Sujet Précédent Sujet Suivant

Interpretation log hijackthis!!

Résolu/Fermé
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009 - 10 mars 2008 à 18:07
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009 - 18 mars 2008 à 21:53
Bonjour,
J e rencontre des problemes: mes pages internet se chargent très lentement, pub intempestives.
j'ai deja fait des scans avast adaware spybot
voici donc le log hijacthis!!

merci d'avance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:08, on 10/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
d:\Programs\Alwil Software\Avast4\ashWebSv.exe
d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
D:\Programs\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe
D:\Programs\Spybot - Search & Destroy\TeaTimer.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Programs\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM1b948b7d] Rundll32.exe "C:\WINDOWS\System32\uxwuxoqd.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programs\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
A voir également:

52 réponses

Précédent
Réponse 41 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
15 mars 2008 à 15:16
[03/15/2008, 15:15:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\steph.BIG\Bureau\VirtumundoBeGone.exe" )
[03/15/2008, 15:15:38] - Detected System Information:
[03/15/2008, 15:15:38] - Windows Version: 5.1.2600, Service Pack 1
[03/15/2008, 15:15:38] - Current Username: steph (Admin)
[03/15/2008, 15:15:38] - Windows is in NORMAL mode.
[03/15/2008, 15:15:38] - Searching for Browser Helper Objects:
[03/15/2008, 15:15:38] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/15/2008, 15:15:38] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/15/2008, 15:15:38] - BHO 3: {0F9AA7CF-33AE-4978-A7AF-0ED4BBD33B50} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 4: {1b3c9749-3e56-43d9-afa2-48e747dd9be9} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - Checking for HKLM\...\Winlogon\Notify\feyerfss
[03/15/2008, 15:15:38] - Key not found: HKLM\...\Winlogon\Notify\feyerfss, continuing.
[03/15/2008, 15:15:38] - BHO 5: {2928767e-9fcb-4329-94b9-4787472071f6} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 6: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[03/15/2008, 15:15:38] - BHO 7: {3EB3FA93-58FA-4AA7-BD68-C169E2991A59} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 8: {47A5F668-7433-47C7-9E91-C2A15C1645E9} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/15/2008, 15:15:38] - BHO 10: {673B4779-E040-43D9-BC87-DE14E23AD3C8} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2008, 15:15:38] - BHO 12: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 13: {7FA854CD-169F-4C61-A9CE-FCB1A0159092} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 14: {8865890D-A46D-4D26-901B-F85462335B94} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 15: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/15/2008, 15:15:38] - BHO 16: {9250CEE1-43D9-4860-AF53-A31B5455A100} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 17: {92daab50-014c-4866-8c1f-cf22cd42bb88} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 18: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[03/15/2008, 15:15:38] - BHO 19: {A7F5230B-BDAC-4360-88B0-CEB58AB37356} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 20: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/15/2008, 15:15:38] - BHO 21: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/15/2008, 15:15:38] - BHO 22: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/15/2008, 15:15:38] - BHO 23: {AF89E429-76FE-4DC0-9AC6-FD48265F2D85} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:38] - BHO 24: {B956FFE8-8B24-4384-96C6-0E713F3C28ED} ()
[03/15/2008, 15:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:38] - No filename found. Continuing.
[03/15/2008, 15:15:39] - BHO 25: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[03/15/2008, 15:15:39] - BHO 26: {ED120D76-BF31-412C-A99B-783C6676E128} ()
[03/15/2008, 15:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:39] - No filename found. Continuing.
[03/15/2008, 15:15:39] - BHO 27: {FF6E513E-86D2-44B5-8316-4C527B6A3696} ()
[03/15/2008, 15:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2008, 15:15:39] - Checking for HKLM\...\Winlogon\Notify\pmkhh
[03/15/2008, 15:15:39] - Key not found: HKLM\...\Winlogon\Notify\pmkhh, continuing.
[03/15/2008, 15:15:39] - Finished Searching Browser Helper Objects
[03/15/2008, 15:15:39] - Finishing up...
[03/15/2008, 15:15:39] - Nothing found! Exiting...
0
Réponse 42 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
15 mars 2008 à 15:17
VundoFix V7.0.1

Scan started at 13:08:37 12/03/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.1

Scan started at 15:10:45 15/03/2008

Listing files found while scanning....

