Besoin d'un oeil à ce fil.
- Xxyyzz
- Born
- Inscription: Juil 29, 2009
- Messages: 3
- Status: Offline
Juillet 29th, 2009, 4:25 am
Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 5:16:42 AM, le 7.29.2009
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost. exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
c: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ. exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ arservice.exe
C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
C: \ WINDOWS \ eHome \ ehrecvr.exe
C: \ WINDOWS \ eHome \ ehSched.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ PnkBstrB.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService. exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ DLLHost.exe tombait
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ eHome \ ehmsas.exe
C: \ WINDOWS \ ARPWRMSG.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched. exe
C: \ Program Files \ Hp \ HP Software Update \ HPWuSchd2.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ Logitech \ iTouch \ iTouch.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ program files \ valve \ Steam \ steam.exe
C: \ Program Files \ AIM6 \ aim6.exe
C: \ Program Files \ Logitech \ MouseWare \ system \ em_exec.exe
C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ BackWeb-8876480. exe
C: \ Program Files \ Compaq Connections \ 5577497 \ Program \ Compaq Connections.exe
C: \ PROGRA ~ 1 \ Mozilla Firefox \ firefox.exe
c: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Program Files \ AIM6 \ aolsoftware.exe
C: \ Program Files \ uTorrent \ uTorrent.exe
c: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jucheck.exe
C: \ Program Files \ DISC \ DiscUpdMgr. exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis. exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main , Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings, ProxyOverride = localhost
R3 - URLSearchHook: AIM Toolbar Search Class - (03402f96-3dc7-4285-BC50-9e81fefafe43) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
R3 - URLSearchHook: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm. dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm. dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O2 - BHO: hpWebHelper Class - (AAAE832A-5FFF-4661-9C8F-369692D1DCB9) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ plugin \ WebHelper. dll
O2 - BHO: AIM Toolbar Loader - (b0cda128-b425-4eef-a174-61a11ac5dbf8) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: Norton AntiVirus - (C4069E3A-68F1-403E-B40E-20066696354B) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt. dll
O3 - Toolbar: AIM Toolbar - (61539ecd-cc67-4437-a03c-9aaccbd14326) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [ftutil2] rundll32.exe ftutil2.dll, SetWriteCacheMode
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ccApp] "c: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [HPBootOp] "C: \ Program Files \ Hewlett-Packard \ HP Boot Optimizer \ HPBootOp.exe" / run
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ Hp \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [zBrowser Launcher] C: \ Program Files \ Logitech \ iTouch \ iTouch.exe
O4 - HKLM \ .. \ Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Steam] "c: \ program files \ valve \ Steam \ steam.exe"-silent
O4 - HKCU \ .. \ Run: [Aim6] "C: \ Program Files \ AIM6 \ aim6.exe" / d locale = fr-FR ee://aol/imApp
O4 - HKCU \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe
O4 - HKCU \ .. \ Run: [Agent.exe] C: \ Program Files \ PCenter \ Agent.exe
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ BackWeb-8876480.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (utilisateur "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (utilisateur par défaut de l'utilisateur)
O4 -. DEFAULT User Startup: Pin.lnk = C: \ hp \ bin \ CLOAKER.EXE (User utilisateur par défaut)
O4 -. DEFAULT User Startup: PinMcLnk. lnk = C: \ hp \ bin \ cloaker.exe (User utilisateur par défaut)
O4 - Global Startup: Compaq Connections.lnk = C: \ Program Files \ Compaq Connections \ 5577497 \ Program \ Compaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LDMConf. exe
O8 - Extra du menu contextuel: & AIM Search Toolbar - C: \ Documents and Settings \ All Users \ Application Data \ AIM Toolbar \ ieToolbar \ resources \ fr-FR \ local \ search.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra "Outils" menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv. dll
O9 - Extra button: AIM Toolbar - (0b83c99c-1efa-4259-858f-bcb33e007a5b) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O9 - Extra button: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support. htm
O9 - Extra "Outils" menuitem: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra "Outils" menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs. exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - AppInit_DLLs:, C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ 232637kou.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ. exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr. exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr. exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc. exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE. EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrB.exe
O23 - Service: Remote Packet Capture V.0 Protocole (experimental) (rpcapd) - CACE Technologies - C: \ Program Files \ WinPCap \ rpcapd. exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc. exe
O23 - Service: Symantec Core LC - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
--
Fin de fichier - 13,208 octets
ce qui est infecté et ce qui doit deleteing, étape par étape si u pouvait.
