
O4 - HKCU\..\Run: [Aoo] C:\WINDOWS\System32\Hog.exe
O4 - HKCU\..\Run: [Lrj] C:\WINDOWS\Bsj.exe
O4 - HKCU\..\Run: [Bjs] C:\WINDOWS\Vsq.exe
O4 - HKCU\..\Run: [Spn] C:\WINDOWS\System32\Jsk.exe
O4 - HKCU\..\Run: [Ijq] C:\WINDOWS\Boc.exe
O4 - HKCU\..\Run: [Fcf] C:\WINDOWS\System32\Oos.exe
O4 - HKCU\..\Run: [Aol] C:\WINDOWS\System32\Vuh.exe
O4 - HKCU\..\Run: [Nhf] C:\WINDOWS\Poh.exe
O4 - HKCU\..\Run: [Kfq] C:\WINDOWS\System32\Tdi.exe
O4 - HKCU\..\Run: [Una] C:\WINDOWS\Jpg.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\System32\Gdh.exe
O4 - HKCU\..\Run: [Klo] C:\WINDOWS\Slf.exe
O4 - HKCU\..\Run: [Qcn] C:\WINDOWS\System32\Quj.exe
O4 - HKCU\..\Run: [Seo] C:\WINDOWS\System32\Mho.exe
O4 - HKCU\..\Run: [Mul] C:\WINDOWS\Mah.exe
O4 - HKCU\..\Run: [Ggs] C:\WINDOWS\System32\Kau.exe
O4 - HKCU\..\Run: [Its] C:\WINDOWS\Kvb.exe
O4 - HKCU\..\Run: [Osl] C:\WINDOWS\Cqe.exe
O4 - HKCU\..\Run: [Ipr] C:\WINDOWS\System32\Kse.exe
O4 - HKCU\..\Run: [Edc] C:\WINDOWS\System32\Kvc.exe
O4 - HKCU\..\Run: [Nus] C:\WINDOWS\Uvf.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\System32\Tdk.exe
O4 - HKCU\..\Run: [Odj] C:\WINDOWS\System32\Mgt.exe
O4 - HKCU\..\Run: [Tmf] C:\WINDOWS\Qfr.exe
O4 - HKCU\..\Run: [Naa] C:\WINDOWS\System32\Hta.exe
O4 - HKCU\..\Run: [Nvi] C:\WINDOWS\Ltt.exe
O4 - HKCU\..\Run: [Rgl] C:\WINDOWS\Rip.exe
Rechercher et supprimer :
C:\WINDOWS\Vai.exe
C:\WINDOWS\Rqe.exe
C:\WINDOWS\Jhq.exe
C:\WINDOWS\Tju.exe
C:\WINDOWS\Vst.exe
C:\WINDOWS\Inp.exe
C:\WINDOWS\Cla.exe
C:\WINDOWS\System32\Qll.exe
C:\WINDOWS\System32\Fqm.exe
C:\WINDOWS\Afe.exe
C:\WINDOWS\Iac.exe
C:\WINDOWS\Hat.exe
C:\WINDOWS\Bvq.exe
C:\WINDOWS\System32\Rfe.exe
C:\WINDOWS\Bun.exe
C:\WINDOWS\Jqr.exe
C:\WINDOWS\System32\Mjf.exe
C:\WINDOWS\Vri.exe
C:\WINDOWS\System32\Hog.exe
C:\WINDOWS\Bsj.exe
C:\WINDOWS\Vsq.exe
C:\WINDOWS\System32\Jsk.exe
C:\WINDOWS\Boc.exe
C:\WINDOWS\System32\Oos.exe
C:\WINDOWS\System32\Vuh.exe
C:\WINDOWS\Poh.exe
C:\WINDOWS\System32\Tdi.exe
C:\WINDOWS\Jpg.exe
C:\WINDOWS\System32\Gdh.exe
C:\WINDOWS\Slf.exe
C:\WINDOWS\System32\Quj.exe
C:\WINDOWS\System32\Mho.exe
C:\WINDOWS\Mah.exe
C:\WINDOWS\System32\Kau.exe
C:\WINDOWS\Kvb.exe
C:\WINDOWS\Cqe.exe
C:\WINDOWS\System32\Kse.exe
C:\WINDOWS\System32\Kvc.exe
C:\WINDOWS\Uvf.exe
C:\WINDOWS\System32\Tdk.exe
C:\WINDOWS\System32\Mgt.exe
C:\WINDOWS\Qfr.exe
C:\WINDOWS\System32\Hta.exe
C:\WINDOWS\Ltt.exe
C:\WINDOWS\Rip.exee
il faut absolument tous les supprimer sinon retour à la case depart
C:\Desktop <= tout le dossier
C:\WINDOWS\popup.html
C:\WINDOWS\desktop.html
Supprimer tout les fichiers à l'intérieur des dossiers suivants:
* C:\Temp
* C:\Windows \Temp
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* C:\Documents and Settings\tous les utilisateurs\Local Settings\Temp
* C:\Documents and Settings\tous les utilisateurs \Local Settings\Temporary Internet Files
* C:\Documents and Settings\tous les utilisateurs \Cookies
* Vider la corbeille !
