Sujet Précédent Sujet Suivant

PopUp intempestifs Sécurité IE avec Vista

Résolu
Andisa Messages postés 49 Statut Membre -  
Andisa Messages postés 49 Statut Membre -
Bonjour,

J'ai posté ce message dans la section "Windows" mais sur les conseils d'un forumeur, je me permets dans créer un ici.

Voici mon problème: depuis que j'ai accepté la mise à jour de Vista, il y a maintenant 2 jours, je me retrouve avec des fenêtres de Sécurité Internet Explorer même lorsque je lance IE, qui me dit ceci:

Sur un fond orangé/jaune: Un site web veut ouvrir un contenu Web en utilisant ce programme sur votre ordinateur

Puis le corps du message: Ce programme sera ouvert en dehors du mode protégé. Le mode protégé de Ie vous aide à protéger votre ordi; Si vous ne faites pas confiance à ce site Web, n'ouvrez pas ce programme. (Pour le lancement d'IE, c'est un comble!!!)

Non: Processus hôte Windows (rundll32)
Editeur: Microsoft Windows
Détails: "C:\windows\system32\gzmrotate.dll" DllVerify

J'ai aussi une case qui me permettrait de ne plus afficher d'avertissement pour ce programme mais elle n'est pas active!

Donc soit j'autorise et je peux aller sur internet soit je refuse et je ne peux pas, simple....

Après 1 heure avec la hot-line de McAfee = no solution. Ils m'ont conseillé des utilitaires Spywae a passer en plus...

J'ai fait passer Spybot et SUPERAntiSpyware Professional qui m'ont retiré quelques petites choses mais ces fenêtres sont toujours là...

Une idée car j'en ai marre de cliquer et surtout, je voudrai comprendre d'où cela vient..? Virus or not virus??? That's my question! ;))

Merci de votre aide!

Andisa
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++

0
Réponse 2 / 21
Andisa Messages postés 49 Statut Membre 13
 
Bonsoir green day,

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:51, on 12/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ok, le message d'erreur est une bébéttes !

fais ce qui est indiqué ici stp :

virus methode preliminaire de desinfection version fr

++

0
Réponse 4 / 21
Andisa Messages postés 49 Statut Membre 13
 
Pendant que ça scanne, peux-tu me dire de quelle bêbête il s'agit?

Merci

Andisa
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

il s'agit de l'adware AdRotator/IconAds associé au fichier.dll suivant : gzmrotate.dll selon castelcops

il y a aussi pas ma de fichiers suspects dans les fichiers temps !

++
0
Réponse 6 / 21
Andisa Messages postés 49 Statut Membre 13
 
AdRotator a été supprimer hier via SuperAntiSpyware pro

Je viens de désactivier la protection sécurité internet de windows qui ne sert pas à grand chose faut bien le dire... Et je n'ai plus de pop up... Mais je continue les scans pour avoir ton avis final.

Merci!

Andisa
0
Réponse 7 / 21
Andisa Messages postés 49 Statut Membre 13
 
Voici le rapport AVG Anti-spyware:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:14:10 12/10/2007

+ Résultat de l'analyse:

C:\Users\Jean-Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\jean-pierre@com[1].txt -> TrackingCookie.Com : Aucune action entreprise.

Fin du rapport

Andisa
0
Réponse 8 / 21
Andisa Messages postés 49 Statut Membre 13
 
BitDefender ne peut pas checker mon PC mais ne dit pas pourquoi.....

Andisa
0
Réponse 9 / 21
Andisa Messages postés 49 Statut Membre 13
 
Et voici le dernier scan HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:04, on 12/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Temp\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Windows\Temp\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 10 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, pas grave ... ça doit être le reste de la bénétte ...

petite verif :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt

++
0
Réponse 11 / 21
Andisa Messages postés 49 Statut Membre 13
 
Et voici le rapport (très long...) de ComboFix:

ComboFix 07-10-12.4 - Isabelle 2007-10-12 23:44:02.1 - NTFSx86 NETWORK
Microsoft© Windows VistaT dition Familiale Premium 6.0.6000.0.1252.1.1036.18.1660 [GMT 2:00]
Running from: C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBF1ACNT\ComboFix[1].exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))))))))
.

