Analyse hijack car gros soucis
Forum Sécurité - Virus : Analyse hijack car gros soucis
Bonjour a tous,
Je vous fais part d'un gros souci qui me paralyse car ce PC est mon outil de travail et las je suis dans le pétrin car je n'y comprend rien!
Depuis quelque jours des fenêtres internet s'ouvre alors que n'ai rien demandé...J'ai eu virus ça c'est sûre, mais j'ai réussi a résoudre quelque probléme en installant kaspersky, ad aware et spy sweeper, mais il reste ses saleté de fenêtres.
Merci beaucoup de m'aider.
Voici l'analyse de hijack:
Logfile of HijackThis v1.99.1
Scan saved at 19:49:42, on 17/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MCROSO~1\winlogon.exe
C:\WINDOWS\System32\??ool32.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\Sm9jZWx5bmUgR0lMTE9U\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Chouky\Mes documents\Logiciels\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C55B2D49-B5DA-907F-A5FE-973BF00322C1} - C:\WINDOWS\System32\ffanvmsh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {F4761D48-98E9-A64B-88CC-D116B2370FF3} - C:\WINDOWS\System32\ffanvmsh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [ihost.exe] C:\taskmgrs.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Etaa] "C:\WINDOWS\System32\MCROSO~1\winlogon.exe" -vt mt
O4 - HKCU\..\Run: [Voroca] C:\WINDOWS\System32\??ool32.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/119dc7 [...] 601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1401889845
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\h4l20e3oeh.dll
O20 - Winlogon Notify: winrxp32 - winrxp32.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9jZWx5bmUgR0lMTE9U\command.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Salut,
Tu as une infection de type Look2Me (ligne 020)
1/Télécharge L2Mfix
http://www.atribune.org/downloads/l2mfix.exe ou
Mets-le sur ton bureau.
Lance l’application
Clic sur Accept, ensuite sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Puis option 1, Entrée
Poste le 1er rapport.
3/ Ouvre le dossier l2mfix puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche
L’ordinateur va redemarrer
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, ouvre le dossier l2mfix et lance un second.bat
4/ Poste un rapport Hijackthis
Telecharge le
Dezippe le sur ton bureau
Lance l' application
Choisi Do a system scan and save a logfile
Colle le rapport ici
voici les rapport ke tu souhaites:
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 336 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 412 'winlogon.exe'
Killing PID 412 'winlogon.exe'
Killing PID 1424 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1188 'explorer.exe'
Killing PID 1188 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 852 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\cbadmin.dll
Successfully Deleted: C:\WINDOWS\system32\cbadmin.dll
Deleting: C:\WINDOWS\system32\cdedui.dll
Successfully Deleted: C:\WINDOWS\system32\cdedui.dll
Deleting: C:\WINDOWS\system32\en68l1ju1.dll
Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll
Deleting: C:\WINDOWS\system32\g604lgdq160e.dll
Successfully Deleted: C:\WINDOWS\system32\g604lgdq160e.dll
Deleting: C:\WINDOWS\system32\h4l20e3oeh.dll
Successfully Deleted: C:\WINDOWS\system32\h4l20e3oeh.dll
Deleting: C:\WINDOWS\system32\hr0s05d7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr0s05d7e.dll
Deleting: C:\WINDOWS\system32\hr2s05f7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2s05f7e.dll
Deleting: C:\WINDOWS\system32\hrns0557e.dll
Successfully Deleted: C:\WINDOWS\system32\hrns0557e.dll
Deleting: C:\WINDOWS\system32\i0nmla511d.dll
Successfully Deleted: C:\WINDOWS\system32\i0nmla511d.dll
Deleting: C:\WINDOWS\system32\ihxmontr.dll
Successfully Deleted: C:\WINDOWS\system32\ihxmontr.dll
Deleting: C:\WINDOWS\system32\j42q0ef5eh2.dll
Successfully Deleted: C:\WINDOWS\system32\j42q0ef5eh2.dll
Deleting: C:\WINDOWS\system32\kidblr.dll
Successfully Deleted: C:\WINDOWS\system32\kidblr.dll
Deleting: C:\WINDOWS\system32\kldpo.dll
Successfully Deleted: C:\WINDOWS\system32\kldpo.dll
Deleting: C:\WINDOWS\system32\lv0209doe.dll
Successfully Deleted: C:\WINDOWS\system32\lv0209doe.dll
Deleting: C:\WINDOWS\system32\lv2m09f1e.dll
Successfully Deleted: C:\WINDOWS\system32\lv2m09f1e.dll
Deleting: C:\WINDOWS\system32\lvr2099oe.dll
Successfully Deleted: C:\WINDOWS\system32\lvr2099oe.dll
Deleting: C:\WINDOWS\system32\MWSTDFMT.DLL
Successfully Deleted: C:\WINDOWS\system32\MWSTDFMT.DLL
Deleting: C:\WINDOWS\system32\p6n8lg5u16.dll
Successfully Deleted: C:\WINDOWS\system32\p6n8lg5u16.dll
Deleting: C:\WINDOWS\system32\s688lglu16q8.dll
Successfully Deleted: C:\WINDOWS\system32\s688lglu16q8.dll
Deleting: C:\WINDOWS\system32\sci.dll
Successfully Deleted: C:\WINDOWS\system32\sci.dll