Nettoyage du disque:
Démarrer > Tous les programmes > accessoires > outils système > nettoyage du disque
cocher:
- fichiers et programmes téléchargés
- fichiers internet temporaires
- corbeille
- fichier temporaires
valider ok
-----------------------------
Redemarre normalement et reposte un log hijack pour vérifier l'évolution
bon on reprend tout de zero.
commence par désinstaller Security iGuard, qui est un faux utilitaire de sécurité.
imprime ou enregitre dans le bloc note ce qui suit pour etre sur de ne rien oublier.
ensuite:
-> Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
-> désactive la restauration systéme
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
Puis important:
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC (apres l'ecran du bios)
--------------
Lance hijackthis et Fixe:
(cocher au début de chaques lignes valider avec fix checked)
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Goo] C:\WINDOWS\Vai.exe
O4 - HKLM\..\Run: [Nda] C:\WINDOWS\Rqe.exe
O4 - HKLM\..\Run: [Vck] C:\WINDOWS\Jhq.exe
O4 - HKLM\..\Run: [Ivt] C:\WINDOWS\Tju.exe
O4 - HKLM\..\Run: [Akq] C:\WINDOWS\Vst.exe
O4 - HKLM\..\Run: [Csh] C:\WINDOWS\Inp.exe
O4 - HKLM\..\Run: [Lpd] C:\WINDOWS\Cla.exe
O4 - HKLM\..\Run: [Rml] C:\WINDOWS\System32\Qll.exe
O4 - HKLM\..\Run: [Joo] C:\WINDOWS\System32\Fqm.exe
O4 - HKLM\..\Run: [Nkv] C:\WINDOWS\Afe.exe
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\Iac.exe
O4 - HKLM\..\Run: [Bbn] C:\WINDOWS\Hat.exe
O4 - HKLM\..\Run: [Dca] C:\WINDOWS\Bvq.exe
O4 - HKLM\..\Run: [Ghe] C:\WINDOWS\System32\Rfe.exe
O4 - HKLM\..\Run: [Sic] C:\WINDOWS\Bun.exe
O4 - HKLM\..\Run: [Gfa] C:\WINDOWS\Jqr.exe
O4 - HKLM\..\Run: [Bfn] C:\WINDOWS\System32\Mjf.exe
O4 - HKLM\..\Run: [Arj] C:\WINDOWS\Vri.exe
O4 - HKLM\..\Run: [Aoo] C:\WINDOWS\System32\Hog.exe
O4 - HKLM\..\Run: [Lrj] C:\WINDOWS\Bsj.exe
O4 - HKLM\..\Run: [Bjs] C:\WINDOWS\Vsq.exe
O4 - HKLM\..\Run: [Spn] C:\WINDOWS\System32\Jsk.exe
O4 - HKLM\..\Run: [Ijq] C:\WINDOWS\Boc.exe
O4 - HKLM\..\Run: [Fcf] C:\WINDOWS\System32\Oos.exe
O4 - HKLM\..\Run: [Aol] C:\WINDOWS\System32\Vuh.exe
O4 - HKLM\..\Run: [Nhf] C:\WINDOWS\Poh.exe
O4 - HKLM\..\Run: [Kfq] C:\WINDOWS\System32\Tdi.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jpg.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\System32\Gdh.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\Slf.exe
O4 - HKLM\..\Run: [Qcn] C:\WINDOWS\System32\Quj.exe
O4 - HKLM\..\Run: [Seo] C:\WINDOWS\System32\Mho.exe
O4 - HKLM\..\Run: [Mul] C:\WINDOWS\Mah.exe
O4 - HKLM\..\Run: [Ggs] C:\WINDOWS\System32\Kau.exe
O4 - HKLM\..\Run: [Its] C:\WINDOWS\Kvb.exe
O4 - HKLM\..\Run: [Osl] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Ipr] C:\WINDOWS\System32\Kse.exe
O4 - HKLM\..\Run: [Edc] C:\WINDOWS\System32\Kvc.exe
O4 - HKLM\..\Run: [Nus] C:\WINDOWS\Uvf.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\System32\Tdk.exe
O4 - HKLM\..\Run: [Odj] C:\WINDOWS\System32\Mgt.exe
O4 - HKLM\..\Run: [Tmf] C:\WINDOWS\Qfr.exe
O4 - HKLM\..\Run: [Naa] C:\WINDOWS\System32\Hta.exe
O4 - HKLM\..\Run: [Nvi] C:\WINDOWS\Ltt.exe
O4 - HKLM\..\Run: [Rgl] C:\WINDOWS\Rip.exe
O4 - HKCU\..\Run: [Goo] C:\WINDOWS\Vai.exe
O4 - HKCU\..\Run: [Nda] C:\WINDOWS\Rqe.exe
O4 - HKCU\..\Run: [Vck] C:\WINDOWS\Jhq.exe
O4 - HKCU\..\Run: [Ivt] C:\WINDOWS\Tju.exe
O4 - HKCU\..\Run: [Akq] C:\WINDOWS\Vst.exe
O4 - HKCU\..\Run: [Csh] C:\WINDOWS\Inp.exe
O4 - HKCU\..\Run: [Lpd] C:\WINDOWS\Cla.exe
O4 - HKCU\..\Run: [Rml] C:\WINDOWS\System32\Qll.exe
O4 - HKCU\..\Run: [Joo] C:\WINDOWS\System32\Fqm.exe