No infected files were found.
0
Réponse 43 / 52
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 274
15 mars 2008 à 15:19
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».



Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Si cela ne fonctionne pas
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


+ 1 log Hijackthis

0
Réponse 44 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
15 mars 2008 à 15:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:47, on 15/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
d:\Programs\Alwil Software\Avast4\ashWebSv.exe
d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
D:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM1b948b7d] Rundll32.exe "C:\WINDOWS\System32\nrsvdbcn.dll",s
O4 - HKLM\..\Run: [18a7b8e1] rundll32.exe "C:\WINDOWS\System32\yllymypv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
15 mars 2008 à 15:32
ComboFix 08-03-14.4 - steph 2008-03-15 15:25:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.668 [GMT 1:00]
Endroit: C:\Documents and Settings\steph.BIG\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1b948b7d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apgcdift.ini
C:\WINDOWS\system32\asjndukh.dll
C:\WINDOWS\system32\cmqjfcuc.dll
C:\WINDOWS\system32\cpjustqk.dll
C:\WINDOWS\system32\cthaqawc.dll
C:\WINDOWS\system32\cucfjqmc.ini
C:\WINDOWS\system32\cwaqahtc.ini
C:\WINDOWS\system32\ddtcqbyf.dll
C:\WINDOWS\system32\dpispayx.dll
C:\WINDOWS\system32\ejhsqqjh.dll
C:\WINDOWS\system32\ekfibssu.dll
C:\WINDOWS\system32\feyerfss.dll
C:\WINDOWS\system32\fkyugmcx.dll
C:\WINDOWS\system32\gntvuprl.dll
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\jsnkbsuy.dll
C:\WINDOWS\system32\klrxgpsr.dll
C:\WINDOWS\system32\lbnlbjkq.dll
C:\WINDOWS\system32\lqtwivtu.dll
C:\WINDOWS\system32\lrpuvtng.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nhserjpo.dll
C:\WINDOWS\system32\nrsvdbcn.dll
C:\WINDOWS\system32\nwtltmyp.dll
C:\WINDOWS\system32\oatpnptx.dll
C:\WINDOWS\system32\ohydfgru.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pxjolnhf.dll
C:\WINDOWS\system32\pymtltwn.ini
C:\WINDOWS\system32\qdthbfar.dll
C:\WINDOWS\system32\rpkbphar.dll
C:\WINDOWS\system32\sqvphaio.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\tfidcgpa.dll
C:\WINDOWS\system32\uyljqfsy.dll
C:\WINDOWS\system32\vewseylv.dll
C:\WINDOWS\system32\vpymylly.ini
C:\WINDOWS\system32\wrrywubd.dll
C:\WINDOWS\system32\wxxlngrq.dll
C:\WINDOWS\system32\yllymypv.dll
C:\WINDOWS\system32\yydyiwqy.dll
E:\doc stephane\MANTEC~1
E:\doc stephane\MANTEC~1\??mantec\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_WINDOWS_LOG


((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
.