Deleting: C:\WINDOWS\system32\uzildll.dll
Successfully Deleted: C:\WINDOWS\system32\uzildll.dll
Deleting: C:\WINDOWS\system32\vlr.dll
Successfully Deleted: C:\WINDOWS\system32\vlr.dll
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h4l20e3oeh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrxp32]
"Asynchronous"=dword:00000001
"DllName"="winrxp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cbadmin.dll
C:\WINDOWS\system32\cdedui.dll
C:\WINDOWS\system32\en68l1ju1.dll
C:\WINDOWS\system32\g604lgdq160e.dll
C:\WINDOWS\system32\h4l20e3oeh.dll
C:\WINDOWS\system32\hr0s05d7e.dll
C:\WINDOWS\system32\hr2s05f7e.dll
C:\WINDOWS\system32\hrns0557e.dll
C:\WINDOWS\system32\i0nmla511d.dll
C:\WINDOWS\system32\ihxmontr.dll
C:\WINDOWS\system32\j42q0ef5eh2.dll
C:\WINDOWS\system32\kidblr.dll
C:\WINDOWS\system32\kldpo.dll
C:\WINDOWS\system32\lv0209doe.dll
C:\WINDOWS\system32\lv2m09f1e.dll
C:\WINDOWS\system32\lvr2099oe.dll
C:\WINDOWS\system32\MWSTDFMT.DLL
C:\WINDOWS\system32\p6n8lg5u16.dll
C:\WINDOWS\system32\s688lglu16q8.dll
C:\WINDOWS\system32\sci.dll
C:\WINDOWS\system32\uzildll.dll
C:\WINDOWS\system32\vlr.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B7BE7366-672C-4983-B6A9-4B81BC8C2508}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{B7BE7366-672C-4983-B6A9-4B81BC8C2508}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7BE7366-672C-4983-B6A9-4B81BC8C2508}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7BE7366-672C-4983-B6A9-4B81BC8C2508}\InprocServer32]
@="C:\\WINDOWS\\system32\\ees.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}\InprocServer32]
@="C:\\WINDOWS\\system32\\MWSTDFMT.DLL"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B7BE7366-672C-4983-B6A9-4B81BC8C2508}"=-
"{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B7BE7366-672C-4983-B6A9-4B81BC8C2508}]
[-HKEY_CLASSES_ROOT\CLSID\{ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cbadmin.dll (164 bytes security) (deflated 4%)
adding: dlls/cdedui.dll (164 bytes security) (deflated 5%)
adding: dlls/en68l1ju1.dll (164 bytes security) (deflated 5%)
adding: dlls/g604lgdq160e.dll (164 bytes security) (deflated 5%)
adding: dlls/h4l20e3oeh.dll (164 bytes security) (deflated 6%)
adding: dlls/hr0s05d7e.dll (164 bytes security) (deflated 5%)
adding: dlls/hr2s05f7e.dll (164 bytes security) (deflated 5%)
adding: dlls/hrns0557e.dll (164 bytes security) (deflated 5%)
adding: dlls/i0nmla511d.dll (164 bytes security) (deflated 6%)
adding: dlls/ihxmontr.dll (164 bytes security) (deflated 4%)
adding: dlls/j42q0ef5eh2.dll (164 bytes security) (deflated 5%)
adding: dlls/kidblr.dll (164 bytes security) (deflated 4%)
adding: dlls/kldpo.dll (164 bytes security) (deflated 5%)
adding: dlls/lv0209doe.dll (164 bytes security) (deflated 4%)
adding: dlls/lv2m09f1e.dll (164 bytes security) (deflated 6%)
adding: dlls/lvr2099oe.dll (164 bytes security) (deflated 4%)
adding: dlls/MWSTDFMT.DLL (164 bytes security) (deflated 6%)
adding: dlls/p6n8lg5u16.dll (164 bytes security) (deflated 5%)
adding: dlls/s688lglu16q8.dll (164 bytes security) (deflated 4%)
adding: dlls/sci.dll (164 bytes security) (deflated 4%)
adding: dlls/uzildll.dll (164 bytes security) (deflated 4%)
adding: dlls/vlr.dll (164 bytes security) (deflated 4%)
adding: backregs/B7BE7366-672C-4983-B6A9-4B81BC8C2508.reg (212 bytes security) (deflated 69%)
adding: backregs/ECC39F2A-4BF6-40CA-8E60-F9473C6B0A54.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)
et le rapport hikjack:
Logfile of HijackThis v1.99.1
Scan saved at 21:08:26, on 17/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MCROSO~1\winlogon.exe
C:\WINDOWS\System32\??ool32.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Sm9jZWx5bmUgR0lMTE9U\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Chouky\Mes documents\Logiciels\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C55B2D49-B5DA-907F-A5FE-973BF00322C1} - C:\WINDOWS\System32\ffanvmsh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {F4761D48-98E9-A64B-88CC-D116B2370FF3} - C:\WINDOWS\System32\ffanvmsh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [ihost.exe] C:\taskmgrs.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Etaa] "C:\WINDOWS\System32\MCROSO~1\winlogon.exe" -vt mt
O4 - HKCU\..\Run: [Voroca] C:\WINDOWS\System32\??ool32.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/119dc7 [...] 601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1401889845
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\h4l20e3oeh.dll (file missing)
O20 - Winlogon Notify: winrxp32 - winrxp32.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9jZWx5bmUgR0lMTE9U\command.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
ca te va ou tu as besoin d'autre chose?
Il y a 1836 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
