PopUp intempestifs Sécurité IE avec Vista

Résolu
Andisa Messages postés 49 Statut Membre -  
Andisa Messages postés 49 Statut Membre -
Bonjour,

J'ai posté ce message dans la section "Windows" mais sur les conseils d'un forumeur, je me permets dans créer un ici.

Voici mon problème: depuis que j'ai accepté la mise à jour de Vista, il y a maintenant 2 jours, je me retrouve avec des fenêtres de Sécurité Internet Explorer même lorsque je lance IE, qui me dit ceci:

Sur un fond orangé/jaune: Un site web veut ouvrir un contenu Web en utilisant ce programme sur votre ordinateur

Puis le corps du message: Ce programme sera ouvert en dehors du mode protégé. Le mode protégé de Ie vous aide à protéger votre ordi; Si vous ne faites pas confiance à ce site Web, n'ouvrez pas ce programme. (Pour le lancement d'IE, c'est un comble!!!)

Non: Processus hôte Windows (rundll32)
Editeur: Microsoft Windows
Détails: "C:\windows\system32\gzmrotate.dll" DllVerify

J'ai aussi une case qui me permettrait de ne plus afficher d'avertissement pour ce programme mais elle n'est pas active!

Donc soit j'autorise et je peux aller sur internet soit je refuse et je ne peux pas, simple....

Après 1 heure avec la hot-line de McAfee = no solution. Ils m'ont conseillé des utilitaires Spywae a passer en plus...

J'ai fait passer Spybot et SUPERAntiSpyware Professional qui m'ont retiré quelques petites choses mais ces fenêtres sont toujours là...

Une idée car j'en ai marre de cliquer et surtout, je voudrai comprendre d'où cela vient..? Virus or not virus??? That's my question! ;))

Merci de votre aide!

Andisa
Configuration: Windows Vista
Internet Explorer 7.0

21 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++

    0
  2. Andisa Messages postés 49 Statut Membre 13
     
    Bonsoir green day,

    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:33:51, on 12/10/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ok, le message d'erreur est une bébéttes !

    fais ce qui est indiqué ici stp :

    virus methode preliminaire de desinfection version fr

    ++

    0
  4. Andisa Messages postés 49 Statut Membre 13
     
    Pendant que ça scanne, peux-tu me dire de quelle bêbête il s'agit?

    Merci

    Andisa
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    il s'agit de l'adware AdRotator/IconAds associé au fichier.dll suivant : gzmrotate.dll selon castelcops

    il y a aussi pas ma de fichiers suspects dans les fichiers temps !

    ++
    0
  7. Andisa Messages postés 49 Statut Membre 13
     
    AdRotator a été supprimer hier via SuperAntiSpyware pro

    Je viens de désactivier la protection sécurité internet de windows qui ne sert pas à grand chose faut bien le dire... Et je n'ai plus de pop up... Mais je continue les scans pour avoir ton avis final.

    Merci!

    Andisa
    0
  8. Andisa Messages postés 49 Statut Membre 13
     
    Voici le rapport AVG Anti-spyware:

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:14:10 12/10/2007

    + Résultat de l'analyse:

    C:\Users\Jean-Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\jean-pierre@com[1].txt -> TrackingCookie.Com : Aucune action entreprise.

    Fin du rapport

    Andisa
    0
  9. Andisa Messages postés 49 Statut Membre 13
     
    BitDefender ne peut pas checker mon PC mais ne dit pas pourquoi.....

    Andisa
    0
  10. Andisa Messages postés 49 Statut Membre 13
     
    Et voici le dernier scan HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:25:04, on 12/10/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\livecall.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\Temp\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Windows\Temp\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, pas grave ... ça doit être le reste de la bénétte ...

    petite verif :

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt

    ++
    0
  12. Andisa Messages postés 49 Statut Membre 13
     
    Et voici le rapport (très long...) de ComboFix:

    ComboFix 07-10-12.4 - Isabelle 2007-10-12 23:44:02.1 - NTFSx86 NETWORK
    Microsoft© Windows VistaT dition Familiale Premium 6.0.6000.0.1252.1.1036.18.1660 [GMT 2:00]
    Running from: C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBF1ACNT\ComboFix[1].exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-12 23:35 51,200 --a------ C:\Windows\NirCmd.exe
    2007-10-12 23:17 <REP> d-------- C:\Windows\BDOSCAN8
    2007-10-12 22:29 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Grisoft
    2007-10-12 22:29 <REP> d-------- C:\Users\All Users\Grisoft
    2007-10-12 22:29 <REP> d-------- C:\ProgramData\Grisoft
    2007-10-12 22:29 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2007-10-12 22:17 <REP> d-------- C:\Program Files\CCleaner
    2007-10-12 21:31 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-11 21:37 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\SUPERAntiSpyware.com
    2007-10-11 21:37 <REP> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2007-10-11 21:37 <REP> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2007-10-11 21:37 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-11 21:36 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-11 19:48 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2007-10-11 19:48 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2007-10-09 18:08 <REP> d-------- C:\Multimedia Files
    2007-10-06 23:30 <REP> d-------- C:\Program Files\MSN Messenger
    2007-10-06 23:03 27,620 --a------ C:\Users\Isabelle\AppData\Roaming\nvModes.dat
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Videos
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Searches
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Saved Games
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Pictures
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Music
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Links
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Downloads
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Documents
    2007-10-06 22:55 <REP> dr------- C:\Users\Isabelle\Contacts
    2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\Bluetooth Software
    2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Roxio
    2007-10-06 22:55 <REP> d-------- C:\Users\Isabelle\AppData\Roaming\Media Center Programs
    2007-10-06 22:55 <REP> d--h----- C:\Users\Isabelle\AppData\Roaming\GTek
    2007-10-06 22:55 <REP> d--h----- C:\Users\Isabelle\AppData
    2007-10-06 22:54 27,905 --a------ C:\Users\Jean-Pierre\AppData\Roaming\nvModes.dat
    2007-09-21 12:53 <REP> d-------- C:\Windows\PCHEALTH
    2007-09-21 12:53 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-09-21 12:48 <REP> dr-h----- C:\MSOCache
    2007-09-21 12:32 619,008 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
    2007-09-21 12:32 70,144 --a------ C:\Windows\System32\drivers\pacer.sys
    2007-09-21 12:32 61,952 --a------ C:\Windows\System32\drivers\wanarp.sys
    2007-09-21 12:32 48,640 --a------ C:\Windows\System32\drivers\ndproxy.sys
    2007-09-21 12:32 20,480 --a------ C:\Windows\System32\drivers\ndistapi.sys
    2007-09-21 12:29 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
    2007-09-21 12:29 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
    2007-09-21 12:29 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
    2007-09-21 12:27 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
    2007-09-21 12:23 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 19:35 5,863,960 ----a-w C:\Users\Isabelle\SUPERAntiSpywarePro.exe
    2007-10-11 19:26 904,048 ----a-w C:\Users\Isabelle\fsbl.exe
    2007-10-11 17:28 --------- d-----w C:\Program Files\McAfee
    2007-10-10 16:26 --------- d-----w C:\Program Files\Windows Mail
    2007-10-07 11:45 45,240 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2007-10-07 11:45 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2007-10-07 11:45 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-10-07 11:45 21,688 ----a-w C:\Windows\system32\drivers\atapi.sys
    2007-10-07 11:45 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2007-10-07 11:45 16,056 ----a-w C:\Windows\system32\drivers\pciide.sys
    2007-10-07 11:45 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2007-10-07 11:45 110,264 ----a-w C:\Windows\system32\drivers\ataport.sys
    2007-10-07 11:45 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
    2007-09-21 10:37 174 --sha-w C:\Program Files\desktop.ini
    2007-09-21 10:34 --------- d-----w C:\Program Files\Windows Calendar
    2007-09-21 10:10 --------- d--h--w C:\Users\Jean-Pierre\AppData\Roaming\GTek
    2007-09-04 09:34 --------- d-----w C:\Users\Jean-Pierre\AppData\Roaming\Roxio
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Modèles
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Favoris
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Documents
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Bureau
    2007-09-04 09:31 --------- d-sh--w C:\ProgramData\Application Data
    2007-09-04 09:31 --------- d-sh--w C:\Program Files\Fichiers communs
    2007-08-28 23:51 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
    2007-08-28 23:51 --------- d-----w C:\Program Files\DellTPad
    2007-08-28 23:50 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2007-08-28 23:50 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2007-08-28 23:50 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
    2007-08-28 23:50 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2007-08-28 23:50 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
    2007-08-28 23:50 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