Scan sauvé à 5:16:42 AM, le 7.29.2009
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost. exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
c: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ. exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ arservice.exe
C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
C: \ WINDOWS \ eHome \ ehrecvr.exe
C: \ WINDOWS \ eHome \ ehSched.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ PnkBstrB.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService. exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ DLLHost.exe tombait
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ eHome \ ehmsas.exe
C: \ WINDOWS \ ARPWRMSG.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched. exe
C: \ Program Files \ Hp \ HP Software Update \ HPWuSchd2.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ Logitech \ iTouch \ iTouch.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ program files \ valve \ Steam \ steam.exe
C: \ Program Files \ AIM6 \ aim6.exe
C: \ Program Files \ Logitech \ MouseWare \ system \ em_exec.exe
C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ BackWeb-8876480. exe
C: \ Program Files \ Compaq Connections \ 5577497 \ Program \ Compaq Connections.exe
C: \ PROGRA ~ 1 \ Mozilla Firefox \ firefox.exe
c: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Program Files \ AIM6 \ aolsoftware.exe
C: \ Program Files \ uTorrent \ uTorrent.exe
c: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jucheck.exe
C: \ Program Files \ DISC \ DiscUpdMgr. exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis. exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main , Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings, ProxyOverride = localhost
R3 - URLSearchHook: AIM Toolbar Search Class - (03402f96-3dc7-4285-BC50-9e81fefafe43) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
R3 - URLSearchHook: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm. dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm. dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O2 - BHO: hpWebHelper Class - (AAAE832A-5FFF-4661-9C8F-369692D1DCB9) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ plugin \ WebHelper. dll
O2 - BHO: AIM Toolbar Loader - (b0cda128-b425-4eef-a174-61a11ac5dbf8) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: Norton AntiVirus - (C4069E3A-68F1-403E-B40E-20066696354B) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt. dll
O3 - Toolbar: AIM Toolbar - (61539ecd-cc67-4437-a03c-9aaccbd14326) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - (3806b089-6759-411d-b2c3-b7995a9f34d7) - C: \ Program Files \ Harmony_Hollow_Software \ tbHarm.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [ftutil2] rundll32.exe ftutil2.dll, SetWriteCacheMode
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ccApp] "c: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [HPBootOp] "C: \ Program Files \ Hewlett-Packard \ HP Boot Optimizer \ HPBootOp.exe" / run
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ Hp \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [zBrowser Launcher] C: \ Program Files \ Logitech \ iTouch \ iTouch.exe
O4 - HKLM \ .. \ Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Steam] "c: \ program files \ valve \ Steam \ steam.exe"-silent
O4 - HKCU \ .. \ Run: [Aim6] "C: \ Program Files \ AIM6 \ aim6.exe" / d locale = fr-FR ee://aol/imApp
O4 - HKCU \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe
O4 - HKCU \ .. \ Run: [Agent.exe] C: \ Program Files \ PCenter \ Agent.exe
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ BackWeb-8876480.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (utilisateur "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (utilisateur par défaut de l'utilisateur)
O4 -. DEFAULT User Startup: Pin.lnk = C: \ hp \ bin \ CLOAKER.EXE (User utilisateur par défaut)
O4 -. DEFAULT User Startup: PinMcLnk. lnk = C: \ hp \ bin \ cloaker.exe (User utilisateur par défaut)