O4 - HKCU\..\Run: [Nkv] C:\WINDOWS\Afe.exe
O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\Iac.exe
O4 - HKCU\..\Run: [Bbn] C:\WINDOWS\Hat.exe
O4 - HKCU\..\Run: [Dca] C:\WINDOWS\Bvq.exe
O4 - HKCU\..\Run: [Ghe] C:\WINDOWS\System32\Rfe.exe
O4 - HKCU\..\Run: [Sic] C:\WINDOWS\Bun.exe
O4 - HKCU\..\Run: [Gfa] C:\WINDOWS\Jqr.exe
O4 - HKCU\..\Run: [Bfn] C:\WINDOWS\System32\Mjf.exe
O4 - HKCU\..\Run: [Arj] C:\WINDOWS\Vri.exe
O4 - HKCU\..\Run: [Aoo] C:\WINDOWS\System32\Hog.exe
O4 - HKCU\..\Run: [Lrj] C:\WINDOWS\Bsj.exe
O4 - HKCU\..\Run: [Bjs] C:\WINDOWS\Vsq.exe
O4 - HKCU\..\Run: [Spn] C:\WINDOWS\System32\Jsk.exe
O4 - HKCU\..\Run: [Ijq] C:\WINDOWS\Boc.exe
O4 - HKCU\..\Run: [Fcf] C:\WINDOWS\System32\Oos.exe
O4 - HKCU\..\Run: [Aol] C:\WINDOWS\System32\Vuh.exe
O4 - HKCU\..\Run: [Nhf] C:\WINDOWS\Poh.exe
O4 - HKCU\..\Run: [Kfq] C:\WINDOWS\System32\Tdi.exe
O4 - HKCU\..\Run: [Una] C:\WINDOWS\Jpg.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\System32\Gdh.exe
O4 - HKCU\..\Run: [Klo] C:\WINDOWS\Slf.exe
O4 - HKCU\..\Run: [Qcn] C:\WINDOWS\System32\Quj.exe
O4 - HKCU\..\Run: [Seo] C:\WINDOWS\System32\Mho.exe
O4 - HKCU\..\Run: [Mul] C:\WINDOWS\Mah.exe
O4 - HKCU\..\Run: [Ggs] C:\WINDOWS\System32\Kau.exe
O4 - HKCU\..\Run: [Its] C:\WINDOWS\Kvb.exe
O4 - HKCU\..\Run: [Osl] C:\WINDOWS\Cqe.exe
O4 - HKCU\..\Run: [Ipr] C:\WINDOWS\System32\Kse.exe
O4 - HKCU\..\Run: [Edc] C:\WINDOWS\System32\Kvc.exe
O4 - HKCU\..\Run: [Nus] C:\WINDOWS\Uvf.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\System32\Tdk.exe
O4 - HKCU\..\Run: [Odj] C:\WINDOWS\System32\Mgt.exe
O4 - HKCU\..\Run: [Tmf] C:\WINDOWS\Qfr.exe
O4 - HKCU\..\Run: [Naa] C:\WINDOWS\System32\Hta.exe
O4 - HKCU\..\Run: [Nvi] C:\WINDOWS\Ltt.exe
O4 - HKCU\..\Run: [Rgl] C:\WINDOWS\Rip.exe
Rechercher et supprimer :
C:\WINDOWS\Vai.exe
C:\WINDOWS\Rqe.exe
C:\WINDOWS\Jhq.exe
C:\WINDOWS\Tju.exe
C:\WINDOWS\Vst.exe
C:\WINDOWS\Inp.exe
C:\WINDOWS\Cla.exe
C:\WINDOWS\System32\Qll.exe
C:\WINDOWS\System32\Fqm.exe
C:\WINDOWS\Afe.exe
C:\WINDOWS\Iac.exe
C:\WINDOWS\Hat.exe
C:\WINDOWS\Bvq.exe
C:\WINDOWS\System32\Rfe.exe
C:\WINDOWS\Bun.exe
C:\WINDOWS\Jqr.exe
C:\WINDOWS\System32\Mjf.exe
C:\WINDOWS\Vri.exe
C:\WINDOWS\System32\Hog.exe
C:\WINDOWS\Bsj.exe
C:\WINDOWS\Vsq.exe
C:\WINDOWS\System32\Jsk.exe
C:\WINDOWS\Boc.exe
C:\WINDOWS\System32\Oos.exe
C:\WINDOWS\System32\Vuh.exe
C:\WINDOWS\Poh.exe
C:\WINDOWS\System32\Tdi.exe
C:\WINDOWS\Jpg.exe
C:\WINDOWS\System32\Gdh.exe
C:\WINDOWS\Slf.exe
C:\WINDOWS\System32\Quj.exe
C:\WINDOWS\System32\Mho.exe
C:\WINDOWS\Mah.exe
C:\WINDOWS\System32\Kau.exe
C:\WINDOWS\Kvb.exe
C:\WINDOWS\Cqe.exe
C:\WINDOWS\System32\Kse.exe
C:\WINDOWS\System32\Kvc.exe
C:\WINDOWS\Uvf.exe
C:\WINDOWS\System32\Tdk.exe
C:\WINDOWS\System32\Mgt.exe
C:\WINDOWS\Qfr.exe
C:\WINDOWS\System32\Hta.exe
C:\WINDOWS\Ltt.exe
C:\WINDOWS\Rip.exee
il faut absolument tous les supprimer sinon retour à la case depart
C:\Desktop <= tout le dossier
C:\WINDOWS\popup.html
C:\WINDOWS\desktop.html
Supprimer tout les fichiers à l'intérieur des dossiers suivants:
* C:\Temp
* C:\Windows \Temp
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* C:\Documents and Settings\tous les utilisateurs\Local Settings\Temp
* C:\Documents and Settings\tous les utilisateurs \Local Settings\Temporary Internet Files
* C:\Documents and Settings\tous les utilisateurs \Cookies
* Vider la corbeille !
Nettoyage du disque:
Démarrer > Tous les programmes > accessoires > outils système > nettoyage du disque
cocher:
- fichiers et programmes téléchargés
