Tom's Guide > Forum > Sécurité - Virus > Re : Rapport hijackthis

Re : Rapport hijackthis

Forum Sécurité - Virus : Re : Rapport hijackthis

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Contenu relatif

Voir tous les sujets correspondants à "rapport hijackthis"

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

Suite à mon message du 8 mai et à la réponse de Chercheur PCA ds la foulée, voici la suite des évènements concernant mon problème.

Salut Chercheur PCA. Merci pour tes conseils. Ci dessous les résultats des différents scan.

Avant de suivre ta procédure, j'avais réaliséun scan Ewido en mode sans echec qui avait donné le résultat suivant :

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 13:21:45, 09/05/2006
+ Somme de contrôle: 6C707AB2

+ Résultats du scan:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Nettoyer et sauvegarder
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Nettoyer et sauvegarder
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Cookies\aurélie@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Aurélie\Local Settings\Temp\Cookies\aurélie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\WINDOWS\system32\kdiipjud.exe -> Trojan.Small : Nettoyer et sauvegarder
C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Nettoyer et sauvegarder
C:\WINDOWS\system32\vtpqtqju.lsh -> Trojan.Agent.qe : Nettoyer et sauvegarder
C:\WINDOWS\system32\winapi32.dll -> Downloader.VB.aan : Nettoyer et sauvegarder
C:\WINDOWS\system32\winsrv32.exe -> Downloader.Adload.aq : Nettoyer et sauvegarder
C:\WINDOWS\system32\xexbkbxo.exe -> Downloader.VB.aan : Nettoyer et sauvegarder

::Fin du rapport

Enfin, les résultats en suivant tes conseils :
Ewido :
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 19:34:18, 09/05/2006
+ Somme de contrôle: 1B651133

+ Résultats du scan:

HKU\S-1-5-21-82052158-1934915794-2511501161-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Nettoyer et sauvegarder

::Fin du rapport

Spyware Terminator :

Spyware Terminator Version: 1.4.00.637
Start time: 09/05/2006 19:36:08
System: Windows XP SP2
User: Limited

Processes Scan
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\WINDOWS\SYSTEM32\NAVLOGON.DLL [Empty],
C:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL [Adobe Systems, Inc.],
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com]
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com]

Startup Scan

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"TOSCDSPD" = "C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE" [ TOSHIBA ]
"MoneyAgent" = "C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYEXPR.EXE" [ Microsoft Corp. ]
"ctfmon.exe" = "C:\WINDOWS\SYSTEM32\CTFMON.EXE" [ Microsoft Corporation ]
"MsnMsgr" = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" [ Microsoft Corporation ]
"LogitechSoftwareUpdate" = "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" [ Logitech Inc. ]
"LDM" = "C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE" [ Logitech ]
"eMuleAutoStart" = "C:\PROGRAM FILES\EMULE\EMULE.EXE" [ http://www.emule-project.net ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ATIPTA" = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [ ATI Technologies, Inc. ]
"PadTouch" = "C:\PROGRAM FILES\TOSHIBA\PADTOUCH\PADEXE.EXE" [ TOSHIBA ]
"AGRSMMSG" = "C:\WINDOWS\AGRSMMSG.EXE" [ Agere Systems ]
"CeEPOWER" = "C:\PROGRAM FILES\TOSHIBA\POWER MANAGEMENT\CEPMTRAY.EXE" [ COMPAL ELECTRONIC INC. ]
"CeEKEY" = "C:\PROGRAM FILES\TOSHIBA\E-KEY\CEEKEY.EXE" [ COMPAL ELECTRONIC INC. ]
"EzButton" = "C:\PROGRAM FILES\EZBUTTON\EZBUTTON.EXE" [ Dritek System Inc. ]
"TPNF" = "C:\PROGRAM FILES\TOSHIBA\TOUCHPAD\TPTRAY.EXE" [ COMPAL ELECTRONIC INC. ]
"SmoothView" = "C:\PROGRAM FILES\TOSHIBA\UTILITAIRE DE ZOOM TOSHIBA\SMOOTHVIEW.EXE" [ TOSHIBA Corporation ]
"vptray" = "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe" [ Symantec Corporation ]
"NeroFilterCheck" = "C:\WINDOWS\SYSTEM32\NEROCHECK.EXE" [ Ahead Software Gmbh ]
"SunJavaUpdateSched" = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE" [ Sun Microsystems, Inc. ]
"iTunesHelper" = "C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE" [ Apple Computer, Inc. ]
"QuickTime Task" = "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" [ Apple Computer, Inc. ]
"LVCOMSX" = "C:\WINDOWS\SYSTEM32\LVCOMSX.EXE" [ Logitech Inc. ]
"LogitechVideoRepair" = "C:\PROGRAM FILES\LOGITECH\VIDEO\ISSTART.EXE" [ Logitech Inc. ]
"LogitechVideoTray" = "C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE" [ Logitech Inc. ]
"Windows Defender" = "C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE" [ Microsoft Corporation ]
"Adware.Srv32" = "C:\WINDOWS\SYSTEM32\RUNSRV32.EXE" [ Empty ]
"Transponder" = "C:\WINDOWS\system32\susp.exe" [ file not found ]
"ZoomingHook" = "C:\WINDOWS\SYSTEM32\ZOOMINGHOOK.EXE" [ TOSHIBA ]
"NDSTray.exe" = "NDSTray.exe" [ file not found ]
"Microsoft Works Update Detection" = "C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE" [ Microsoft® Corporation ]
"Apoint" = "C:\PROGRAM FILES\APOINT2K\APOINT.EXE" [ Alps Electric Co., Ltd. ]
"SpywareTerminator" = "C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]