O4 - Global Startup: Compaq Connections.lnk = C: \ Program Files \ Compaq Connections \ 5577497 \ Program \ Compaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LDMConf. exe
O8 - Extra du menu contextuel: & AIM Search Toolbar - C: \ Documents and Settings \ All Users \ Application Data \ AIM Toolbar \ ieToolbar \ resources \ fr-FR \ local \ search.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra "Outils" menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv. dll
O9 - Extra button: AIM Toolbar - (0b83c99c-1efa-4259-858f-bcb33e007a5b) - C: \ Program Files \ AIM Toolbar \ aimtb.dll
O9 - Extra button: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support. htm
O9 - Extra "Outils" menuitem: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra "Outils" menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs. exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - AppInit_DLLs:, C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ 232637kou.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswupdsv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ. exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashmaisv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr. exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr. exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc. exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE. EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrB.exe
O23 - Service: Remote Packet Capture V.0 Protocole (experimental) (rpcapd) - CACE Technologies - C: \ Program Files \ WinPCap \ rpcapd. exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc. exe
O23 - Service: Symantec Core LC - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
--
Fin de fichier - 13,208 octets
ce qui est infecté et ce qui doit deleteing, étape par étape si u pouvait.
- Anonymous
- Bot
- Inscription: 25 Feb 2008
- Messages: ?
- Loc: Ozzuland
- Status: Online
Juillet 29th, 2009, 4:25 am
- grinch2171
- Moderator
- Inscription: Fév 11, 2004
- Messages: 6740
- Loc: Martinsburg, WV
- Status: Online
Juillet 29th, 2009, 5:39 am
Run Cette Hijack et sélectionnez les entrées suivantes, puis cliquez sur le bouton fix
Ensuite, je suggère de télécharger Malwarebytes http://www.malwarebytes.org . Installez cette mise à jour et elle et d'y faire une analyse de votre ordinateur.
Quels types de problèmes êtes-vous avoir?
Quote:
O8 - Extra du menu contextuel: & AIM Search Toolbar - C: \ Documents and Settings \ All Users \ Application Data \ AIM Toolbar \ ieToolbar \ resources \ fr-FR \ local \ search.html
O20 - AppInit_DLLs:, C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ 232637kou.dll
O20 - AppInit_DLLs:, C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ 232637kou.dll
Ensuite, je suggère de télécharger Malwarebytes http://www.malwarebytes.org . Installez cette mise à jour et elle et d'y faire une analyse de votre ordinateur.
Quels types de problèmes êtes-vous avoir?
"Be polite, be professional, but have a plan to kill everybody you meet." Maj. Gen. James Mattis
- Xxyyzz
- Born
- Inscription: Juil 29, 2009
- Messages: 3
- Status: Offline
Juillet 29th, 2009, 1:34 pm
Je sais que j'ai un keylogger, car mon compte sur un jeu est piraté i jouer tous les jours afin ive fait un scan avec avast, n'ont pas trouvé quelque chose mais je sais qu'il y en a un. ses derniers temps beaucoup plus long et je ne sais pas pourquoi.
- Xxyyzz
- Born
- Inscription: Juil 29, 2009
- Messages: 3
- Status: Offline
Juillet 29th, 2009, 2:25 pm
Première analyse de ZoneAlarm est venu avec un cheval de Troie de jeux de pirates et un autre cheval de Troie et supprimé les deux. faire un autre scan avec zonealarm.
Page 1 sur 1
Pour répondre à ce sujet, vous devez vous connecter ou vous enregistrer. Il est gratuit.
Afficher de l'information
- Total des messages de ce sujet: 4 messages
- Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 193 invités
- Vous ne pouvez pas poster de nouveaux sujets
- Vous ne pouvez pas répondre aux sujets
- Vous ne pouvez pas éditer vos messages
- Vous ne pouvez pas supprimer vos messages
- Vous ne pouvez pas joindre des fichiers
