Trojan-downloader.Win32.Agent variant
Dernière réponse : dans Sécurité
Bonsoir à tous,
comme pas mal de monde, après avoir lancé mon launcher de wow, j'ai recu un message m'indiquant que mon pc est infecté par le virus Trojan-downloader.Win32.Agent variant. J'ai fait de petites recherches sur info du net mais je vous avoue que j'aurais besoin d'un peu d'aide pour le détruire. A chaque fois un rapport de hijack this est demandé alors voila le mien:
Logfile of HijackThis v1.99.1
Scan saved at 19:47:16, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Damien\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: 802.11g Wireless USB Adapter Utility.lnk = C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E97057-F065-4DCD-AB36-2E51A02C1751}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{89922F14-C351-4277-964B-27FEB622B63D}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF776103-A5DC-4CA6-B53F-A1C035121E8A}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A72262-0021-4A59-B648-D0650FAC412B}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{D826F24A-D1EE-44A5-95D8-C90D21C29FE6}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Voila je reste a votre disposition.
Amicalement,
Saken
comme pas mal de monde, après avoir lancé mon launcher de wow, j'ai recu un message m'indiquant que mon pc est infecté par le virus Trojan-downloader.Win32.Agent variant. J'ai fait de petites recherches sur info du net mais je vous avoue que j'aurais besoin d'un peu d'aide pour le détruire. A chaque fois un rapport de hijack this est demandé alors voila le mien:
Logfile of HijackThis v1.99.1
Scan saved at 19:47:16, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Damien\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: 802.11g Wireless USB Adapter Utility.lnk = C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E97057-F065-4DCD-AB36-2E51A02C1751}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{89922F14-C351-4277-964B-27FEB622B63D}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF776103-A5DC-4CA6-B53F-A1C035121E8A}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A72262-0021-4A59-B648-D0650FAC412B}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{D826F24A-D1EE-44A5-95D8-C90D21C29FE6}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Voila je reste a votre disposition.
Amicalement,
Saken
Autres pages sur : trojan downloader win32 agent variant
Lassé par la pub ? Créez un compte
Bonjour
Tu as deux antivirus (Avast et Norton). Il en faut un seul, il y a risque de conflit.
Supprime en un.
Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.
Poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Tu as deux antivirus (Avast et Norton). Il en faut un seul, il y a risque de conflit.
Supprime en un.
Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.
Poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Bonjour à tous, j'ai moi aussi le même problème avec ce virus et en cherchant une solution sur le net je suis tombé sur ce forum. J'espère que vous pourrez m'aider à m'en débarrasser. Je vous laisse mon rapport hijackthis (réalisé après l'installation de fixwareout) ainsi que le rapport de fixwareout.Merci beaucoup.
Logfile of HijackThis v1.99.1
Scan saved at 21:09:38, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Fixwareout Last edited 6/20/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="cshlt.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.158" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{028E50E4-6F64-46B6-9801-D14F1B8BDC7F}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1CF63F46-AEBA-412A-B14C-F7EA33150434}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C648B468-F81F-4EC3-815A-DD7B294898A8}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1CF63F46-AEBA-412A-B14C-F7EA33150434}
"DhcpNameServer"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C648B468-F81F-4EC3-815A-DD7B294898A8}
"DhcpNameServer"="85.255.116.158,85.255.112.181" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BC06C6883983-2359-E084-0737-CBAF83BF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}CF477E3E6E07-814B-9E64-5345-35CCCA15{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0D04B80B570C-D36B-64E4-837C-A3734D8D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}133CB27C16D7-940A-C7F4-68CB-F15F9044{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9CE808DBAA46-5939-4044-6EAA-2D5E3657{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F21FBA56F720-6F49-C794-91C1-B1C9BCD7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}77D127BDEB32-2F68-D7B4-7918-CD6A0B79{" Deleted
C:\WINDOWS\System32\fkstv.exe Deleted
C:\WINDOWS\System32\hvuap.exe Deleted
C:\WINDOWS\System32\pbwpd.exe Deleted
....
»»»»» Misc files.
