fenetre de pub recalcitrante
Forum Sécurité - Virus : fenetre de pub recalcitrante
bonjour a tous .
voila mon probleme , j ai des fenetre de pub qui n arrete pas de s ouvrir sur internet explorer alors que j utilise firefox je peut en fermer certainne mais il y en a d autre qui son tres recalcitrante je pense que j ai du choper un trojan car sa me fait cela depuis que j ai telecharger un crack (je sais c pas bien vous devait vous dire c bien fait pour lui et bien vous avez reson on ne mis reprendra plus a telecharger des m**** pareil ) je vous poste un rapprt hijack en esperant trouver de l aide
merci d avance .
Logfile of HijackThis v1.99.1
Scan saved at 15:11:45, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Documents and Settings\julien\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ylbehjhw.dll",realset
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?064def5361674912a15a95d4133533de
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?064def5361674912a15a95d4133533de
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
voici le rapport vundo
VundoFix V6.4.1
Checking Java version...
Scan started at 02:26:53 02/06/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\fccdabc.dll
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\whjhebly.ini
C:\WINDOWS\system32\ylbehjhw.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccdabc.dll
C:\WINDOWS\system32\fccdabc.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\qstwa.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\whjhebly.ini
C:\WINDOWS\system32\whjhebly.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ylbehjhw.dll
C:\WINDOWS\system32\ylbehjhw.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fccdabc.dll
C:\WINDOWS\system32\fccdabc.dll Has been deleted!
Performing Repairs to the registry.
Done!
et le rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 02:40:09, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\julien\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35B26435-24C4-4724-B1F0-A8D09BFC029C} - C:\WINDOWS\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\yjdtujmn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A00ED310-6EE3-4764-883D-F0B833AEC645} - C:\WINDOWS\system32\fccdabc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\fdhnfmha.dll (file missing)
O2 - BHO: (no name) - {F46E8938-E4AA-4CFD-B319-186FDE37DA75} - C:\WINDOWS\system32\awtsq.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?064def5361674912a15a95d4133533de
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?064def5361674912a15a95d4133533de
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
en esperant qu il y est que de bonne nouvelle car pour moi tous c rapport c du chinois merci d avance Angeldark
Re,
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
bonjour voila le rapport de combofix
"julien" - 2007-06-02 16:28:25 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\julien\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ikbwetjd.dll
C:\WINDOWS\system32\yjdtujmn.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))
2007-06-02 14:01 <REP> d-------- C:\DOCUME~1\ANGELI~1\APPLIC~1\Logitech
2007-06-02 02:36 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\Logitech
2007-06-02 02:26 <REP> d-------- C:\VundoFix Backups
2007-06-01 17:08 71,758 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-06-01 17:08 55,042 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-06-01 17:08 38,146 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-06-01 17:08 37,888 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-06-01 17:08 24,766 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-06-01 17:08 15,008 --a------ C:\WINDOWS\system32\drivers\LUsbKbd.sys
2007-05-31 18:40 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-31 18:40 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-05-31 18:40 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-05-31 18:40 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-05-31 18:40 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-05-31 18:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-05-31 18:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-05-31 18:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-05-31 18:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-05-29 22:04 <REP> d-------- C:\DOCUME~1\ANGELI~1\APPLIC~1\Ahead
2007-05-29 19:59 <REP> d-------- C:\Program Files\Alice
2007-05-22 01:40 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\Nero
2007-05-21 23:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-05-21 23:20 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-05-21 23:18 <REP> d-------- C:\Program Files\Hewlett-Packard
2007-05-21 23:17 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-05-21 23:15 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-05-21 23:14 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-05-21 23:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-05-21 23:14 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-05-21 23:14 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-05-21 23:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-21 23:14 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-05-21 23:14 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-05-21 23:12 <REP> d-------- C:\Program Files\HP
2007-05-21 23:11 69,624 --a------ C:\WINDOWS\hpoins05.dat
2007-05-21 23:11 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-05-20 23:59 <REP> d-------- C:\Program Files\SpeedFan
2007-05-12 12:07 <REP> d-------- C:\DOCUME~1\ANGELI~1\Contacts
2007-05-12 01:03 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-05-12 01:02 <REP> d-------- C:\3ccc647fcc78e8927c6814d208
2007-05-12 01:01 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-05-12 01:01 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-05-12 01:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-05-12 01:01 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\AdobeUM
2007-05-12 01:01 <REP> d-------- C:\DOCUME~1\ANGELI~1\APPLIC~1\Real
2007-05-12 01:00 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
2007-05-12 01:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-12 00:58 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-05-12 00:40 3,407,872 --a------ C:\Documents and Settings\julien\ntuser.dat
2007-05-12 00:40 3,407,872 --a------ C:\DOCUME~1\julien\ntuser.dat
2007-05-11 23:11 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-05-11 22:57 107,132 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-05-11 21:58 <REP> d-------- C:\Documents and Settings\julien\Contacts
2007-05-11 21:58 <REP> d-------- C:\DOCUME~1\julien\Contacts
2007-05-11 21:55 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-05-11 21:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-05-08 13:59 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
2007-05-08 13:59 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2007-05-08 13:59 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2007-05-08 13:59 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-08 13:55 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-05-08 13:54 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-05-08 13:48 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-07 03:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-07 02:31 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-07 02:29 <REP> d---s---- C:\Documents and Settings\julien\UserData
2007-05-07 02:29 <REP> d---s---- C:\DOCUME~1\julien\UserData
2007-05-07 01:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-07 00:13 513,584 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-05-07 00:13 4,770 -ra------ C:\WINDOWS\system32\Repository.reg
2007-05-07 00:13 38,960 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-07 00:13 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2007-05-07 00:13 293,808 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-05-07 00:13 263,728 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-05-07 00:13 210,480 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-05-07 00:13 116,272 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-05-07 00:09 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-05-07 00:08 <REP> d-------- C:\Program Files\Logitech
2007-05-07 00:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-04 20:48 <REP> d-------- C:\Program Files\RocketDock
2007-05-04 18:41 <REP> d-------- C:\Program Files\Real
2007-05-04 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-05-04 18:40 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\Real
2007-05-04 15:47 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\Ahead
2007-05-04 15:46 <REP> d-------- C:\Program Files\Nero
2007-05-04 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-05-04 15:44 <REP> d-------- C:\Program Files\Yahoo!