- fichiers internet temporaires
- corbeille
- fichier temporaires
valider ok
-----------------------------
Redemarre normalement et reposte un log hijack pour vérifier l'évolution
On dirait qu'il y a du mieux mais toujours cette mer.. de bureau rouge avec "danger spyware"...
Merci de me coacher encore...
@+
Voici le nveau log :
Logfile of HijackThis v1.99.1
Scan saved at 19:43:04, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\Lfl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKLM\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKLM\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKCU\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKCU\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Merci de me coacher encore...
@+
Voici le nveau log :
Logfile of HijackThis v1.99.1
Scan saved at 19:43:04, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\Lfl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKLM\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKLM\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKCU\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKCU\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
juste un truc avant de regarder le log, est ce que toutes les lignes à fixer étaient présentes en mode sans echec?
Non, la suivante n'était pas présente :
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
Par contre toutes les autres oui...
Toujours pas réussi à virer C:\desktop (il me dit que c'est un fichier système et refuse la suppression)
Voilà, si cela peut complèter ton analyse...
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
Par contre toutes les autres oui...
Toujours pas réussi à virer C:\desktop (il me dit que c'est un fichier système et refuse la suppression)
Voilà, si cela peut complèter ton analyse...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut
vraiment pas facile cette mer*e
pour ton fond d'ecran essaye:
demarrer > panneau de configuration > affichage
clic sur l'onglet bureau puis sur "personnalisation du bureau"
clic sur web
dans pages web regarde si tu as une entrée "security" ou quelque chose d'approchant et clic sur supprimer.
-> Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Puis:
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC (apres l'ecran du bios)
---------------------------------------------
Vérifie si ce ou ces procéssus apparaissent dans le gestionnaire des taches.(CTRL+ALT+SUPPR)
S'ils sont présent: clic droit dessus puis clic sur "terminer le processus"
Lfl.exe
Lance hijackthis et Fixe:
(cocher au début de chaques lignes valider avec fix checked)
O4 - HKLM\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKLM\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKLM\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - HKCU\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKCU\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKCU\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\Dlo.exe
Rechercher et supprimer si présent:
C:\WINDOWS\Lfl.exe
C:\WINDOWS\System32\Pfe.exe
C:\WINDOWS\System32\Sjq.exe
C:\WINDOWS\Bcm.exe
C:\WINDOWS\Dlo.exe
C:\desktop
Redemarre normalement et reposte un log hijack pour vérifier
en croisant les doigts...
vraiment pas facile cette mer*e
pour ton fond d'ecran essaye:
demarrer > panneau de configuration > affichage
clic sur l'onglet bureau puis sur "personnalisation du bureau"
clic sur web
dans pages web regarde si tu as une entrée "security" ou quelque chose d'approchant et clic sur supprimer.
-> Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
cocher " afficher les fichiers et dossiers cachés "
décocher " masquer les extentions des fichiers dont le type est connu
décocher " masquer les fichiers protégés du système"
Puis:
- Redémarre en mode sans échec en appuyant sur la touche F8 au démarrage de ton PC (apres l'ecran du bios)
---------------------------------------------
Vérifie si ce ou ces procéssus apparaissent dans le gestionnaire des taches.(CTRL+ALT+SUPPR)
S'ils sont présent: clic droit dessus puis clic sur "terminer le processus"
Lfl.exe
Lance hijackthis et Fixe:
(cocher au début de chaques lignes valider avec fix checked)
O4 - HKLM\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKLM\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKLM\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\Dlo.exe
O4 - HKCU\..\Run: [Fir] C:\WINDOWS\Lfl.exe
O4 - HKCU\..\Run: [Too] C:\WINDOWS\System32\Pfe.exe
O4 - HKCU\..\Run: [Lnd] C:\WINDOWS\System32\Sjq.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\Dlo.exe
Rechercher et supprimer si présent:
C:\WINDOWS\Lfl.exe
C:\WINDOWS\System32\Pfe.exe
C:\WINDOWS\System32\Sjq.exe
C:\WINDOWS\Bcm.exe
C:\WINDOWS\Dlo.exe
C:\desktop
Redemarre normalement et reposte un log hijack pour vérifier
en croisant les doigts...
Rien dans la personnalisation du bureau, pas de Lfl.exe dans le gestionnaire des tâches et toujours pas réussi à virer C:\Desktop.
Toujours même fond d'écran.
Bon sang, on va pas y arriver!!!
Je te fauis confiance à 200%
Voici le nveau log :
Logfile of HijackThis v1.99.1
Scan saved at 20:22:28, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\Mft.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKLM\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKCU\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Toujours même fond d'écran.
Bon sang, on va pas y arriver!!!
Je te fauis confiance à 200%
Voici le nveau log :
Logfile of HijackThis v1.99.1
Scan saved at 20:22:28, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\Mft.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKLM\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKCU\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
plus que 2....
toujours en mode sans echecs
fixe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
O4 - HKLM\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKLM\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - HKCU\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKCU\..\Run: [Ggg] C:\WINDOWS\Edn.exe
avant de les supprimer faudrait faire un clic droit sur l'un d'eux >propriétés et reperer la date de creation/modification.
puis lancer une recherche (option "quand à eut lieu la derniere modification"), rentrer la date et poster le resultat de la recherche
et supprime:
C:\WINDOWS\System32\Mft.exe
C:\WINDOWS\Edn.exe
retente
C:\Desktop
redemarre et reposte un log
je crois que ca va etre long....
toujours en mode sans echecs
fixe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
O4 - HKLM\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKLM\..\Run: [Ggg] C:\WINDOWS\Edn.exe
O4 - HKCU\..\Run: [Tik] C:\WINDOWS\System32\Mft.exe
O4 - HKCU\..\Run: [Ggg] C:\WINDOWS\Edn.exe
avant de les supprimer faudrait faire un clic droit sur l'un d'eux >propriétés et reperer la date de creation/modification.
puis lancer une recherche (option "quand à eut lieu la derniere modification"), rentrer la date et poster le resultat de la recherche
et supprime:
C:\WINDOWS\System32\Mft.exe
C:\WINDOWS\Edn.exe
retente
C:\Desktop
redemarre et reposte un log
je crois que ca va etre long....
Toujours bureau idem, pas réusii à obtenir info sur date de création cause pas de clic droit sur la souris + pas trouvé Edn.exe + dernier log joint...
il doit me rester 1 cheveu tellement je me les arrache...
Bon courage
Logfile of HijackThis v1.99.1
Scan saved at 21:01:55, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Gun.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKLM\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKCU\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKCU\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKCU\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
il doit me rester 1 cheveu tellement je me les arrache...
Bon courage
Logfile of HijackThis v1.99.1
Scan saved at 21:01:55, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Gun.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKLM\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKCU\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKCU\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKCU\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
je commence à me les arracher moi aussi lol
toujours en mode sans echecs
fixe:
O4 - HKLM\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKLM\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - HKCU\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKCU\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKCU\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKCU\..\Run: [Amb] C:\WINDOWS\Spb.exe
puis:
Voilà les clés qui sont normalement modifiées par le troyen, certains noms de clés comme wallpaper,OriginalWallpaper, ConvertedWallpaper sont présentes sur un pc sain mais avec d'autres valeurs, donc je préfere les laisser vides, plutot que de les supprimer.