    2007-08-28 23:50 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2007-08-28 23:50 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2007-08-28 23:50 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
    2007-08-28 23:50 --------- d-----w C:\Program Files\Windows Defender
    2007-08-28 23:49 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys
    2007-08-28 23:49 60,928 ----a-w C:\Windows\system32\drivers\raspptp.sys
    2007-08-28 23:49 51,896 ----a-w C:\Windows\system32\drivers\partmgr.sys
    2007-08-28 23:49 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
    2007-08-28 23:49 25,784 ------w C:\Windows\system32\drivers\msahci.sys
    2007-08-28 23:49 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
    2007-08-28 23:49 20,152 ------w C:\Windows\system32\drivers\viaide.sys
    2007-08-28 23:49 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
    2007-08-28 23:49 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
    2007-08-28 23:49 18,104 ------w C:\Windows\system32\drivers\amdide.sys
    2007-08-28 23:49 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
    2007-08-28 23:49 17,592 ------w C:\Windows\system32\drivers\aliide.sys
    2007-08-28 23:48 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
    2007-08-28 23:48 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
    2007-08-28 23:48 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
    2007-08-28 23:48 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
    2007-08-28 23:48 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
    2007-08-28 23:48 50,792 ----a-w C:\Windows\system32\drivers\termdd.sys
    2007-08-28 23:48 50,280 ----a-w C:\Windows\system32\drivers\volmgr.sys
    2007-08-28 23:48 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
    2007-08-28 23:48 28,776 ----a-w C:\Windows\system32\drivers\mssmbios.sys
    2007-08-28 23:48 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
    2007-08-28 23:48 140,392 ----a-w C:\Windows\system32\drivers\pci.sys
    2007-08-28 23:48 13,928 ----a-w C:\Windows\system32\drivers\msisadrv.sys
    2007-08-28 23:48 12,776 ----a-w C:\Windows\system32\drivers\swenum.sys
    2007-08-28 23:48 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
    2007-08-28 23:44 4,875 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk
    2007-08-28 16:29 --------- d-----w C:\ProgramData\Roxio
    2007-08-28 16:26 --------- d-----w C:\Program Files\Orange
    2007-08-28 16:26 --------- d-----w C:\Program Files\MAKEMSI Package Documentation
    2007-08-28 16:26 --------- d-----w C:\Program Files\Dell
    2007-08-28 16:25 --------- d-----w C:\ProgramData\SupportSoft
    2007-08-28 16:25 --------- d-----w C:\Program Files\Google
    2007-08-28 16:25 --------- d-----w C:\Program Files\Dell Support Center
    2007-08-28 16:25 --------- d-----w C:\Program Files\Common Files\supportsoft
    2007-08-28 16:25 --------- d-----w C:\Program Files\BAE
    2007-08-28 16:24 --------- d-----w C:\ProgramData\Gtek
    2007-08-28 16:24 --------- d-----w C:\Program Files\DellSupport
    2007-08-28 16:23 --------- d-----w C:\ProgramData\Dell
    2007-08-28 16:23 --------- d-----w C:\ProgramData\CyberLink
    2007-08-28 16:23 --------- d-----w C:\Program Files\CyberLink
    2007-08-28 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-08-28 16:22 --------- d-----w C:\ProgramData\McAfee
    2007-08-28 16:21 --------- d-----w C:\Program Files\McAfee.com
    2007-08-28 16:21 --------- d-----w C:\Program Files\Common Files\McAfee
    2007-08-28 16:19 --------- d-----w C:\Program Files\Roxio
    2007-08-28 16:19 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-08-28 16:18 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-08-28 16:17 --------- d-----w C:\ProgramData\Sonic
    2007-08-28 16:17 --------- d-----w C:\ProgramData\InstallShield
    2007-08-28 16:17 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2007-08-28 16:17 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2007-08-28 16:15 --------- d-----w C:\Program Files\Microsoft Works
    2007-08-28 16:15 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-08-28 16:13 --------- d-----w C:\Program Files\WIDCOMM
    2007-08-28 16:12 --------- d-----w C:\Program Files\Creative Live! Cam
    2007-08-28 16:12 --------- d-----w C:\Program Files\Creative
    2007-08-28 16:12 --------- d-----w C:\Program Files\Common Files\Reallusion
    2007-08-28 16:12 --------- d-----w C:\Program Files\Common Files\Creative
    2007-08-28 16:11 --------- d-----w C:\Program Files\Digital Line Detect
    2007-08-28 16:11 --------- d-----w C:\Program Files\Broadcom
    2007-08-28 16:10 --------- d-----w C:\Program Files\NetWaiting
    2007-08-28 16:10 --------- d-----w C:\Program Files\Modem Diagnostic Tool
    2007-08-28 16:07 --------- d-----w C:\Program Files\SigmaTel
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
    2007-10-10 12:24 63488 --a------ C:\Windows\system32\gzmrotate.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 01:50]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 05:31]
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-02-02 11:00]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 08:54]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 08:53]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 08:54]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 08:54]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-28 18:06]
    "SigmatelSysTrayApp"="sttray.exe" [2007-03-06 22:37 C:\Windows\sttray.exe]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 12:50]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 18:25]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]
    "hid_start"="C:\Windows\system32\gzmrotate.dll" [2007-10-10 12:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 20:08]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1.SH!

