Se connecter / S'enregistrer
Votre question

Fenêtres publicitaires / log HijackThis

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Décembre 2008 18:30:09

Bonsoir,

Voilà deux jours que j'essaie de m'en sortir toute seule...mais je n'y arrive pas. J'ai fait plusieurs scans avec différents anti-virus/ antispy mais rien ne marche...toujours ces fenêtres qui s'ouvrent sans arrêt.

Alors je fais appel à vous en postant le log HijackThis pour savoir ce qui cloche. J'ai à peu près compris le système de HijackThis, mais je ne sais pas ce qui est bon et ce qui est mauvais sur mon ordi. Alors Help et MERCI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:34, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\IFACE.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PAVJOBS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.noos.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Noos
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0434606F-EE86-471A-AB80-D5DCB2267693} - C:\WINDOWS\system32\iifgFYon.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {289029B9-1DA1-4475-83BA-4BDA90636275} - C:\WINDOWS\system32\efcCtuss.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [winXPlanetBG] "C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe"
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {0A918EFC-E412-4AF0-90E5-25DE1F78766C} (CIC Browser Control 1.0) - http://www.zoomorama.com/cicbrowser.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sike...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - AppInit_DLLs: abnjwq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10772 bytes

Autres pages sur : fenetres publicitaires log hijackthis

a b 8 Sécurité
28 Décembre 2008 19:46:51

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    29 Décembre 2008 06:57:30

    Bonjour et merci.

    Voici le log MalwareByte's

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1550
    Windows 5.1.2600 Service Pack 3

    29/12/2008 06:35:10
    mbam-log-2008-12-29 (06-35-10).txt

    Type de recherche: Examen complet (C:\|F:\|)
    Eléments examinés: 149786
    Temps écoulé: 2 hour(s), 46 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 49

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\wadblhnh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hnhlbdaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1157\A0329416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1157\A0329426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330745.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A12542CF-0AA1-465A-8B00-4200446B3987}\RP1159\A0330749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvTkiHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvVPiig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMfDwvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMGaAtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMgfDuR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXNDTnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXOFxuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXRLbAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHawxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkIAPIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkLBrSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnlLDtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnmkLef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRJBRjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRJYqnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnmkIXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtsRjij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awttusPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awttuuUn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awturQiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtuuRJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXOGXQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXOhFww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXRhEUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcAtQkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGawXNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGxXrSi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGyaxUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGywwXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifdcDWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifgFXPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJYonKE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yayvvUmL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqPIAsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJBrRJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUlihhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUnMCtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccDvsqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfDvULC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfEUoPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUlKCtS.dll (Trojan.vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUooOeD.dll (Trojan.vundo) -> Quarantined and deleted successfully.
    Contenus similaires
    a b 8 Sécurité
    29 Décembre 2008 14:44:48

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    29 Décembre 2008 19:10:24

    Bonsoir,

    Voici le rapport combofix

    ComboFix 08-12-28.04 - CARMONA 2008-12-29 18:33:41.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.160 [GMT 1:00]
    Lancé depuis: c:\documents and settings\CARMONA\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\CARMONA\LOCALS~1\Temp\tmp1.tmp
    c:\docume~1\CARMONA\LOCALS~1\Temp\tmp2.tmp
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Propri‚taire\Local Settings\Temporary Internet Files\
    c:\windows\pp.exe
    c:\windows\system32\abnjwq.dll
    c:\windows\system32\LlRqXyxx.ini
    c:\windows\system32\LlRqXyxx.ini2
    c:\windows\system32\noYFgfii.ini
    c:\windows\system32\noYFgfii.ini2
    c:\windows\system32\qlojwhtq.ini
    c:\windows\system32\qnqjgisg.ini
    c:\windows\system32\ssutCcfe.ini
    c:\windows\system32\ssutCcfe.ini2
    c:\windows\system32\vmhvlugt.dll

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://childhe.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP
    -------\Service_Iprip


