Fenêtres publicitaires / log HijackThis
Forum Sécurité - Virus : Fenêtres publicitaires / log HijackThis
Bonsoir,
Voilà deux jours que j'essaie de m'en sortir toute seule...mais je n'y arrive pas. J'ai fait plusieurs scans avec différents anti-virus/ antispy mais rien ne marche...toujours ces fenêtres qui s'ouvrent sans arrêt.
Alors je fais appel à vous en postant le log HijackThis pour savoir ce qui cloche. J'ai à peu près compris le système de HijackThis, mais je ne sais pas ce qui est bon et ce qui est mauvais sur mon ordi. Alors Help et MERCI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:34, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\IFACE.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PAVJOBS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.noos.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Noos
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0434606F-EE86-471A-AB80-D5DCB2267693} - C:\WINDOWS\system32\iifgFYon.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {289029B9-1DA1-4475-83BA-4BDA90636275} - C:\WINDOWS\system32\efcCtuss.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [winXPlanetBG] "C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe"
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {0A918EFC-E412-4AF0-90E5-25DE1F78766C} (CIC Browser Control 1.0) - http://www.zoomorama.com/cicbrowser.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstal [...] taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/control [...] loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - AppInit_DLLs: abnjwq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10772 bytes
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonjour et merci.
Voici le log MalwareByte's
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 3
29/12/2008 06:35:10
mbam-log-2008-12-29 (06-35-10).txt
Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 149786
Temps écoulé: 2 hour(s), 46 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 49
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wadblhnh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnhlbdaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1157\A0329416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1157\A0329426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330745.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTkiHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVPiig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfDwvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMGaAtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgfDuR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOFxuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRLbAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHawxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIAPIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLBrSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlLDtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmkLef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJBRjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJYqnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmkIXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsRjij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttusPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttuuUn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awturQiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuuRJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOGXQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOhFww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRhEUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAtQkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGawXNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGxXrSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGyaxUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGywwXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdcDWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgFXPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYonKE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvvUmL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPIAsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBrRJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUlihhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnMCtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccDvsqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDvULC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEUoPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlKCtS.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUooOeD.dll (Trojan.vundo) -> Quarantined and deleted successfully.
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Bonsoir,
Voici le rapport combofix
ComboFix 08-12-28.04 - CARMONA 2008-12-29 18:33:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.160 [GMT 1:00]
Lancé depuis: c:\documents and settings\CARMONA\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\CARMONA\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\CARMONA\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Propri‚taire\Local Settings\Temporary Internet Files\
c:\windows\pp.exe
c:\windows\system32\abnjwq.dll
c:\windows\system32\LlRqXyxx.ini
c:\windows\system32\LlRqXyxx.ini2
c:\windows\system32\noYFgfii.ini
c:\windows\system32\noYFgfii.ini2
c:\windows\system32\qlojwhtq.ini
c:\windows\system32\qnqjgisg.ini
c:\windows\system32\ssutCcfe.ini
c:\windows\system32\ssutCcfe.ini2
c:\windows\system32\vmhvlugt.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Malwarebytes
2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 20:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 20:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 17:06 . 2008-12-29 15:43 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-12-28 17:02 . 2008-12-29 07:19 227,268 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-28 17:02 . 2008-12-29 07:19 227,268 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-12-28 17:02 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-12-28 17:02 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-28 17:02 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-12-28 17:02 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-12-28 17:02 . 2008-12-29 18:49 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-28 17:02 . 2008-12-29 18:49 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-12-28 17:02 . 2008-12-28 17:02 261 --a------ c:\windows\system32\PavCPL.dat
2008-12-28 16:59 . 2008-12-28 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-12-28 16:59 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-12-28 16:59 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-12-28 16:59 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-12-28 16:57 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-28 16:56 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\windows\system32\PAV
2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Panda Security
2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-12-28 16:55 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-12-28 16:55 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-28 16:55 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-12-28 16:55 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-12-28 16:55 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-12-28 16:55 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-12-28 16:55 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-12-28 16:52 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-28 16:50 . 2008-12-28 16:50 <REP> d-------- c:\program files\Fichiers communs\Panda Security