2007-10-12 23:35 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-12 23:17 <REP> d-------- C:\Windows\BDOSCAN8
2007-10-12 22:29 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Grisoft
2007-10-12 22:29 <REP> d-------- C:\Users\All Users\Grisoft
2007-10-12 22:29 <REP> d-------- C:\ProgramData\Grisoft
2007-10-12 22:29 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-10-12 22:17 <REP> d-------- C:\Program Files\CCleaner
2007-10-12 21:31 <REP> d-------- C:\Program Files\Trend Micro
2007-10-11 21:37 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\SUPERAntiSpyware.com
2007-10-11 21:37 <REP> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-10-11 21:37 <REP> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-10-11 21:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-11 21:36 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-11 19:48 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-10-11 19:48 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-10-09 18:08 <REP> d-------- C:\Multimedia Files
2007-10-06 23:30 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-06 23:03 27,620 --a------ C:\Users\Isabelle\AppData\Roaming\nvModes.dat
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Videos
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Searches
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Saved Games
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Pictures
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Music
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Links
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Downloads
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Documents
2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Contacts
2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\Bluetooth Software
2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Roxio
2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Media Center Programs
2007-10-06 22:55 <REP> d--h----- C:\Users\Isabelle\AppData\Roaming\GTek
2007-10-06 22:55 <REP> d--h----- C:\Users\Isabelle\AppData
2007-10-06 22:54 27,905 --a------ C:\Users\Jean-Pierre\AppData\Roaming\nvModes.dat
2007-09-21 12:53 <REP> d-------- C:\Windows\PCHEALTH
2007-09-21 12:53 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-21 12:48 <REP> dr-h----- C:\MSOCache
2007-09-21 12:32 619,008 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-09-21 12:32 70,144 --a------ C:\Windows\System32\drivers\pacer.sys
2007-09-21 12:32 61,952 --a------ C:\Windows\System32\drivers\wanarp.sys
2007-09-21 12:32 48,640 --a------ C:\Windows\System32\drivers\ndproxy.sys
2007-09-21 12:32 20,480 --a------ C:\Windows\System32\drivers\ndistapi.sys
2007-09-21 12:29 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2007-09-21 12:29 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2007-09-21 12:29 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2007-09-21 12:27 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2007-09-21 12:23 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 19:35 5,863,960 ----a-w C:\Users\Isabelle\SUPERAntiSpywarePro.exe
2007-10-11 19:26 904,048 ----a-w C:\Users\Isabelle\fsbl.exe
2007-10-11 17:28 --------- d-----w C:\Program Files\McAfee
2007-10-10 16:26 --------- d-----w C:\Program Files\Windows Mail
2007-10-07 11:45 45,240 ----a-w C:\Windows\system32\drivers\pciidex.sys
2007-10-07 11:45 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-10-07 11:45 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-10-07 11:45 21,688 ----a-w C:\Windows\system32\drivers\atapi.sys
2007-10-07 11:45 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-10-07 11:45 16,056 ----a-w C:\Windows\system32\drivers\pciide.sys
2007-10-07 11:45 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-10-07 11:45 110,264 ----a-w C:\Windows\system32\drivers\ataport.sys
2007-10-07 11:45 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-09-21 10:37 174 --sha-w C:\Program Files\desktop.ini
2007-09-21 10:34 --------- d-----w C:\Program Files\Windows Calendar
2007-09-21 10:10 --------- d--h--w C:\Users\Jean-Pierre\AppData\Roaming\GTek
2007-09-04 09:34 --------- d-----w C:\Users\Jean-Pierre\AppData\Roaming\Roxio
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Modèles
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Menu Démarrer
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Favoris
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Documents
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Bureau
2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Application Data
2007-09-04 09:31 --------- d-sh--w C:\Program Files\Fichiers communs
2007-08-28 23:51 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-08-28 23:51 --------- d-----w C:\Program Files\DellTPad
2007-08-28 23:50 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-08-28 23:50 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-08-28 23:50 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
2007-08-28 23:50 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-08-28 23:50 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
2007-08-28 23:50 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-08-28 23:50 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-08-28 23:50 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-08-28 23:50 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
2007-08-28 23:50 --------- d-----w C:\Program Files\Windows Defender
2007-08-28 23:49 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys
2007-08-28 23:49 60,928 ----a-w C:\Windows\system32\drivers\raspptp.sys
2007-08-28 23:49 51,896 ----a-w C:\Windows\system32\drivers\partmgr.sys
2007-08-28 23:49 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2007-08-28 23:49 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2007-08-28 23:49 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2007-08-28 23:49 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2007-08-28 23:49 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2007-08-28 23:49 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2007-08-28 23:49 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2007-08-28 23:49 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2007-08-28 23:49 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2007-08-28 23:48 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
2007-08-28 23:48 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
2007-08-28 23:48 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
2007-08-28 23:48 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
2007-08-28 23:48 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
2007-08-28 23:48 50,792 ----a-w C:\Windows\system32\drivers\termdd.sys
2007-08-28 23:48 50,280 ----a-w C:\Windows\system32\drivers\volmgr.sys
2007-08-28 23:48 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
2007-08-28 23:48 28,776 ----a-w C:\Windows\system32\drivers\mssmbios.sys
2007-08-28 23:48 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
2007-08-28 23:48 140,392 ----a-w C:\Windows\system32\drivers\pci.sys
2007-08-28 23:48 13,928 ----a-w C:\Windows\system32\drivers\msisadrv.sys
2007-08-28 23:48 12,776 ----a-w C:\Windows\system32\drivers\swenum.sys
2007-08-28 23:48 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
2007-08-28 23:44 4,875 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk
2007-08-28 16:29 --------- d-----w C:\ProgramData\Roxio
2007-08-28 16:26 --------- d-----w C:\Program Files\Orange
2007-08-28 16:26 --------- d-----w C:\Program Files\MAKEMSI Package Documentation
2007-08-28 16:26 --------- d-----w C:\Program Files\Dell
2007-08-28 16:25 --------- d-----w C:\ProgramData\SupportSoft
2007-08-28 16:25 --------- d-----w C:\Program Files\Google
2007-08-28 16:25 --------- d-----w C:\Program Files\Dell Support Center
2007-08-28 16:25 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-08-28 16:25 --------- d-----w C:\Program Files\BAE
2007-08-28 16:24 --------- d-----w C:\ProgramData\Gtek
2007-08-28 16:24 --------- d-----w C:\Program Files\DellSupport
2007-08-28 16:23 --------- d-----w C:\ProgramData\Dell
2007-08-28 16:23 --------- d-----w C:\ProgramData\CyberLink
2007-08-28 16:23 --------- d-----w C:\Program Files\CyberLink
2007-08-28 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-28 16:22 --------- d-----w C:\ProgramData\McAfee
2007-08-28 16:21 --------- d-----w C:\Program Files\McAfee.com
2007-08-28 16:21 --------- d-----w C:\Program Files\Common Files\McAfee
2007-08-28 16:19 --------- d-----w C:\Program Files\Roxio
2007-08-28 16:19 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-28 16:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-28 16:17 --------- d-----w C:\ProgramData\Sonic
2007-08-28 16:17 --------- d-----w C:\ProgramData\InstallShield
2007-08-28 16:17 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-08-28 16:17 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-08-28 16:15 --------- d-----w C:\Program Files\Microsoft Works
2007-08-28 16:15 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-28 16:13 --------- d-----w C:\Program Files\WIDCOMM
2007-08-28 16:12 --------- d-----w C:\Program Files\Creative Live! Cam
2007-08-28 16:12 --------- d-----w C:\Program Files\Creative
2007-08-28 16:12 --------- d-----w C:\Program Files\Common Files\Reallusion
2007-08-28 16:12 --------- d-----w C:\Program Files\Common Files\Creative
2007-08-28 16:11 --------- d-----w C:\Program Files\Digital Line Detect
2007-08-28 16:11 --------- d-----w C:\Program Files\Broadcom
2007-08-28 16:10 --------- d-----w C:\Program Files\NetWaiting
2007-08-28 16:10 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2007-08-28 16:07 --------- d-----w C:\Program Files\SigmaTel
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-10-10 12:24 63488 --a------ C:\Windows\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 01:50]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 05:31]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-02-02 11:00]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 08:54]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 08:53]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 08:54]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 08:54]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-28 18:06]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 22:37 C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 12:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 18:25]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]
"hid_start"="C:\Windows\system32\gzmrotate.dll" [2007-10-10 12:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 20:08]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1.SH!