C:\WINDOWS\system32\{4409F51F-BC86-4F7C-A049-7D61C72BC331}.exe Deleted
C:\WINDOWS\system32\{51ACCC53-5435-46E9-B418-70E6E3E774FC}.exe Deleted
C:\WINDOWS\system32\{7563E5D2-AAE6-4404-9395-64AABD808EC9}.exe Deleted
C:\WINDOWS\system32\{7DCB9C1B-1C19-497C-94F6-027F65ABF12F}.exe Deleted
C:\WINDOWS\system32\{97B0A6DC-8197-4B7D-86F2-23BEDB721D77}.exe Deleted
C:\WINDOWS\system32\{D8D4373A-C738-4E46-B63D-C075B08B40D0}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\Temp\cshlt.ren 52821 20/06/2007
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Microsoft security adviser"="C:\\Program Files\\Microsoft Security Adviser\\mssadv.exe"
"msctrl.exe"="C:\\Program Files\\Microsoft Security Adviser\\msctrl.exe"
"msavsc.exe"="C:\\Program Files\\Microsoft Security Adviser\\msavsc.exe"
"msscan.exe"="C:\\Program Files\\Microsoft Security Adviser\\msscan.exe"
"msiemon.exe"="C:\\Program Files\\Microsoft Security Adviser\\msiemon.exe"
"msfw.exe"="C:\\Program Files\\Microsoft Security Adviser\\msfw.exe"
"mssadv.exe"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft security adviser"="C:\\Program Files\\Microsoft Security Adviser\\mssadv.exe"
"msctrl.exe"="C:\\Program Files\\Microsoft Security Adviser\\msctrl.exe"
"msavsc.exe"="C:\\Program Files\\Microsoft Security Adviser\\msavsc.exe"
"msscan.exe"="C:\\Program Files\\Microsoft Security Adviser\\msscan.exe"
"msiemon.exe"="C:\\Program Files\\Microsoft Security Adviser\\msiemon.exe"
"msfw.exe"="C:\\Program Files\\Microsoft Security Adviser\\msfw.exe"
"mssadv.exe"=""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Logfile of HijackThis v1.99.1
Scan saved at 21:09:38, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Fixwareout Last edited 6/20/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="cshlt.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.158" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{028E50E4-6F64-46B6-9801-D14F1B8BDC7F}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1CF63F46-AEBA-412A-B14C-F7EA33150434}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C648B468-F81F-4EC3-815A-DD7B294898A8}
"nameserver"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1CF63F46-AEBA-412A-B14C-F7EA33150434}
"DhcpNameServer"="85.255.116.158,85.255.112.181" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C648B468-F81F-4EC3-815A-DD7B294898A8}
"DhcpNameServer"="85.255.116.158,85.255.112.181" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BC06C6883983-2359-E084-0737-CBAF83BF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}CF477E3E6E07-814B-9E64-5345-35CCCA15{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0D04B80B570C-D36B-64E4-837C-A3734D8D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}133CB27C16D7-940A-C7F4-68CB-F15F9044{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9CE808DBAA46-5939-4044-6EAA-2D5E3657{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F21FBA56F720-6F49-C794-91C1-B1C9BCD7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}77D127BDEB32-2F68-D7B4-7918-CD6A0B79{" Deleted
C:\WINDOWS\System32\fkstv.exe Deleted
C:\WINDOWS\System32\hvuap.exe Deleted
C:\WINDOWS\System32\pbwpd.exe Deleted
....
»»»»» Misc files.
C:\WINDOWS\system32\{4409F51F-BC86-4F7C-A049-7D61C72BC331}.exe Deleted
C:\WINDOWS\system32\{51ACCC53-5435-46E9-B418-70E6E3E774FC}.exe Deleted
C:\WINDOWS\system32\{7563E5D2-AAE6-4404-9395-64AABD808EC9}.exe Deleted
C:\WINDOWS\system32\{7DCB9C1B-1C19-497C-94F6-027F65ABF12F}.exe Deleted
C:\WINDOWS\system32\{97B0A6DC-8197-4B7D-86F2-23BEDB721D77}.exe Deleted
C:\WINDOWS\system32\{D8D4373A-C738-4E46-B63D-C075B08B40D0}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\Temp\cshlt.ren 52821 20/06/2007
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Microsoft security adviser"="C:\\Program Files\\Microsoft Security Adviser\\mssadv.exe"
"msctrl.exe"="C:\\Program Files\\Microsoft Security Adviser\\msctrl.exe"
"msavsc.exe"="C:\\Program Files\\Microsoft Security Adviser\\msavsc.exe"
"msscan.exe"="C:\\Program Files\\Microsoft Security Adviser\\msscan.exe"
"msiemon.exe"="C:\\Program Files\\Microsoft Security Adviser\\msiemon.exe"
"msfw.exe"="C:\\Program Files\\Microsoft Security Adviser\\msfw.exe"
"mssadv.exe"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft security adviser"="C:\\Program Files\\Microsoft Security Adviser\\mssadv.exe"
"msctrl.exe"="C:\\Program Files\\Microsoft Security Adviser\\msctrl.exe"
"msavsc.exe"="C:\\Program Files\\Microsoft Security Adviser\\msavsc.exe"
"msscan.exe"="C:\\Program Files\\Microsoft Security Adviser\\msscan.exe"
"msiemon.exe"="C:\\Program Files\\Microsoft Security Adviser\\msiemon.exe"
"msfw.exe"="C:\\Program Files\\Microsoft Security Adviser\\msfw.exe"
"mssadv.exe"=""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Merci pour votre rapidité de réponse ![:)]( ":)")
Alors j'ai supprimé Norton et j'ai installé FixWareout; voila le rapport:
Fixwareout Last edited 6/20/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpcy.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.54" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{55E97057-F065-4DCD-AB36-2E51A02C1751}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89922F14-C351-4277-964B-27FEB622B63D}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BF776103-A5DC-4CA6-B53F-A1C035121E8A}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C3A72262-0021-4A59-B648-D0650FAC412B}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D826F24A-D1EE-44A5-95D8-C90D21C29FE6}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{55E97057-F065-4DCD-AB36-2E51A02C1751}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89922F14-C351-4277-964B-27FEB622B63D}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A6073ED5-79E2-4A03-8264-312750E82567}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C3A72262-0021-4A59-B648-D0650FAC412B}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\TEMP\kdpcy.ren 66463 05/08/2004
