Analyse log Hijackthis

6 réponses

Tytalus

04/07/2006 à 11:12

Salutations,

Je suis en train de d=E9patouiller un coll=E8gue qui semble avoir un
probl=E8me de fenetres IE qui s'ouvrent intempestivement.
Avant qu'il formatte sous le coup de l'enervement, je lui ai fait
passer un coup de HJT afin d'y voir plus clair.
J'essaye d'analyser de mon c=F4t=E9, mais =E9tant dans l'urgence, je vous
soumets aussi la log ici. Si jamais une bonne =E2me a l'envie de se
pencher dessus, ou qu'une entr=E9e vous saute aux yeux, je suis preneur.

Merci d'avance :)
------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:41:34, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\cyril\LOCALS~1\Temp\R=E9pertoire temporaire 1 pour
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =3D
about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =3D
http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =3D cyw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=3D Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7=2E0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program
Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program
Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk =3D C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk =3D C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Cr=E9er un favori mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb=
_site.cab?1129246365009
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--=20
"Incrementum Ex Certamine"

6 réponses

NyC

04/07/2006 à 11:42

hello Tytalus you wrote

Salutations,

Je suis en train de dépatouiller un collègue qui semble avoir un
problème de fenetres IE qui s'ouvrent intempestivement.
Avant qu'il formatte sous le coup de l'enervement, je lui ai fait
passer un coup de HJT afin d'y voir plus clair.
J'essaye d'analyser de mon côté, mais étant dans l'urgence, je vous
soumets aussi la log ici. Si jamais une bonne âme a l'envie de se
pencher dessus, ou qu'une entrée vous saute aux yeux, je suis preneur.

Merci d'avance :)

Salut toi,

L'analyse par robot donne ceci :

http://www.hijackthis.de/logfiles/9d83b12c1c72ab1327f4b1197ce087f2.html

Attention au R1 et 02 hein !!:

A+
--
NyC -nocomprendo-
return adress valid

Obsession... El cuervo esta muy enfermo...Mensage subliminal.

Ascadix

04/07/2006 à 14:12

De la plume numérique de Tytalus, nous vîmes sortir un à un les octets du
messages suivant:
<news:

Salutations,

Salut

[snip...]

Je suis pas inspiré par les fichiers référencés dans les 2 lignes suivantes,
passe-les au scan par là histoire de voir si c'est connus:
http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html
http://www.kaspersky.com/scanforvirus

O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe

Pour le reste ...ben c'est plutot chargé comme machine

Avast et AVG en même temps ?
iTune
tout le CD logitech

Avec tout ça , t'as p'tet même pas besoin d'avoir une cochonerie pour que ça
cafouille ...

--
@+
Ascadix
adresse @mail valide, mais ajoutez "sesame" dans l'objet pour que ça arrive.

Eric G.

04/07/2006 à 14:48

Ascadix vient de nous annoncer :

De la plume numérique de Tytalus, nous vîmes sortir un à un les octets du
messages suivant:
<news:

Salutations,

Salut

[snip...]

Je suis pas inspiré par les fichiers référencés dans les 2 lignes suivantes,
passe-les au scan par là histoire de voir si c'est connus:
http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html
http://www.kaspersky.com/scanforvirus

O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe
apparemment lié à la carte video MSI NX7800 GTX SLI :

http://www.hardocp.com/article.html?art=ODAwLDI
--
@+
ERIC
http://ericzworkz.free.fr
Spam protected, click here to answer :
http://cerbermail.com/?tVjLN6N0wM

Ascadix

04/07/2006 à 18:12

De la plume numérique de Eric G., nous vîmes sortir un à un les octets du
messages suivant:
<news:

Ascadix vient de nous annoncer :
De la plume numérique de Tytalus, nous vîmes sortir un à un les
octets du messages suivant:
<news:

Salutations,

Salut

[snip...]

Je suis pas inspiré par les fichiers référencés dans les 2 lignes
suivantes, passe-les au scan par là histoire de voir si c'est connus:
http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html
http://www.kaspersky.com/scanforvirus

O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe
apparemment lié à la carte video MSI NX7800 GTX SLI :

http://www.hardocp.com/article.html?art=ODAwLDI
Ouaip ... j'ai po bien regardé gogole tout à l'heure sur ce coup-là ....