2008-03-14 15:00 . 2008-03-14 15:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 15:00 . 2008-03-14 15:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-13 12:42 . 2008-03-13 12:42 10,752 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-12 18:35 . 2008-03-14 09:12 1,346,435 ---hs---- C:\WINDOWS\system32\cfwkcplh.ini
2008-03-12 14:31 . 2008-03-12 14:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-12 13:38 . 2008-03-12 13:38 <REP> d-------- C:\WINDOWS\system32\bits
2008-03-12 13:37 . 2008-03-12 13:37 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-12 13:37 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-12 11:46 . 2008-03-12 11:46 <REP> d-------- C:\Documents and Settings\steph.BIG\Application Data\AdobeAUM
2008-03-12 11:32 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2008-03-12 11:32 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-03-12 11:32 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2008-03-12 11:32 . 2008-03-12 11:32 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-12 11:32 . 2005-11-07 03:51 7,878 --a------ C:\WINDOWS\system32\RT2500.CAT
2008-03-12 11:32 . 2005-11-09 04:41 7,870 --a------ C:\WINDOWS\system32\rt61.cat
2008-03-12 11:31 . 2008-03-12 11:32 <REP> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-03-12 11:31 . 2008-03-12 11:31 921 --a------ C:\WINDOWS\system32\WLAN.INI
2008-03-11 22:43 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-11 22:43 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-11 22:43 . 2004-07-01 23:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-03-11 22:43 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-11 22:43 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-11 19:44 . 2008-03-12 12:09 <REP> d-------- C:\Documents and Settings\steph.BIG\Application Data\Desktopicon
2008-03-11 19:43 . 2008-03-11 19:52 <REP> d-------- C:\Program Files\Unlocker
2008-03-11 17:58 . 2008-03-11 17:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-11 17:50 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 17:50 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 17:50 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 17:50 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 17:28 . 2008-03-11 17:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-11 17:25 . 2008-03-12 12:55 <REP> d-------- C:\SDFix
2008-03-11 17:18 . 2008-03-14 09:56 1,634 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 17:15 . 2008-03-12 18:29 2,130,523 ---hs---- C:\WINDOWS\system32\gvrlijsj.ini
2008-03-11 14:40 . 2008-03-11 14:39 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 14:40 . 2008-03-11 14:40 2,551 --a------ C:\WINDOWS\unins000.dat
2008-03-11 14:38 . 2008-03-11 14:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-11 14:00 . 2008-03-11 17:10 1,317,017 ---hs---- C:\WINDOWS\system32\dwfvcoim.ini
2008-03-11 12:20 . 2008-03-11 12:31 1,318,384 ---hs---- C:\WINDOWS\system32\saskjkqf.ini
2008-03-11 12:01 . 2008-03-11 18:24 <REP> d-------- C:\VundoFix Backups
2008-03-11 11:18 . 2008-03-11 12:10 1,318,264 ---hs---- C:\WINDOWS\system32\ktsekqrk.ini
2008-03-10 21:04 . 2008-03-11 11:08 1,317,863 ---hs---- C:\WINDOWS\system32\ntrhedgb.ini
2008-03-10 14:22 . 2008-03-14 10:27 <REP> d-------- C:\Program Files\Navilog1
2008-03-10 13:41 . 2008-03-10 14:06 414 ---hs---- C:\WINDOWS\system32\inidlwiq.ini
2008-03-07 19:13 . 2008-03-08 19:13 1,194 ---hs---- C:\WINDOWS\system32\tewvpoha.ini
2008-03-06 14:29 . 2008-03-07 19:13 954 ---hs---- C:\WINDOWS\system32\mvdshvqu.ini
2008-03-03 23:54 . 2008-03-03 23:52 2,832,980 --a------ C:\WINDOWS\system32\rofehone.xml
2008-03-03 15:01 . 2008-03-03 23:52 2,832,980 --a------ C:\WINDOWS\system32\sklybxuw.xml
2008-03-02 13:35 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\rrbayhzg.xml
2008-03-02 13:31 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\sysalnqh.xml
2008-03-02 13:22 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\dhkitotf.xml
2008-03-01 14:10 . 2008-03-01 14:02 2,832,997 --a------ C:\WINDOWS\system32\smupclaw.xml
2008-03-01 14:06 . 2008-03-01 14:02 2,832,997 --a------ C:\WINDOWS\system32\srvqqkps.xml
2008-03-01 11:41 . 2008-03-02 15:13 2,832,997 --a------ C:\WINDOWS\system32\oudwnagx.xml