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AGRSMMSG"="AGRSMMSG.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"PRISMSVR.EXE"="\"C:\\Program Files\\NOBRAND\\802.11g Wireless USB Adapter\\PRISMSVR.EXE\" /APPLY"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
et celui de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:14:54, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: 802.11g Wireless USB Adapter Utility.lnk = C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Alors j'ai supprimé Norton et j'ai installé FixWareout; voila le rapport:
Fixwareout Last edited 6/20/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpcy.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.54" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{55E97057-F065-4DCD-AB36-2E51A02C1751}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89922F14-C351-4277-964B-27FEB622B63D}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BF776103-A5DC-4CA6-B53F-A1C035121E8A}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C3A72262-0021-4A59-B648-D0650FAC412B}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D826F24A-D1EE-44A5-95D8-C90D21C29FE6}
"nameserver"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{55E97057-F065-4DCD-AB36-2E51A02C1751}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{884334F2-FEE8-4DB9-8F30-3C7824E2B996}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{89922F14-C351-4277-964B-27FEB622B63D}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A6073ED5-79E2-4A03-8264-312750E82567}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C3A72262-0021-4A59-B648-D0650FAC412B}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\TEMP\kdpcy.ren 66463 05/08/2004
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AGRSMMSG"="AGRSMMSG.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"PRISMSVR.EXE"="\"C:\\Program Files\\NOBRAND\\802.11g Wireless USB Adapter\\PRISMSVR.EXE\" /APPLY"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
et celui de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:14:54, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: 802.11g Wireless USB Adapter Utility.lnk = C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\NB11GUTI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
sully20100
Il faut créer ton propre sujet, sinon il y a des risques de mélanges.
Re Saken
Hijackthis est propre.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
Il faut créer ton propre sujet, sinon il y a des risques de mélanges.
Re Saken
Hijackthis est propre.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
désolé :
Autre possibilité de scan
Panda
http://www.pandasoftware.com/activescan/fr/activescan_p...
Désactive temporairement Avast le temps du scan, car ils sont incompatibles.
ou
BitDefender
http://www.bitdefender.fr/scan8/ie.html
Panda
http://www.pandasoftware.com/activescan/fr/activescan_p...
Désactive temporairement Avast le temps du scan, car ils sont incompatibles.
ou
BitDefender
http://www.bitdefender.fr/scan8/ie.html
J'ai donc utilisé Panda
Voila le rapport:
Incident Statut Analyse
Virus:Trj/DNSChanger.VF Désinfecté C:\WINDOWS\Temp\KDPCY.REN
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@xiti[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@atdmt[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@bs.serving-sys[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@serving-sys[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@doubleclick[1].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@bluestreak[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.weborama.fr/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.perf.overture.com/]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\fixwareout\FindT\NIRCMD.EXE
Voila le rapport:
Incident Statut Analyse
Virus:Trj/DNSChanger.VF Désinfecté C:\WINDOWS\Temp\KDPCY.REN
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@xiti[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@atdmt[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@bs.serving-sys[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@serving-sys[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@doubleclick[1].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@bluestreak[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Damien\Cookies\damien@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.weborama.fr/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\21n2y732.default\COOKIES.TXT[.perf.overture.com/]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\fixwareout\FindT\NIRCMD.EXE
Que des bricoles.
Supprime Fixwareout.
Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Lance le nettoyage.
As tu encore des dysfonctionnements ?
Supprime Fixwareout.
Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Lance le nettoyage.
As tu encore des dysfonctionnements ?
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumDesesperate trojan win32 agent ctfk
- ForumTrojan downloader win32 agent small
- ForumTrojan win32 agent ik
- ForumVirus trojan downloader win32 agent uj
- ForumVirus win32 agent lap
- ForumVirus trojan win32 agent fbx
- ForumAide variante win32 agent cheval de troie
- ForumTrojan downloader win32 agent dfhk
- ForumTrojan win32 agent fbx
- ForumTrojan win32 winfixer et win32 agent zaf
- Voir plus