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-28 18:11:01]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-28 18:10:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys
    S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
    S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
    S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys
    S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
    S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
    S3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
    S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys
    S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    *Newly Created Service* - AVGASCLN
    *Newly Created Service* - CATCHME
    *Newly Created Service* - ECACHE
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-08-28 16:29:18 C:\Windows\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-08-28 16:29:18 C:\Windows\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-10-12 21:19:08 C:\Windows\Tasks\User_Feed_Synchronization-{B9783D14-3EC4-4163-B3C8-D03CDF735B8A}.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-12 23:45:33
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-12 23:45:54
    .
    --- E O F ---

    J'suis clean maintenant? ;))

    Andisa
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, je regarde, et te donne la suite demain !

    je dois y aller


    @+

    ;-)
    0
  14. Andisa Messages postés 49 Statut Membre 13
     
    Merci Docteur!!!

    A demain!

    Andisa
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, poste un nouveau jijack stp

    ++
    0
  16. Andisa Messages postés 49 Statut Membre 13
     
    Bonjour,

    Voici le dernier scan:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:48:48, on 13/10/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  18. Andisa Messages postés 49 Statut Membre 13
     
    Bon, un petit peu tard et en même temps (enfin presque!) que le coup d'envoi de la 1/2 finale, voici le rapport SDFix:

    catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-13 20:38:51
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f3e0f3]
    "001247977094"=hex:31,38,0b,7e,55,31,8e,e4,e0,80,07,06,74,c7,20,41
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26f3e0f3]
    "001247977094"=hex:31,38,0b,7e,55,31,8e,e4,e0,80,07,06,74,c7,20,41

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    C'est bien non???!!!!!

    Et voici le HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:47:03, on 13/10/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\livecall.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\Windows\system32\gzmrotate.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Isabelle\AppData\Local\Temp\GOOGLE~1\{9C0DF~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F05A~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46E891~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46E88C~3.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46C392~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EKHRDM66\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46B8D8~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46D65D~2.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OLQ01422\46F054~2.SH! C:\Users\Isabelle\AppData\Local\Temp\ONLINE~1.SH! C:\Users\Isabelle\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\967IPK2J\MYMSN_~1
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Windows\Temp\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  19. Andisa Messages postés 49 Statut Membre 13
     
    Désactivation Windows Defender, reconnu comme "virus" par McAfee...

    Andisa
    0
  20. Andisa Messages postés 49 Statut Membre 13
     
    Désactivation Windows Defender, reconnu comme "virus" par McAfee...

    Andisa
    0
  21. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    poste un nouveau hijack stp

    windows defender n'est pas un virus, tu peux l'accepter si tu l'as installé !

    ++
    0
  • 1
  • 2