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 10:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 10:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-11 21:46 --------- d-----w C:\Program Files\Google
2008-03-03 21:47 --------- d-----w C:\Program Files\Java
2008-02-20 15:31 --------- d-----w C:\Program Files\DC++
2008-02-11 16:51 --------- d-----w C:\Documents and Settings\carole.BIG\Application Data\AdobeUM
2008-02-08 11:45 --------- d-----w C:\Documents and Settings\steph.BIG\Application Data\AdobeUM
2008-01-28 17:29 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 19:26 --------- d-----w C:\Program Files\Fichiers communs\KAV Shared Files
2008-01-20 18:59 --------- d-----w C:\Program Files\PhotoStitch
2008-01-19 18:18 --------- d-----w C:\Documents and Settings\steph.BIG\Application Data\Azureus
2007-12-19 18:59 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2007-12-19 18:59 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2007-10-10 13:58 49,784 ----a-w C:\Documents and Settings\carole.BIG\Application Data\GDIPFONTCACHEV1.DAT
2007-04-04 15:32 24,827 ----a-w C:\WINDOWS\Fonts\mamae_que_nos_faz.zip
2007-02-15 18:27 10,783 ----a-w C:\WINDOWS\Fonts\pez.zip
2007-02-15 18:26 84,401 ----a-w C:\WINDOWS\Fonts\alpha_clouds.zip
2007-02-15 18:24 33,141 ----a-w C:\WINDOWS\Fonts\earwig_factory.zip
2007-02-15 18:24 24,987 ----a-w C:\WINDOWS\Fonts\circus.zip
2007-02-15 18:19 8,446 ----a-w C:\WINDOWS\Fonts\digital_kauno.zip
2007-02-15 18:18 26,754 ----a-w C:\WINDOWS\Fonts\quigley_wiggly.zip
2007-02-15 18:18 171,440 ----a-w C:\WINDOWS\Fonts\marketing_script.zip
2007-02-15 18:18 17,524 ----a-w C:\WINDOWS\Fonts\two_turtle_doves.zip
2007-02-15 18:18 11,653 ----a-w C:\WINDOWS\Fonts\bewitched.zip
2007-02-15 18:17 62,080 ----a-w C:\WINDOWS\Fonts\fontdinerdotcom.zip
2007-02-15 18:17 51,194 ----a-w C:\WINDOWS\Fonts\honey_script.zip
2007-02-15 18:17 28,409 ----a-w C:\WINDOWS\Fonts\black_jack.zip
2007-02-15 18:14 22,392 ----a-w C:\WINDOWS\Fonts\desigers.zip
2007-02-15 18:10 46,744 ----a-w C:\WINDOWS\Fonts\school_script_dashe.zip
2007-02-15 18:10 154,865 ----a-w C:\WINDOWS\Fonts\hand.zip
2007-02-15 18:08 41,566 ----a-w C:\WINDOWS\Fonts\vlaanderen.zip
2007-02-15 18:07 24,204 ----a-w C:\WINDOWS\Fonts\ragg_mopp.zip
2007-02-15 18:06 67,026 ----a-w C:\WINDOWS\Fonts\quentincaps.zip
2007-02-15 18:06 44,338 ----a-w C:\WINDOWS\Fonts\tonight.zip
2007-02-15 18:06 22,396 ----a-w C:\WINDOWS\Fonts\walrus_gumbo.zip
2007-02-15 18:01 31,807 ----a-w C:\WINDOWS\Fonts\anakronism.zip
2007-02-15 18:01 16,483 ----a-w C:\WINDOWS\Fonts\unicorn_nf.zip
2007-02-15 18:00 30,660 ----a-w C:\WINDOWS\Fonts\antsypants.zip
2007-02-15 17:34 9,826 ----a-w C:\WINDOWS\Fonts\scara_conquers_the_universe.zip
2007-02-15 17:34 34,307 ----a-w C:\WINDOWS\Fonts\budmo_jiggler.zip
2007-02-15 17:32 9,864 ----a-w C:\WINDOWS\Fonts\showtime.zip
2007-02-15 17:32 9,432 ----a-w C:\WINDOWS\Fonts\market_deco.zip
2007-02-15 17:32 17,692 ----a-w C:\WINDOWS\Fonts\air_conditioner.zip
2007-02-15 17:31 8,189 ----a-w C:\WINDOWS\Fonts\bellerose.zip
2006-09-01 16:57 19,632 ----a-w C:\Documents and Settings\steph.BIG\Application Data\GDIPFONTCACHEV1.DAT
2006-02-07 08:07 200,704 ----a-w C:\Program Files\ECB-CLEO.exe
2006-02-07 08:06 121 ----a-w C:\Program Files\Config.ini
2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-07 01:00 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Iomega Automatic Backup Pro"="D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" [2005-07-01 09:12 18968576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 22:46 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\Programs\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-07 01:00 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\System32\DRIVERS\IABFilt.sys [2005-07-01 09:15]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;C:\WINDOWS\System32\drivers\Envy24HF.sys [2004-10-15 14:17]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\System32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 09:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 15:30:06
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s???????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-15 15:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 14:31:18
.
2008-03-12 12:38:41 --- E O F ---
0
Réponse 46 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
15 mars 2008 à 15:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:08, on 15/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
D:\Programs\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
0
Réponse 47 / 52
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 274
16 mars 2008 à 13:04
Slt