Mais bon, du MSI dans la machine ..un motif de plus pour que ça marche pas
bien :-)

--
@+
Ascadix
adresse @mail valide, mais ajoutez "sesame" dans l'objet pour que ça arrive.

aranjuez31

05/07/2006 à 16:28

Tytalus wrote:

Logfile of HijackThis v1.99.1
Scan saved at 08:41:34, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesD-Toolsdaemon.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesHewlett-PackardToolboxStatusClientStatusClient.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe
C:Program FilesFichiers communsLogitechKhalSharedKHALMNPR.EXE
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1cyrilLOCALS~1TempRépertoire temporaire 1 pour
hijackthis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
about:
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = cyw
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers
communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
/STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program
FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [iTunesHelper] "C:Program
FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [StatusClient 2.6] C:Program
FilesHewlett-PackardToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup 2.5] C:Program
FilesHewlett-PackardToolboxhpbpsttp.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search
& DestroyTeaTimer.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft
ActiveSyncwcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel
present
O8 - Extra context menu item: &Google Search - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw eb_site.cab?1129246365009
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
- C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
========================= ==

1/ - pas de p-feu ? étonnant !! ++++>(A)Si tu n' as pas de pare-feu,
autre que le 'joujou' de Windows (à désactiver), je te
conseille Kerio (gratuit même après les 30 jours d' essai)
Tutorial et téléchargement ici :
http://www.vulgarisation-informatique.com/kerio.php
(B)- Règle d' or à respecter : 1 seul pare-feu, 1 seul antivirus
2 / - 2 antivirus !!!! ++++> action : virer AVG7
3 / - cocher et virer ttes les 016
4/ - trop de 04 inutiles au run !! seuls nécessaire p-feu et antivirus
5/ - il eut été judicieux de nettoyer sa bécane avant de produire
hijack avec Spybot+Ad-aware+Ewido+Cleaner+OnlineBitdef , le boulot à
faire eut été moindre
donc le faire
et revenir avec rapports de Ewido et OnlineBitDef
6/ - je terminerai ensuite si réponse favorable, car il reste des
infections visibles

Tytalus wrote:

Logfile of HijackThis v1.99.1
Scan saved at 08:41:34, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesD-Toolsdaemon.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesHewlett-PackardToolboxStatusClientStatusClient.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe
C:Program FilesFichiers communsLogitechKhalSharedKHALMNPR.EXE
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1cyrilLOCALS~1TempRépertoire temporaire 1 pour
hijackthis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
about:
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = cyw
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers
communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
/STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program
FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [iTunesHelper] "C:Program
FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [StatusClient 2.6] C:Program
FilesHewlett-PackardToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup 2.5] C:Program
FilesHewlett-PackardToolboxhpbpsttp.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search
& DestroyTeaTimer.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft
ActiveSyncwcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel
present
O8 - Extra context menu item: &Google Search - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw eb_site.cab?1129246365009
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
- C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
========================= ==

Vous avez filtré cet utilisateur ! Consultez son message

Tytalus wrote:

Logfile of HijackThis v1.99.1
Scan saved at 08:41:34, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesD-Toolsdaemon.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesHewlett-PackardToolboxStatusClientStatusClient.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesHewlett-PackardToolboxjrebinjavaw.exe
C:Program FilesFichiers communsLogitechKhalSharedKHALMNPR.EXE
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1cyrilLOCALS~1TempRépertoire temporaire 1 pour
hijackthis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
about:
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = cyw
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName
= Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers
communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
/STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program
FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [iTunesHelper] "C:Program
FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [StatusClient 2.6] C:Program
FilesHewlett-PackardToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup 2.5] C:Program
FilesHewlett-PackardToolboxhpbpsttp.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search
& DestroyTeaTimer.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft
ActiveSyncwcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program
FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointSetPoint.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel
present
O8 - Extra context menu item: &Google Search - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw eb_site.cab?1129246365009
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
- C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
========================= ==

Az Sam

05/07/2006 à 22:53

"Ascadix" a écrit dans le message de news:
44aa5c14$0$823$

Je suis pas inspiré par les fichiers référencés dans les 2 lignes
suivantes,

passe-les au scan par là histoire de voir si c'est connus:
http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html
http://www.kaspersky.com/scanforvirus

O4 - HKLM..Run: [SW20] C:WINDOWSsystem32sw20.exe
O4 - HKLM..Run: [SW24] C:WINDOWSsystem32sw24.exe

non ca c'ets rien, je les ai aussi d'"ailleurs. c'est venu avec les drivers
MSI pour maGF4.
Pas tres sur de l'utilite mais pas dangeureux en tout cas..

--

Cordialement,
Az Sam.

Analyse log Hijackthis

6 réponses

Veuillez sélectionner un problème