Avant faire des modifications dans le registre, il vaut mieux sauvegarder les clés qui vont êtres modifiés:
Demarrer> exécuter tape regedit
Déployer les clés jusqu'au dossier en gras et se positionner dessus.
ensuite clic sur fichier (tout en haut)> exporter
Donner un nom à la sauvegarde et enregistrer
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\shell folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKCU\Software\Microsoft\Internet Explorer\Desktop\General
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General
HKCU\Control Panel\Desktop
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell folders
HKEY_USERS\.DEFAULT\Software\\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
----------------------------
ensuite aller jusqu'a:
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ clic sur Explorer
dans la fenetre de droite clic sur NoViewContextMenu et clic sur [Suppr] pour supprimer la valeur.
* HKLM\Software\Microsoft\Windows\CurrentVersion\policies\clic sur Explorer
dans la fenetre de droite clic sur NoViewContextMenu et clic sur [Suppr] pour supprimer la valeur.
le clic droit devrait etre à nouveau disponible.
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic droit sur ActiveDesktop puis clic sur supprimer.
* HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Desktop et supprimer C:\Desktop
à la place mettre comme valeur: %USERPROFILE%\Bureau
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic sur Explorer
clic droit sur chaques valeurs ci dessous, et supprimer:
ClassicShell
NoActiveDesktop
ForceActiveDesktopOn
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic sur System
dans la fenetre de droite double clic sur Wallpaper et supprimer C:\WINDOWS\desktop.html
* HKCU\Software\Microsoft\Internet Explorer\Desktop\clic sur General
dans la fenetre de droite double clic sur Wallpaper et supprimer C:\WINDOWS\desktop.html
dans la fenetre de droite double clic sur BackupWallpaper et supprimer:
C:\WINDOWS\desktop.html
* HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\clic sur General
dans la fenetre de droite double clic sur Wallpaper et supprimer: C:\WINDOWS\desktop.html
* HKCU\Control Panel\Desktop
dans la fenetre de droite double clic sur ces 3 noms et supprimer C:\WINDOWS\desktop.html
Wallpaper
OriginalWallpaper
ConvertedWallpaper
* HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\clic droit sur ActiveDesktop puis clic sur supprimer
* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Common Desktop et supprimer: C:\Desktop
à la place mettre comme valeur: %ALLUSERSPROFILE%\Bureau
* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur shell folders
dans la fenetre de droite double clic sur Common Desktop et supprimer: C:\Desktop
à la place mettre comme valeur: C:\Documents and Settings\All Users\Bureau
* HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur Shell folders
Desktop doit avoir pour valeur: C:\WINDOWS\system32\config\systemprofile\Bureau
* HKEY_USERS\.DEFAULT\Software\\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
Desktop doit avoir pour valeur: %USERPROFILE%\Bureau
une fois fait, supprime:
C:\WINDOWS\Gun.exe
C:\WINDOWS\System32\Tgv.exe
C:\WINDOWS\System32\Jgh.exe
C:\WINDOWS\Spb.exe
C:\WINDOWS\desktop.html
C:\desktop
redemarre et essaye de faire un scan ici:
http://www.bitdefender.com/scan/licence.php
reposte un log et le resultat du scan
a+
toujours en mode sans echecs
fixe:
O4 - HKLM\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKLM\..\Run: [Amb] C:\WINDOWS\Spb.exe
O4 - HKCU\..\Run: [Vlu] C:\WINDOWS\Gun.exe
O4 - HKCU\..\Run: [Vkd] C:\WINDOWS\System32\Tgv.exe
O4 - HKCU\..\Run: [Fio] C:\WINDOWS\System32\Jgh.exe
O4 - HKCU\..\Run: [Amb] C:\WINDOWS\Spb.exe
puis:
Voilà les clés qui sont normalement modifiées par le troyen, certains noms de clés comme wallpaper,OriginalWallpaper, ConvertedWallpaper sont présentes sur un pc sain mais avec d'autres valeurs, donc je préfere les laisser vides, plutot que de les supprimer.
Avant faire des modifications dans le registre, il vaut mieux sauvegarder les clés qui vont êtres modifiés:
Demarrer> exécuter tape regedit
Déployer les clés jusqu'au dossier en gras et se positionner dessus.
ensuite clic sur fichier (tout en haut)> exporter
Donner un nom à la sauvegarde et enregistrer
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\shell folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKCU\Software\Microsoft\Internet Explorer\Desktop\General
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General
HKCU\Control Panel\Desktop
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell folders
HKEY_USERS\.DEFAULT\Software\\Microsoft\Windows\CurrentVersion\Explorer\User shell folders
----------------------------
ensuite aller jusqu'a:
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ clic sur Explorer
dans la fenetre de droite clic sur NoViewContextMenu et clic sur [Suppr] pour supprimer la valeur.
* HKLM\Software\Microsoft\Windows\CurrentVersion\policies\clic sur Explorer
dans la fenetre de droite clic sur NoViewContextMenu et clic sur [Suppr] pour supprimer la valeur.
le clic droit devrait etre à nouveau disponible.
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic droit sur ActiveDesktop puis clic sur supprimer.
* HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Desktop et supprimer C:\Desktop
à la place mettre comme valeur: %USERPROFILE%\Bureau
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic sur Explorer
clic droit sur chaques valeurs ci dessous, et supprimer:
ClassicShell
NoActiveDesktop
ForceActiveDesktopOn
* HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\clic sur System
dans la fenetre de droite double clic sur Wallpaper et supprimer C:\WINDOWS\desktop.html
* HKCU\Software\Microsoft\Internet Explorer\Desktop\clic sur General
dans la fenetre de droite double clic sur Wallpaper et supprimer C:\WINDOWS\desktop.html
dans la fenetre de droite double clic sur BackupWallpaper et supprimer:
C:\WINDOWS\desktop.html
* HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\clic sur General
dans la fenetre de droite double clic sur Wallpaper et supprimer: C:\WINDOWS\desktop.html
* HKCU\Control Panel\Desktop
dans la fenetre de droite double clic sur ces 3 noms et supprimer C:\WINDOWS\desktop.html
Wallpaper
OriginalWallpaper
ConvertedWallpaper
* HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\clic droit sur ActiveDesktop puis clic sur supprimer
* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Common Desktop et supprimer: C:\Desktop
à la place mettre comme valeur: %ALLUSERSPROFILE%\Bureau
* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur shell folders
dans la fenetre de droite double clic sur Common Desktop et supprimer: C:\Desktop
à la place mettre comme valeur: C:\Documents and Settings\All Users\Bureau
* HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur Shell folders
Desktop doit avoir pour valeur: C:\WINDOWS\system32\config\systemprofile\Bureau
* HKEY_USERS\.DEFAULT\Software\\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
Desktop doit avoir pour valeur: %USERPROFILE%\Bureau
une fois fait, supprime:
C:\WINDOWS\Gun.exe
C:\WINDOWS\System32\Tgv.exe
C:\WINDOWS\System32\Jgh.exe
C:\WINDOWS\Spb.exe
C:\WINDOWS\desktop.html
C:\desktop
redemarre et essaye de faire un scan ici:
http://www.bitdefender.com/scan/licence.php
reposte un log et le resultat du scan
a+
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 22:24
10 avril 2005 à 22:24
si l infection persiste voir si un service cacher ne le reactive pas et aussi vx2
résultat du scan Bitdefender (édifiant...) : BON COURAGE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip=>ide21201.vxd: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip=>istactivex.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyHunter.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04013D44.exe=>(Quarantine-2): infected with Backdoor.Haxdoor.BH
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0934624C.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B3F654B.exe=>(Quarantine-2): infected with Trojan.Dropper.PD7.A
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB07542.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB07542.htm: infected with JS.Trojan.Downloader.IstBar.A
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB31F3F.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB6493B.dll=>(Quarantine-2): infected with Trojan.Downloader.Small.XO
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FE67E20.exe=>(Quarantine-2): infected with Dropped:Trojan.Downloader.Small.AMG
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13140749.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\188B2730.exe=>(Quarantine-2): infected with Backdoor.Haxdoor.BH
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B305145.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D00127F.dll=>(Quarantine-2): infected with Backdoor.Haxdoor.bh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DDE398B.dll=>(Quarantine-2): infected with Backdoor.Haxdoor.bh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29367390.exe=>(Quarantine-2): infected with Trojan.Downloader.Delf.DG
Voici le dernier log :
Logfile of HijackThis v1.99.1
Scan saved at 22:40:24, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Bse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - Startup: winupdate03072989[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip=>ide21201.vxd: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip=>istactivex.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaTickets5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecurityIGuards1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyHunter.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Documents and Settings\Téléchgt\Spyware\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04013D44.exe=>(Quarantine-2): infected with Backdoor.Haxdoor.BH
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0934624C.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B3F654B.exe=>(Quarantine-2): infected with Trojan.Dropper.PD7.A
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB07542.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB07542.htm: infected with JS.Trojan.Downloader.IstBar.A
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB31F3F.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB6493B.dll=>(Quarantine-2): infected with Trojan.Downloader.Small.XO
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FE67E20.exe=>(Quarantine-2): infected with Dropped:Trojan.Downloader.Small.AMG
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13140749.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\188B2730.exe=>(Quarantine-2): infected with Backdoor.Haxdoor.BH
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1B305145.exe=>(Quarantine-2): infected with Trojan.StartPage.NK
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D00127F.dll=>(Quarantine-2): infected with Backdoor.Haxdoor.bh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DDE398B.dll=>(Quarantine-2): infected with Backdoor.Haxdoor.bh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29367390.exe=>(Quarantine-2): infected with Trojan.Downloader.Delf.DG
Voici le dernier log :
Logfile of HijackThis v1.99.1
Scan saved at 22:40:24, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Bse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - Startup: winupdate03072989[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 22:56
10 avril 2005 à 22:56
pour le scan de bit defender no soucis se sont des fichiers en quarantaine de spyboot adaware et norton
par contre toutes les lignes sont revenue lol
Télécharge ceci SilentRunners.