Tu peux relancer ComboFix -- stp
Et un log Hijackthis

A++
0
Réponse 48 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
17 mars 2008 à 15:58
ComboFix 08-03-14.4 - steph 2008-03-17 15:56:14.3 - NTFSx86
Endroit: C:\Documents and Settings\steph.BIG\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.

2008-03-17 13:36 . 2008-03-17 13:36 <REP> d-------- C:\Program Files\microsoft frontpage
2008-03-13 12:42 . 2008-03-13 12:42 10,752 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-12 18:35 . 2008-03-14 09:12 1,346,435 ---hs---- C:\WINDOWS\system32\cfwkcplh.ini
2008-03-12 14:31 . 2008-03-12 14:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-12 13:38 . 2008-03-12 13:38 <REP> d-------- C:\WINDOWS\system32\bits
2008-03-12 13:37 . 2008-03-12 13:37 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-12 13:37 . 2005-02-25 04:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-12 11:46 . 2008-03-12 11:46 <REP> d-------- C:\Documents and Settings\steph.BIG\Application Data\AdobeAUM
2008-03-12 11:32 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2008-03-12 11:32 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-03-12 11:32 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2008-03-12 11:32 . 2008-03-12 11:32 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-12 11:32 . 2005-11-07 03:51 7,878 --a------ C:\WINDOWS\system32\RT2500.CAT
2008-03-12 11:32 . 2005-11-09 04:41 7,870 --a------ C:\WINDOWS\system32\rt61.cat
2008-03-12 11:31 . 2008-03-12 11:32 <REP> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-03-12 11:31 . 2008-03-12 11:31 921 --a------ C:\WINDOWS\system32\WLAN.INI
2008-03-11 22:43 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-11 22:43 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-11 22:43 . 2004-07-01 23:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-03-11 22:43 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-11 22:43 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-11 22:43 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-11 19:44 . 2008-03-12 12:09 <REP> d-------- C:\Documents and Settings\steph.BIG\Application Data\Desktopicon
2008-03-11 19:43 . 2008-03-15 19:21 <REP> d-------- C:\Program Files\Unlocker
2008-03-11 17:58 . 2008-03-11 17:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-11 17:50 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 17:50 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 17:50 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 17:50 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 17:28 . 2008-03-11 17:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-11 17:25 . 2008-03-12 12:55 <REP> d-------- C:\SDFix
2008-03-11 17:18 . 2008-03-14 09:56 1,634 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 17:15 . 2008-03-12 18:29 2,130,523 ---hs---- C:\WINDOWS\system32\gvrlijsj.ini
2008-03-11 14:40 . 2008-03-11 14:39 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 14:40 . 2008-03-11 14:40 2,551 --a------ C:\WINDOWS\unins000.dat
2008-03-11 14:38 . 2008-03-11 14:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-11 14:00 . 2008-03-11 17:10 1,317,017 ---hs---- C:\WINDOWS\system32\dwfvcoim.ini
2008-03-11 12:20 . 2008-03-11 12:31 1,318,384 ---hs---- C:\WINDOWS\system32\saskjkqf.ini
2008-03-11 12:01 . 2008-03-11 18:24 <REP> d-------- C:\VundoFix Backups
2008-03-11 11:18 . 2008-03-11 12:10 1,318,264 ---hs---- C:\WINDOWS\system32\ktsekqrk.ini
2008-03-10 21:04 . 2008-03-11 11:08 1,317,863 ---hs---- C:\WINDOWS\system32\ntrhedgb.ini
2008-03-10 14:22 . 2008-03-15 17:51 <REP> d-------- C:\Program Files\Navilog1
2008-03-10 13:41 . 2008-03-10 14:06 414 ---hs---- C:\WINDOWS\system32\inidlwiq.ini
2008-03-07 19:13 . 2008-03-08 19:13 1,194 ---hs---- C:\WINDOWS\system32\tewvpoha.ini
2008-03-06 14:29 . 2008-03-07 19:13 954 ---hs---- C:\WINDOWS\system32\mvdshvqu.ini
2008-03-03 23:54 . 2008-03-03 23:52 2,832,980 --a------ C:\WINDOWS\system32\rofehone.xml
2008-03-03 15:01 . 2008-03-03 23:52 2,832,980 --a------ C:\WINDOWS\system32\sklybxuw.xml
2008-03-02 13:35 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\rrbayhzg.xml
2008-03-02 13:31 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\sysalnqh.xml
2008-03-02 13:22 . 2008-03-01 14:26 2,832,997 --a------ C:\WINDOWS\system32\dhkitotf.xml
2008-03-01 14:10 . 2008-03-01 14:02 2,832,997 --a------ C:\WINDOWS\system32\smupclaw.xml
2008-03-01 14:06 . 2008-03-01 14:02 2,832,997 --a------ C:\WINDOWS\system32\srvqqkps.xml
2008-03-01 11:41 . 2008-03-02 15:13 2,832,997 --a------ C:\WINDOWS\system32\oudwnagx.xml