2008-12-28 16:50 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-28 16:50 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-28 16:32 . 2008-12-28 16:32 143 --a------ c:\windows\AvDetected.ini
2008-12-28 11:20 . 2008-12-28 11:20 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Grisoft
2008-12-28 11:19 . 2008-12-28 11:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-27 08:16 . 2008-12-27 09:39 <REP> d-------- c:\program files\Navilog1
2008-12-24 22:12 . 2008-12-24 22:12 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-24 21:37 . 2008-12-24 21:37 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-24 21:35 . 2008-12-24 21:35 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-24 21:34 . 2008-12-27 15:54 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-24 21:28 . 2008-12-27 15:54 <REP> d-------- c:\program files\G DATA
2008-12-24 21:28 . 2008-12-27 15:54 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-24 15:13 . 2008-12-28 16:55 <REP> d-------- c:\program files\Panda Security
2008-12-24 15:01 . 2008-12-24 15:01 <REP> d-------- C:\ProgramData
2008-12-24 15:01 . 2008-12-24 21:59 <REP> d-------- c:\program files\Angle Interactive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 17:43 25,731,104 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-29 14:40 303,668 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-28 16:43 --------- d-----w c:\program files\Trend Micro
2008-12-28 16:18 208,384 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-12-28 15:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 08:59 --------- d-----w c:\program files\DivX
2008-12-27 08:53 --------- d-----w c:\program files\VideoLAN
2008-12-24 21:06 540,160 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-12-24 20:53 --------- d-----w c:\program files\a-squared Anti-Malware
2008-12-24 18:42 --------- d-----w c:\program files\Webteh
2008-12-18 19:41 149,504 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-17 06:37 5,472,338 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-16 19:35 5,563,392 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-06 17:09 --------- d-----w c:\program files\MSN Messenger
2007-07-24 01:34 426 ----a-w c:\program files\how to.txt
2007-07-24 01:34 2,001,420 ----a-w c:\program files\iGO.exe
2006-07-04 05:08 356,352 ----a-w c:\documents and settings\CARMONA\cwshredder.dll
2000-11-28 17:34 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]
"winXPlanetBG"="c:\program files\xplanet\xplanet-1.2.0\winXPlanetBG.exe" [2007-05-27 3907584]
"RTEGPRS"="c:\program files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-04-22 2371584]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-07-16 857344]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-13 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-01-08 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=abnjwq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i263"= c:\windows\System32\i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-28 28544]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2008-12-28 73728]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2008-12-28 52992]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2008-12-28 22072]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2008-12-28 193792]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2002-02-11 6942]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2008-12-28 16:59:55 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-28 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2008-12-28 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-28 179640]
R2 PskSvcRetail;Panda PSK service;"c:\program files\Panda Security\Panda Global Protection 2009\PskSvc.exe" [2008-12-28 28928]
R3 CICHAUD;NEC ICH 3D Environmental Audio;c:\windows\system32\drivers\cichaud.sys [1980-01-01 320864]
R3 CICHHALA;CICHHALA;c:\windows\system32\drivers\cichhal.sys [1980-01-01 255648]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-12-28 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe []
S3 LCcFltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcFltr.Sys [2002-02-11 12413]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7e201c-1a6c-11db-8d88-0050229bc9eb}]
\Shell\AutoRun\command - E:\start.exe
\Shell\FramaKey\command - E:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51025c1-7775-11dd-9611-0050229bc9eb}]
\Shell\AutoRun\command - H:\PMB_P.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 c:\windows\Tasks\kvtbgets.job
- c:\windows\system32\rundll32.exe [2008-04-14 03:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0434606F-EE86-471A-AB80-D5DCB2267693} - c:\windows\system32\iifgFYon.dll
BHO-{289029B9-1DA1-4475-83BA-4BDA90636275} - c:\windows\system32\efcCtuss.dll
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-LDM - \Program\BackWeb-8876480.exe
HKLM-Run-Windows Autoupdate - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\CICBrowser.dll - O16 -: {0A918EFC-E412-4AF0-90E5-25DE1F78766C}
hxxp://www.zoomorama.com/cicbrowser.cab
c:\windows\Downloaded Program Files\CICBrowser.inf
O16 -: {17D8B270-9C15-11D3-8F03-00105A9965CA} - hxxp://www.canalfree.com/ie/pc/sc.cab
c:\windows\Downloaded Program Files\sc.inf
c:\windows\Downloaded Program Files\oscan81.ocx_x - c:\windows\bdoscandellang.ini
c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 18:49:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\avldr.dll
- - - - - - - > 'explorer.exe'(3780)
c:\program files\Panda Security\Panda Global Protection 2009\pavoepl.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\WebProxy.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Fichiers communs\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Streamload\MediaMax XL\StreamloadService.exe
c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-12-29 19:00:15 - La machine a redémarré [CARMONA]
ComboFix-quarantined-files.txt 2008-12-29 18:00:04
Avant-CF: 16,708,825,088 octets libres
Après-CF: 16,690,712,576 octets libres
263 --- E O F --- 2008-12-18 19:40:58
MERCI ENCORE
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:52, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [winXPlanetBG] "C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe"
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {0A918EFC-E412-4AF0-90E5-25DE1F78766C} (CIC Browser Control 1.0) - http://www.zoomorama.com/cicbrowser.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstal [...] taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/control [...] loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - AppInit_DLLs: abnjwq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10262 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
|
Répondre à Angeldark
c'est chose faite.
faut-il faire autre chose? dois-je ensuite désinstaller tous les programmes installés pour le nettoyage?
Merci encore
Tu as encore des soucis ou pas ?
Répondre à Angeldark
non, les fenêtres publicitaires ne s'ouvrent plus.
Bon surf 
Répondre à Angeldark
Il y a 2773 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