Toolbars Scan
&Google {2318C2B1-4965-11d4-9B18-009027A5CD4F} C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL [Google Inc.]

BHO Scan
{00000000-59D4-4008-9058-080011001200} [file not found]
{00000000-C1EC-0345-6EC2-4D0300000000} [file not found]
{00000000-F09C-02B4-6EC2-AD0300000000} [file not found]
Adobe PDF Reader Link Helper {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL [Adobe Systems Incorporated]
{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} [file not found]
{549B5CA7-4A86-11D7-A4DF-000874180BB3} [file not found]
winapi32.MyBHO {62E2E094-F989-48C6-B947-6E79DA2294F9} C:\WINDOWS\system32\winapi32.dll [file not found]
SSVHelper Class {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL [Sun Microsystems, Inc.]
{77701e16-9bfe-4b63-a5b4-7bd156758a37} [file not found]
{7b55bb05-0b4d-44fd-81a6-b136188f5deb} [file not found]
{8333c319-0669-4893-a418-f56d9249fca6} [file not found]
{9c691a33-7dda-4c2f-be4c-c176083f35cf} [file not found]
Google Toolbar Helper {AA58ED58-01DD-4d91-8333-CF10577473F7} C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL [Google Inc.]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [file not found]
{ffd2825e-0785-40c5-9a41-518f53a8261f} [file not found]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [file not found]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [file not found]
{FB5F1910-F110-11d2-BB9E-00C04F795683} [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extension Affichage Panorama du Panneau de configuration (deskpan.dll) [file not found]
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensions de l'environnement de compression de fichiers () [file not found]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu contextuel de cryptage () [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Extension icône HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barre des tâches et menu Démarrer () [file not found]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Autoplay for SlideShow (C:\WINDOWS\SYSTEM32\SHIMGVW.DLL) [Microsoft Corporation]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Comptes d'utilisateurs () [file not found]
{8FF43EAA-2BB1-4A53-8E18-D9221E56E593} = CePMTab Property Sheet (C:\WINDOWS\SYSTEM32\CEPMTAB.DLL) [COMPAL ELECTRONIC INC.]
{9ED66769-A198-41FE-8615-601691C68846} = TouchPad Property Sheet (C:\WINDOWS\SYSTEM32\TPPROP.DLL) [COMPAL ELECTRONIC INC.]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL) [Microsoft Corporation]
{59850401-6664-101B-B21C-00AA004BA90B} = Microsoft Office Binder Unbind (C:\Program Files\Microsoft Office\Office\1036\UNBIND.DLL) [Microsoft Corporation]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = LDVP Shell Extensions (C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SSC\VPSHELL2.DLL) [Symantec Corporation]
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{cc86590a-b60a-48e6-996b-41d25ed39a1e} = Portable Media Devices Menu (C:\WINDOWS\SYSTEM32\AUDIODEV.DLL) [Microsoft Corporation]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes (C:\PROGRAM FILES\ITUNES\ITUNESMINIPLAYER.DLL) [Apple Computer, Inc.]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension (C:\PROGRAM FILES\WINRAR\RAREXT.DLL) [Empty]
{21569614-B795-46b1-85F4-E737A8DC09AD} = Shell Search Band (C:\WINDOWS\SYSTEM32\BROWSEUI.DLL) [Microsoft Corporation]
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} = My Logitech Pictures (C:\PROGRAM FILES\LOGITECH\VIDEO\NAMESPC2.DLL) [Logitech Inc.]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler (C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL) [Microsoft Corporation]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler (C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL) [Microsoft Corporation]

Winlogon Notify Scan
NavLogon = C:\WINDOWS\system32\NavLogon.dll (C:\WINDOWS\SYSTEM32\NAVLOGON.DLL) [Empty]