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 14:56 --------- d-----w C:\Documents and Settings\steph.BIG\Application Data\Azureus
2008-03-12 10:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 10:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-11 21:46 --------- d-----w C:\Program Files\Google
2008-03-03 21:47 --------- d-----w C:\Program Files\Java
2008-02-20 15:31 --------- d-----w C:\Program Files\DC++
2008-02-11 16:51 --------- d-----w C:\Documents and Settings\carole.BIG\Application Data\AdobeUM
2008-02-08 11:45 --------- d-----w C:\Documents and Settings\steph.BIG\Application Data\AdobeUM
2008-01-28 17:29 --------- d-----w C:\Program Files\MSN Messenger
2008-01-26 19:26 --------- d-----w C:\Program Files\Fichiers communs\KAV Shared Files
2008-01-20 18:59 --------- d-----w C:\Program Files\PhotoStitch
2007-12-19 18:59 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2007-12-19 18:59 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2007-10-10 13:58 49,784 ----a-w C:\Documents and Settings\carole.BIG\Application Data\GDIPFONTCACHEV1.DAT
2007-04-04 15:32 24,827 ----a-w C:\WINDOWS\Fonts\mamae_que_nos_faz.zip
2007-02-15 18:27 10,783 ----a-w C:\WINDOWS\Fonts\pez.zip
2007-02-15 18:26 84,401 ----a-w C:\WINDOWS\Fonts\alpha_clouds.zip
2007-02-15 18:24 33,141 ----a-w C:\WINDOWS\Fonts\earwig_factory.zip
2007-02-15 18:24 24,987 ----a-w C:\WINDOWS\Fonts\circus.zip
2007-02-15 18:19 8,446 ----a-w C:\WINDOWS\Fonts\digital_kauno.zip
2007-02-15 18:18 26,754 ----a-w C:\WINDOWS\Fonts\quigley_wiggly.zip
2007-02-15 18:18 171,440 ----a-w C:\WINDOWS\Fonts\marketing_script.zip
2007-02-15 18:18 17,524 ----a-w C:\WINDOWS\Fonts\two_turtle_doves.zip
2007-02-15 18:18 11,653 ----a-w C:\WINDOWS\Fonts\bewitched.zip
2007-02-15 18:17 62,080 ----a-w C:\WINDOWS\Fonts\fontdinerdotcom.zip
2007-02-15 18:17 51,194 ----a-w C:\WINDOWS\Fonts\honey_script.zip
2007-02-15 18:17 28,409 ----a-w C:\WINDOWS\Fonts\black_jack.zip
2007-02-15 18:14 22,392 ----a-w C:\WINDOWS\Fonts\desigers.zip
2007-02-15 18:10 46,744 ----a-w C:\WINDOWS\Fonts\school_script_dashe.zip
2007-02-15 18:10 154,865 ----a-w C:\WINDOWS\Fonts\hand.zip
2007-02-15 18:08 41,566 ----a-w C:\WINDOWS\Fonts\vlaanderen.zip
2007-02-15 18:07 24,204 ----a-w C:\WINDOWS\Fonts\ragg_mopp.zip
2007-02-15 18:06 67,026 ----a-w C:\WINDOWS\Fonts\quentincaps.zip
2007-02-15 18:06 44,338 ----a-w C:\WINDOWS\Fonts\tonight.zip
2007-02-15 18:06 22,396 ----a-w C:\WINDOWS\Fonts\walrus_gumbo.zip
2007-02-15 18:01 31,807 ----a-w C:\WINDOWS\Fonts\anakronism.zip
2007-02-15 18:01 16,483 ----a-w C:\WINDOWS\Fonts\unicorn_nf.zip
2007-02-15 18:00 30,660 ----a-w C:\WINDOWS\Fonts\antsypants.zip
2007-02-15 17:34 9,826 ----a-w C:\WINDOWS\Fonts\scara_conquers_the_universe.zip
2007-02-15 17:34 34,307 ----a-w C:\WINDOWS\Fonts\budmo_jiggler.zip
2007-02-15 17:32 9,864 ----a-w C:\WINDOWS\Fonts\showtime.zip
2007-02-15 17:32 9,432 ----a-w C:\WINDOWS\Fonts\market_deco.zip
2007-02-15 17:32 17,692 ----a-w C:\WINDOWS\Fonts\air_conditioner.zip
2007-02-15 17:31 8,189 ----a-w C:\WINDOWS\Fonts\bellerose.zip
2006-09-01 16:57 19,632 ----a-w C:\Documents and Settings\steph.BIG\Application Data\GDIPFONTCACHEV1.DAT
2006-02-07 08:07 200,704 ----a-w C:\Program Files\ECB-CLEO.exe