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Malwarebytes
    2008-12-28 20:41 . 2008-12-28 20:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-28 20:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-28 20:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-28 17:06 . 2008-12-29 15:43 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
    2008-12-28 17:02 . 2008-12-29 07:19 227,268 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
    2008-12-28 17:02 . 2008-12-29 07:19 227,268 --a------ c:\windows\system32\drivers\APPFCONT.DAT
    2008-12-28 17:02 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
    2008-12-28 17:02 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
    2008-12-28 17:02 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
    2008-12-28 17:02 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
    2008-12-28 17:02 . 2008-12-29 18:49 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
    2008-12-28 17:02 . 2008-12-29 18:49 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
    2008-12-28 17:02 . 2008-12-28 17:02 261 --a------ c:\windows\system32\PavCPL.dat
    2008-12-28 16:59 . 2008-12-28 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Backup
    2008-12-28 16:59 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
    2008-12-28 16:59 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
    2008-12-28 16:59 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
    2008-12-28 16:57 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
    2008-12-28 16:56 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
    2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\windows\system32\PAV
    2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Panda Security
    2008-12-28 16:55 . 2008-12-28 16:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Panda Security
    2008-12-28 16:55 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
    2008-12-28 16:55 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
    2008-12-28 16:55 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
    2008-12-28 16:55 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
    2008-12-28 16:55 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
    2008-12-28 16:55 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
    2008-12-28 16:55 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
    2008-12-28 16:52 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2008-12-28 16:50 . 2008-12-28 16:50 <REP> d-------- c:\program files\Fichiers communs\Panda Security
    2008-12-28 16:50 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
    2008-12-28 16:50 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
    2008-12-28 16:32 . 2008-12-28 16:32 143 --a------ c:\windows\AvDetected.ini
    2008-12-28 11:20 . 2008-12-28 11:20 <REP> d-------- c:\documents and settings\CARMONA\Application Data\Grisoft
    2008-12-28 11:19 . 2008-12-28 11:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-27 08:16 . 2008-12-27 09:39 <REP> d-------- c:\program files\Navilog1
    2008-12-24 22:12 . 2008-12-24 22:12 68,296 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-24 21:37 . 2008-12-24 21:37 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-24 21:35 . 2008-12-24 21:35 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-24 21:34 . 2008-12-27 15:54 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-24 21:28 . 2008-12-27 15:54 <REP> d-------- c:\program files\G DATA
    2008-12-24 21:28 . 2008-12-27 15:54 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-24 15:13 . 2008-12-28 16:55 <REP> d-------- c:\program files\Panda Security
    2008-12-24 15:01 . 2008-12-24 15:01 <REP> d-------- C:\ProgramData
    2008-12-24 15:01 . 2008-12-24 21:59 <REP> d-------- c:\program files\Angle Interactive

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-29 17:43 25,731,104 --sha-w c:\windows\system32\drivers\fidbox.dat
    2008-12-29 14:40 303,668 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-12-28 16:43 --------- d-----w c:\program files\Trend Micro
    2008-12-28 16:18 208,384 ----a-w c:\windows\Internet Logs\xDB4.tmp
    2008-12-28 15:55 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-27 08:59 --------- d-----w c:\program files\DivX
    2008-12-27 08:53 --------- d-----w c:\program files\VideoLAN
    2008-12-24 21:06 540,160 ----a-w c:\windows\Internet Logs\xDB3.tmp
    2008-12-24 20:53 --------- d-----w c:\program files\a-squared Anti-Malware
    2008-12-24 18:42 --------- d-----w c:\program files\Webteh
    2008-12-18 19:41 149,504 ----a-w c:\windows\Internet Logs\xDB2.tmp
    2008-12-17 06:37 5,472,338 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2008-12-16 19:35 5,563,392 ----a-w c:\windows\Internet Logs\xDB1.tmp
    2008-12-06 17:09 --------- d-----w c:\program files\MSN Messenger
    2007-07-24 01:34 426 ----a-w c:\program files\how to.txt
    2007-07-24 01:34 2,001,420 ----a-w c:\program files\iGO.exe
    2006-07-04 05:08 356,352 ----a-w c:\documents and settings\CARMONA\cwshredder.dll
    2000-11-28 17:34 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]
    "winXPlanetBG"="c:\program files\xplanet\xplanet-1.2.0\winXPlanetBG.exe" [2007-05-27 3907584]
    "RTEGPRS"="c:\program files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-04-22 2371584]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-07-16 857344]
    "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-13 450560]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-01-08 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=abnjwq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i263"= c:\windows\System32\i263_32.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-28 28544]
    R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2008-12-28 73728]
    R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2008-12-28 52992]
    R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2008-12-28 22072]
    R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2008-12-28 193792]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2002-02-11 6942]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2008-12-28 16:59:55 158848]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-28 41144]
    R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2008-12-28 46720]
    R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []
    R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-28 179640]
    R2 PskSvcRetail;Panda PSK service;"c:\program files\Panda Security\Panda Global Protection 2009\PskSvc.exe" [2008-12-28 28928]
    R3 CICHAUD;NEC ICH 3D Environmental Audio;c:\windows\system32\drivers\cichaud.sys [1980-01-01 320864]
    R3 CICHHALA;CICHHALA;c:\windows\system32\drivers\cichhal.sys [1980-01-01 255648]
    R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-12-28 197888]
    R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
    S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe []
    S3 LCcFltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcFltr.Sys [2002-02-11 12413]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    panda REG_MULTI_SZ Gwmsrv