Services Scan
"AgereSoftModem" = C:\WINDOWS\SYSTEM32\DRIVERS\AGRSM.SYS [Agere Systems]
"ALCXSENS" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS [Sensaura]
"ALCXWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS [Realtek Semiconductor Corp.]
"ApfiltrService" = C:\WINDOWS\SYSTEM32\DRIVERS\APFILTR.SYS [Alps Electric Co., Ltd.]
"Ati HotKey Poller" = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE [Empty]
"ati2mtag" = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS [ATI Technologies Inc.]
"CeEPwrSvc" = C:\PROGRAM FILES\TOSHIBA\POWER MANAGEMENT\CEEPWRSVC.EXE [COMPAL ELECTRONIC INC.]
"CFSvcs" = C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE [TOSHIBA CORPORATION]
"DefWatch" = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [Symantec Corporation]
"DKbFltr" = C:\WINDOWS\SYSTEM32\DRIVERS\DKBFLTR.SYS [Dritek System Inc.]
"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"EMSCR" = C:\WINDOWS\SYSTEM32\DRIVERS\EMS7SK.SYS [ENE Technology Inc.]
"EPOWER" = C:\WINDOWS\SYSTEM32\DRIVERS\HKDRV.SYS [Compal Electronic Inc.]
"ESDCR" = C:\WINDOWS\SYSTEM32\DRIVERS\ESD7SK.SYS [ENE Technology Inc.]
"ESMCR" = C:\WINDOWS\SYSTEM32\DRIVERS\ESM7SK.SYS [ENE Technology Inc.]
"ewido security suite control" = C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE [ewido networks]
"GEARAspiWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS [GEAR Software Inc.]
"iPodService" = C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE [Apple Computer, Inc.]
"LVUSBSta" = C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSTA.SYS [Logitech Inc.]
"NAVAP" = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys [Symantec Corporation]
"NAVAPEL" = C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\NAVAPEL.SYS [Symantec Corporation]
"NAVENG" = C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20060503.018\NAVENG.SYS [Symantec Corporation]
"NAVEX15" = C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20060503.018\NAVEX15.SYS [Symantec Corporation]
"Netdevio" = C:\WINDOWS\SYSTEM32\DRIVERS\NETDEVIO.SYS [TOSHIBA Corporation.]
"Norton AntiVirus Server" = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [Symantec Corporation]
"PCAMPR5" = C:\WINDOWS\system32\PCAMPR5.SYS [file not found]
"PCANDIS5" = C:\WINDOWS\system32\PCANDIS5.SYS [file not found]
"phc700" = system32\DRIVERS\phc700.sys [file not found]
"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"QCMerced" = C:\WINDOWS\SYSTEM32\DRIVERS\LVCM.SYS [Empty]
"RTL8023" = C:\WINDOWS\SYSTEM32\DRIVERS\RTLNIC51.SYS [Realtek Semiconductor Corporation ]
"rtl8139" = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS [Realtek Semiconductor Corporation]
"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.]
"SMCIRDA" = C:\WINDOWS\SYSTEM32\DRIVERS\SMCIRDA.SYS [SMSC]
"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Crawler.com]
"SrvcEKIOMngr" = C:\WINDOWS\SYSTEM32\DRIVERS\EKIOMNGR.SYS [COMPAL ELECTRONIC INC.]
"SrvcEPECioctl" = C:\WINDOWS\SYSTEM32\DRIVERS\ECIOCTL.SYS [Empty]
"SrvcEPIOMngr" = C:\WINDOWS\SYSTEM32\DRIVERS\EPIOMNGR.SYS [COMPAL ELECTRONIC INC.]
"SrvcSSIOMngr" = C:\WINDOWS\SYSTEM32\DRIVERS\SSIOMNGR.SYS [COMPAL ELECTRONIC INC.]
"SrvcTPIOMngr" = C:\WINDOWS\SYSTEM32\DRIVERS\TPIOMNGR.SYS [COMPAL ELECTRONIC INC.]
"SymEvent" = C:\PROGRAM FILES\SYMANTEC\SYMEVENT.SYS [Symantec Corporation]
"SymWSC" = C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SECURITY CENTER\SYMWSC.EXE [Symantec Corporation]
"VTPQTQJU" = C:\WINDOWS\system32\vtpqtqju.lsh [file not found]
"w22n51" = C:\WINDOWS\SYSTEM32\DRIVERS\W22N51.SYS [Intel® Corporation]

Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]
text/xml = {807553E5-5146-11D5-A672-00B0D022E945} (C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL) [Microsoft Corporation]

Hosts Scan
LOCALHOST mapping = 1

IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or START_PAGE_URL="http://www.msn.com"
IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or MS_START_PAGE_URL="http://www.msn.com"

Et finalement Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 19:57:15, on 09/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aurélie\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{74AD8FAD-C99B-4E70-A954-B05F0D7FA9B1}: NameServer = 192.168.1.1,194.117.200.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Merci d'avance. A te lire.

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > Re : Rapport hijackthis

Aller à :

Aide |
Règles du forum

Il y a 1019 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Contenu relatif

Voir tous les contenus correspondants à "rapport hijackthis"

Page générée en 0,295 secondes

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler

Liens