2006-02-07 08:06 121 ----a-w C:\Program Files\Config.ini
2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-15_15.31.11.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-15 14:29:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-17 13:54:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-15 14:29:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-03-17 13:54:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-03-15 14:29:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-17 13:54:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-17 13:54:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_490.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-07 01:00 13312]
"Iomega Automatic Backup Pro"="D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" [2005-07-01 09:12 18968576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 22:46 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\Programs\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-07 01:00 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-24 16:08:52 110592]
Assistant d'Acrobat.lnk - D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-05-06 12:49:46 487424]
Microsoft Office.lnk - D:\Programs\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\System32\DRIVERS\IABFilt.sys [2005-07-01 09:15]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;C:\WINDOWS\System32\drivers\Envy24HF.sys [2004-10-15 14:17]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\System32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]

*Newly Created Service* - GTNDIS5
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 09:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 15:57:09
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s???????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-17 15:57:30
ComboFix-quarantined-files.txt 2008-03-17 14:57:28
.
2008-03-12 12:38:41 --- E O F ---
0
Réponse 49 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
17 mars 2008 à 16:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:03, on 17/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
D:\Programs\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
d:\Programs\Alwil Software\Avast4\ashWebSv.exe
D:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "D:\Programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
0
Réponse 50 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
17 mars 2008 à 16:03
Salut

je ne sais pas si tu vois des choses suspectes dans les rapports
mais en tous cas mon pc fonctionne normalement.
0
Réponse 51 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
18 mars 2008 à 12:06
merci a tous le problème semble résolu
0
Réponse 52 / 52
stekap Messages postés 62 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 2 juillet 2009
18 mars 2008 à 21:53
ok

pas de rapport pour tool cleaner mais tout a été nettoyé par contre le firewall demande le host et le password??
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Whismeril -

3 réponses
logs freebox serveur
cocopops -
lemassykoi -

3 réponses
Excellent logiciel d'astrologie à télécharger
Boraze -
EtaTauri -

1 réponse
comment taper log10 sur une TI83plus.fr ?
FFFred -
FFFred -

2 réponses
Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses