Bonsoir tout le monde, mon père est à l’origine de la dernière infection en date sur mon pc, je passe donc derrière lui pour réparer les dégats… J’ai scanné et rescanné avec mbam et norton, bien que ce dernier n’ai pas pu supprimer les infections constatées ( backdoor et downloader.) Voici mon log hijackthis, pouvez vous me dire si vous voyez des choses qui devraient être corrigées? Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:06, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\TOPRO\TP6810\TPPOLL10.EXE
D:\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Documents and Settings\DB\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\ActiveSync4.5\Wcescomm.exe
D:\Program Files\Rico Software\RS Somnífero\somnifero.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\ACTIVE~1.5\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
D:\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.wanadoo.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe”
O4 - HKLM…\Run: [Ulead Quick-Drop] “D:\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe” WINDOWCALL
O4 - HKLM…\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [TPPOLL10] C:\Program Files\TOPRO\TP6810\TPPOLL10.EXE
O4 - HKLM…\Run: [hpqSRMon] D:\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [UVS10 Preload] D:\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “D:\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [SoftwareHelper] C:\Documents and Settings\DB\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “D:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [H/PC Connection Agent] “D:\ActiveSync4.5\Wcescomm.exe”
O4 - HKCU…\Run: [somnifero] D:\Program Files\Rico Software\RS Somnífero\somnifero.exe /s
O4 - HKCU…\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18…\Run: [phgpqvdh.exe] C:\WINDOWS\phgpqvdh.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [phgpqvdh.exe] C:\WINDOWS\phgpqvdh.exe (User ‘Default user’)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1.5\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1.5\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1.5\INetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - D:\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - www.symantec.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - webdl.symantec.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - Winlogon Notify: awtqpOfG - awtqpOfG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Application système COM+ (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de liPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 11329 bytes