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-28 18:11:01]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-28 18:10:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
S3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

*Newly Created Service* - AVGASCLN
*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-08-28 16:29:18 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-08-28 16:29:18 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-12 21:19:08 C:\Windows\Tasks\User_Feed_Synchronization-{B9783D14-3EC4-4163-B3C8-D03CDF735B8A}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 23:45:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 23:45:54
.
--- E O F ---

J'suis clean maintenant? ;))

Andisa
0
Réponse 12 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, je regarde, et te donne la suite demain !

je dois y aller

@+

;-)
0
Réponse 13 / 21
Andisa Messages postés 49 Statut Membre 13
 
Merci Docteur!!!

A demain!

Andisa
0
Réponse 14 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, poste un nouveau jijack stp

++
0
Réponse 15 / 21
Andisa Messages postés 49 Statut Membre 13
 
Bonjour,

Voici le dernier scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:48, on 13/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 16 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

++
0
Réponse 17 / 21
Andisa Messages postés 49 Statut Membre 13
 
Bon, un petit peu tard et en même temps (enfin presque!) que le coup d'envoi de la 1/2 finale, voici le rapport SDFix:

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 20:38:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f3e0f3]
"001247977094"=hex:31,38,0b,7e,55,31,8e,e4,e0,80,07,06,74,c7,20,41
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26f3e0f3]
"001247977094"=hex:31,38,0b,7e,55,31,8e,e4,e0,80,07,06,74,c7,20,41

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

C'est bien non???!!!!!

Et voici le HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:03, on 13/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 18 / 21
Andisa Messages postés 49 Statut Membre 13
 
Désactivation Windows Defender, reconnu comme "virus" par McAfee...

Andisa
0
Réponse 19 / 21
Andisa Messages postés 49 Statut Membre 13
 
Désactivation Windows Defender, reconnu comme "virus" par McAfee...

Andisa
0
Réponse 20 / 21
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

poste un nouveau hijack stp

windows defender n'est pas un virus, tu peux l'accepter si tu l'as installé !

++
0

Discussions similaires

Sécurité de l'URL
ghaouar -
fiddy -

2 réponses
comment lire un message masqué????
linx33 -
linx33 -

6 réponses
La nouvelle messagerie du Boncoin....
Utilisateur anonyme -
Madabatro -

69 réponses