http://www.silentrunners.org/
Lance-le
Copie/colle-le rapport ici
par contre toutes les lignes sont revenue lol
Télécharge ceci SilentRunners.
http://www.silentrunners.org/
Lance-le
Copie/colle-le rapport ici
je ne sais pas si c'est ce que tu voulais...
Bonne analyse et merci de me venir en aide...
Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Bonne analyse et merci de me venir en aide...
Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 23:13
10 avril 2005 à 23:13
il ni a pas la totalite du rapport plus bas il doit y avoir les services
Désolé... voilà la suite
"Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1036\UNBIND.DLL" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is disabled.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\desktop.html"
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage
"winupdate03072989[1].exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Analyser mon ordinateur - Propriétaire" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {CLSID}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\
(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\
(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\
(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\
(Default) = "&Discuter"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ISSvc, ISSVC, "C:\Program Files\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
"Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"MessagerStarter Wanadoo" = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" ["France Telecom"]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Mst" = "C:\WINDOWS\Bse.exe" [null data]
"Qtc" = "C:\WINDOWS\System32\Cum.exe" [null data]
"Geh" = "C:\WINDOWS\Sma.exe" [null data]
"Gem" = "C:\WINDOWS\System32\Ejt.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1036\UNBIND.DLL" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is disabled.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\desktop.html"
Startup items in "Propriétaire" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage
"winupdate03072989[1].exe" [null data]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Analyser mon ordinateur - Propriétaire" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {CLSID}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\
(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\
(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\
(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\
(Default) = "&Discuter"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ISSvc, ISSVC, "C:\Program Files\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 23:23
10 avril 2005 à 23:23
oki remet moi un hijack
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 23:26
10 avril 2005 à 23:26
la 020 a virer detorunement de service apparament
cela ne resoudrat peut etre pas tous mais ont verras lol
cela ne resoudrat peut etre pas tous mais ont verras lol
Voici le log...
A savoir que j'ai encore la febêtre "danger spyware" avec des C:\Windows\***.html qui revient souvent et les noms *** changent à chaque fois, est-ce qu'à chacune de ces apparitions je ne rechoppe pas tout malgré les efforts de désinfection effectués?
Bon courage
Logfile of HijackThis v1.99.1
Scan saved at 23:27:44, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Bse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKLM\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKLM\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKCU\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKCU\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - Startup: winupdate03072989[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
A savoir que j'ai encore la febêtre "danger spyware" avec des C:\Windows\***.html qui revient souvent et les noms *** changent à chaque fois, est-ce qu'à chacune de ces apparitions je ne rechoppe pas tout malgré les efforts de désinfection effectués?
Bon courage
Logfile of HijackThis v1.99.1
Scan saved at 23:27:44, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\Bse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Documents and Settings\Téléchgt\Spyware\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKLM\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKLM\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKCU\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKCU\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - Startup: winupdate03072989[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
10 avril 2005 à 23:38
10 avril 2005 à 23:38
salut
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
----------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKLM\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKLM\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKCU\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKCU\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - Startup: winupdate03072989[1].exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
----------------------
recherche et suppr ceci
attention seulement les fichiers
recherche et suppr tous les exe plus haut
et surtout cette dll
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
---------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
passe bien clean up aussi
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
--
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
----------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKLM\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKLM\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - HKCU\..\Run: [Mst] C:\WINDOWS\Bse.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Geh] C:\WINDOWS\Sma.exe
O4 - HKCU\..\Run: [Gem] C:\WINDOWS\System32\Ejt.exe
O4 - HKCU\..\Run: [Gto] C:\WINDOWS\System32\Bmi.exe
O4 - HKCU\..\Run: [Fah] C:\WINDOWS\Emu.exe
O4 - HKCU\..\Run: [Ugj] C:\WINDOWS\Gbu.exe
O4 - Startup: winupdate03072989[1].exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
----------------------
recherche et suppr ceci
attention seulement les fichiers
recherche et suppr tous les exe plus haut
et surtout cette dll
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
---------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
passe bien clean up aussi
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
--