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7e201c-1a6c-11db-8d88-0050229bc9eb}]
    \Shell\AutoRun\command - E:\start.exe
    \Shell\FramaKey\command - E:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51025c1-7775-11dd-9611-0050229bc9eb}]
    \Shell\AutoRun\command - H:\PMB_P.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-29 c:\windows\Tasks\kvtbgets.job
    - c:\windows\system32\rundll32.exe [2008-04-14 03:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0434606F-EE86-471A-AB80-D5DCB2267693} - c:\windows\system32\iifgFYon.dll
    BHO-{289029B9-1DA1-4475-83BA-4BDA90636275} - c:\windows\system32\efcCtuss.dll
    WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
    HKCU-Run-LDM - \Program\BackWeb-8876480.exe
    HKLM-Run-Windows Autoupdate - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://fr.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

    c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
    hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    c:\windows\Downloaded Program Files\OSDED4D.OSD

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    c:\windows\Downloaded Program Files\CICBrowser.dll - O16 -: {0A918EFC-E412-4AF0-90E5-25DE1F78766C}
    hxxp://www.zoomorama.com/cicbrowser.cab
    c:\windows\Downloaded Program Files\CICBrowser.inf

    O16 -: {17D8B270-9C15-11D3-8F03-00105A9965CA} - hxxp://www.canalfree.com/ie/pc/sc.cab
    c:\windows\Downloaded Program Files\sc.inf

    c:\windows\Downloaded Program Files\oscan81.ocx_x - c:\windows\bdoscandellang.ini
    c:\windows\bdoscandel.exe
    c:\windows\Downloaded Program Files\live.ini
    c:\windows\Downloaded Program Files\scanoptions.tsi
    c:\windows\Downloaded Program Files\lang.ini
    c:\windows\Downloaded Program Files\ipsupd.dll
    c:\windows\Downloaded Program Files\bdupd.dll
    c:\windows\Downloaded Program Files\libfn.dll
    c:\windows\Downloaded Program Files\bdcore.dll
    c:\windows\Downloaded Program Files\oscan8.ocx
    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    c:\windows\Downloaded Program Files\oscan8.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-29 18:49:59
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(868)
    c:\windows\system32\avldr.dll

    - - - - - - - > 'explorer.exe'(3780)
    c:\program files\Panda Security\Panda Global Protection 2009\pavoepl.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Panda Security\Panda Global Protection 2009\WebProxy.exe
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
    c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    c:\program files\Fichiers communs\Panda Security\PavShld\PavPrSrv.exe
    c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\system32\snmp.exe
    c:\program files\Streamload\MediaMax XL\StreamloadService.exe
    c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
    c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
    c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe
    c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
    c:\progra~1\MICROS~4\rapimgr.exe
    c:\program files\Logitech\SetPoint\KHALMNPR.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-29 19:00:15 - La machine a redémarré [CARMONA]
    ComboFix-quarantined-files.txt 2008-12-29 18:00:04

    Avant-CF: 16,708,825,088 octets libres
    Après-CF: 16,690,712,576 octets libres

    263 --- E O F --- 2008-12-18 19:40:58

    MERCI ENCORE
    a b 8 Sécurité
    29 Décembre 2008 19:42:44

    Reposte un rapport Hijackthis.
    29 Décembre 2008 19:55:29

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:54:52, on 29/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
    c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
    C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [winXPlanetBG] "C:\Program Files\xplanet\xplanet-1.2.0\winXPlanetBG.exe"
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {0A918EFC-E412-4AF0-90E5-25DE1F78766C} (CIC Browser Control 1.0) - http://www.zoomorama.com/cicbrowser.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.canalfree.com/ie/pc/sc.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sike...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O20 - AppInit_DLLs: abnjwq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10262 bytes
    a b 8 Sécurité
    29 Décembre 2008 20:19:49

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - AppInit_DLLs: abnjwq.dll
    29 Décembre 2008 20:51:52

    c'est chose faite.

    faut-il faire autre chose? dois-je ensuite désinstaller tous les programmes installés pour le nettoyage?

    Merci encore
    a b 8 Sécurité
    30 Décembre 2008 13:01:31

    Tu as encore des soucis ou pas ?
    30 Décembre 2008 13:25:52

    non, les fenêtres publicitaires ne s'ouvrent plus.
    a b 8 Sécurité
    30 Décembre 2008 19:05:21

    Bon surf :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS