Looksky

rominetus · Août 31, 2007, 1:12

Bonjour,

Mon PC a été infecté par ce worm ou virus ou je-ne-sais-quoi.
Je cherchais une solution toute faite mais apparemment c’est au cas par cas.
Qqn peut-ilm’aider SVP?

Paul

snookette · Août 31, 2007, 1:16

Salut ,

applique ceci :
www.clubic.com…
( Navilog1 , SmitrfaudFix et Hosts )

Poste ensuite un rapport Hijackthis :
www.pcinpact.com…
Edité le 31/08/2007 à 13:16

rominetus · Août 31, 2007, 2:35

Voici le rapport HJT:

"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:54, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\WINDOWS\NOTEPAD.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Apps\ActivBoard\MMKeybd.exe
E:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
E:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\NOTEPAD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM…\Run: [ATICCC] “E:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [EPSON Stylus Photo RX420 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 “EPSON Stylus Photo RX420 Series” /O6 “USB001” /M “Stylus Photo RX420”
O4 - HKLM…\Run: [nTrayFw] E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM…\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “E:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “E:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [updateMgr] “E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Barre d’état système d’ATI CATALYST.lnk = E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = E:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Lancement rapide d’Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - www.touslesdrivers.com…
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - javadl-esd.sun.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

–
End of file - 7783 bytes
Edité le 31/08/2007 à 14:57

snookette · Août 31, 2007, 4:39

Navilog1 et SmitfraudFix ont-ils trouvé quelque chose ?

Donne plus d’info sur Looksky de ton pc … chemin , log , …