2007-05-04 15:19 <REP> d-------- C:\Program Files\iTunes
2007-05-04 15:19 <REP> d-------- C:\Program Files\iPod
2007-05-04 15:19 <REP> d-------- C:\DOCUME~1\julien\APPLIC~1\Apple Computer
2007-05-04 15:18 <REP> d-------- C:\Program Files\Apple Software Update
2007-05-04 15:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-04 14:30 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-04 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-04 14:23 3,659 --a------ C:\WINDOWS\mozver.dat
2007-05-04 14:18 <REP> d-------- C:\WINDOWS\RegisteredPackages
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-01 15:08:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-21 21:17:01 68,900 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-21 21:17:01 501,128 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-11 23:01:55 -------- d-----w C:\Program Files\MSN Messenger
2007-05-11 22:58:00 -------- d-----w C:\Program Files\Messenger
2007-05-11 22:43:37 -------- d-----w C:\Program Files\Windows NT
2007-05-01 17:37:07 -------- d-----w C:\DOCUME~1\julien\APPLIC~1\Talkback
2007-05-01 17:36:53 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-01 16:32:29 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-05-01 16:32:21 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-05-01 15:09:43 -------- d-----w C:\Program Files\Alwil Software
2007-05-01 14:58:41 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-05-01 14:48:43 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-01 14:48:36 0 --sha-r C:\MSDOS.SYS
2007-05-01 14:48:36 0 --sha-r C:\IO.SYS
2007-05-01 14:48:36 0 ----a-w C:\CONFIG.SYS
2007-05-01 14:48:36 0 ----a-w C:\AUTOEXEC.BAT
2007-05-01 14:47:31 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-01 14:47:28 -------- d-----w C:\Program Files\Services en ligne
2007-05-01 14:45:13 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-05-01 14:44:42 -------- d-----w C:\Program Files\Movie Maker
2007-05-01 14:43:20 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-01 14:42:23 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{35B26435-24C4-4724-B1F0-A8D09BFC029C}=C:\WINDOWS\system32\awtsq.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\fdhnfmha.dll []
{F46E8938-E4AA-4CFD-B319-186FDE37DA75}=C:\WINDOWS\system32\awtsq.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"WMC_AutoUpdate"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-11 23:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-05-27 16:53:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 00:58:00 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2007-05-29 21:29:27 C:\WINDOWS\tasks\WebReg psc 2350 series.job
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 16:30:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-02 16:30:56
C:\ComboFix-quarantined-files.txt ... 2007-06-02 16:30
--- E O F ---
et encore merci pour ton aide !
re, il y avait ça aussi je ne sais pas si il te le fallait donc je le post aussi sa se trouver dans comboffix-quarantine-files.txt
Code :
|
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le nouveau rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 18:44:33, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\julien\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35B26435-24C4-4724-B1F0-A8D09BFC029C} - C:\WINDOWS\system32\awtsq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\fdhnfmha.dll (file missing)
O2 - BHO: (no name) - {F46E8938-E4AA-4CFD-B319-186FDE37DA75} - C:\WINDOWS\system32\awtsq.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?064def5361674912a15a95d4133533de
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?064def5361674912a15a95d4133533de
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {35B26435-24C4-4724-B1F0-A8D09BFC029C} - C:\WINDOWS\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\fdhnfmha.dll (file missing)
O2 - BHO: (no name) - {F46E8938-E4AA-4CFD-B319-186FDE37DA75} - C:\WINDOWS\system32\awtsq.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Répondre à Angeldark
j ai fait se que tu ma demander voici un nouveau rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 19:47:43, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\julien\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?064def5361674912a15a95d4133533de
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?064def5361674912a15a95d4133533de
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Re,
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
Il y a 366 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
