TR/Crypt.FKM.Gen - Trojan
Forum Sécurité - Virus : TR/Crypt.FKM.Gen - Trojan
Bonjour à tous !!!
Je pense que vous avez dejà été sollicité par ce sujet ,mais voilà antivir me signale toujours ce trojan :TR/Crypt.FKM.Gen ,quoi que je fasse il est toujours présent quand j'ouvre mon poste de travail par exemple.
Quand je navigue avec mozilla j ai une fentre internet explorer qui s ouvre furtivement en haut a gauche de mon ecran ,et je perd le control de ma fenetre mozilla trés souvent.
1) Ma premiere question est :a quoi sert ce trojan ?
2) Ma seconde : comment s'en debarrasser?
JE VOUS REMERCIS D AVANCE !!!!!
Message édité par kikou1313 le 24-09-2008 à 15:13:15
voilà ce que dis hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:08, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: rightonadz browser enhancer - {794bc104-eedb-e30c-53b4-c056ec8162b3} - C:\WINDOWS\system32\dvjuocllkzdy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsk1550.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nsg1F.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [upaufpvdzoiibty] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dvjuocllkzdy.dll" EntryPoint
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/t [...] d726a02c47
--
End of file - 6837 bytes
Bonjour,
A quoi sert-il ? A te faire chier tout simplement en te balançant de la pub.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Merci DARKANGEL !!!!
J'ai démaré en mode sans echec et j ai fais le scan avec MBAM ,j ai suprimer les sélectionés...Mais j ai toujours ce trojan ...
Voici le rapport de mdam :
Malwarebytes' Anti-Malware 1.28
Database version: 1201
Windows 5.1.2600 Service Pack 2
24/09/2008 18:12:51
mbam-log-2008-09-24 (18-12-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 87083
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b4094603-dda9-4caf-9b13-0ad1034c9c53} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48dc6ffb-64d7-42e8-949d-8ef2641eb73a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ProtectionComplete (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart(1) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upaufpvdzoiibty (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsk1550.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0026936.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027361.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027399.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027407.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027408.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027409.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027410.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027645.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027646.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP163\A0028334.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030982.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030983.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030984.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvjuocllkzdy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nss8C.dll (Adware.BHO) -> Quarantined and deleted successfully.
Reposte un rapport Hijackthis.
Répondre à Angeldark
MERCI DARK !!
Voila le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:48, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nstC.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/t [...] d726a02c47
--
End of file - 5790 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Merci DARK !!!!
voici le rapport :
ComboFix 08-09-24.07 - Propri‚taire 2008-09-25 1:21:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\Uninstall.lnk
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-19 03:30 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
2008-09-04 14:05 . 2008-09-04 14:05 350,208 --a------ C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 23:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
2008-09-04 14:05 350208 --a------ C:\WINDOWS\system32\nstC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
"Debugger"=ntsd -d
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
MSConfigStartUp-ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-Autoconfigurateur WiFi Neuf - C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 01:25:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-25 1:28:36 - La machine a redémarré [Propri‚taire]
ComboFix-quarantined-files.txt 2008-09-24 23:28:33
Avant-CF: 104ÿ567ÿ533ÿ568 octets libres
Après-CF: 104,502,018,048 octets libres
215 --- E O F --- 2008-09-20 17:10:46
Le probleme a semble t il été réglé par combo fix !!!
GRAND MERCI à TOI DARKANGEL !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ce n'est pas terminé.
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Re... DARK !!!
En effet ce n était pas terminé ,aprés avoir fais glissé le fichier comme ci dessus ,voici le rapport de combo :
ComboFix 08-09-26.06 - Propri‚taire 2008-09-27 17:00:50.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.283 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\nstC.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propri‚taire\Application Data\urlredir.cfg
C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-19 03:07 . 2008-09-27 00:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 10:02 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-09-16 11:53 --------- d-----w C:\Program Files\Java
2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
C:\WINDOWS\system32\adsldpv.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"vidc.dvsd"= pdvcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
--a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 17:02:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\syxceudk]
"ImagePath"="system32\drivers\monnvpxa.dat"
.
Heure de fin: 2008-09-27 17:03:15
ComboFix-quarantined-files.txt 2008-09-27 15:03:13
ComboFix2.txt 2008-09-27 14:50:23
ComboFix3.txt 2008-09-26 23:37:00
ComboFix4.txt 2008-09-24 23:28:37
Avant-CF: 104ÿ483ÿ024ÿ896 octets libres
Après-CF: 104,471,142,400 octets libres
178 --- E O F --- 2008-09-26 22:27:03
Voici le rapport hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:49, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/t [...] d726a02c47
--
End of file - 5200 bytes
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Il y a 302 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
