Ordinateur presumé infecté... help needed
Résolu
Les Patrons
-
tribun Messages postés 73052 Date d'inscription Statut Membre Dernière intervention -
tribun Messages postés 73052 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai plein de bugs sur mon ordi, que je soupçonne d'être très fortement infecté.
J'ai lu qu'il serait preferable que je vous colle le rapport de hijack this afin que vous puissiez m'aider...
Je vous remercie par avance et voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:21:17, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Domino.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Eset\nod32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
J'ai plein de bugs sur mon ordi, que je soupçonne d'être très fortement infecté.
J'ai lu qu'il serait preferable que je vous colle le rapport de hijack this afin que vous puissiez m'aider...
Je vous remercie par avance et voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:21:17, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Domino.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Eset\nod32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
A voir également:
- Ordinateur presumé infecté... help needed
- Ordinateur qui rame - Guide
- Comment réinitialiser un ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Pad ordinateur bloqué - Guide
5 réponses
Bonjour
As-tu cherché une solution à tes problèmes
Si non = regarde dans ce lien
Et je pense que ton POST Hijackthis sera plus propre.
A+
http://www.commentcamarche.net/faq/sujet 3174 virus m thode pr liminaire de d sinfection version fr
As-tu cherché une solution à tes problèmes
Si non = regarde dans ce lien
Et je pense que ton POST Hijackthis sera plus propre.
A+
http://www.commentcamarche.net/faq/sujet 3174 virus m thode pr liminaire de d sinfection version fr
Salut,
fix :
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
va sur www.virustotal.com et envoie : C:\APPS\IE\offline\sp.htm
si c'est un virus fix ca alors :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
voilà dit moi le resultat de virus total je te dit la suite.
fix :
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
va sur www.virustotal.com et envoie : C:\APPS\IE\offline\sp.htm
si c'est un virus fix ca alors :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
voilà dit moi le resultat de virus total je te dit la suite.
Bonjour,
alors voila les scans ce que ca a donne :
Le rapport de bitdefender :
Statistics
Time
01:46:41
Files
371263
Folders
9265
Boot Sectors
5
Archives
7754
Packed Files
17357
Results
Identified Viruses
10
Infected Files
33
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
32
Engines Info
Virus Definitions
860256
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Detected with: Adware.Navipromo.BYZ
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Disinfection failed
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Deleted
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Infected with: Trojan.Generic.25658
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Disinfection failed
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Deleted
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Infected with: Trojan.Generic.25658
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Disinfection failed
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Deleted
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Infected with: DeepScan:Generic.Virtumod.8DD6A2F7
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll
Infected with: Trojan.Downloader.Agent.YPO
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Infected with: DeepScan:Generic.Virtumod.199508B9
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Infected with: DeepScan:Generic.Virtumod.199508B9
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Infected with: DeepScan:Generic.Virtumod.1B6A3021
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Infected with: DeepScan:Generic.Virtumod.99345FDF
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Infected with: DeepScan:Generic.Virtumod.99345FDF
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll
Infected with: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll
Infected with: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Detected with: Adware.Navipromo.BYZ
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Infected with: Trojan.Generic.25658
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Deleted
C:\WINDOWS\system32\awvvu.dll
Detected with: Adware.Virtumonde.GGX
C:\WINDOWS\system32\awvvu.dll
Disinfection failed
C:\WINDOWS\system32\awvvu.dll
Delete failed
C:\WINDOWS\system32\mlchmq.exe
Detected with: Adware.Navipromo.BYZ
C:\WINDOWS\system32\mlchmq.exe
Disinfection failed
C:\WINDOWS\system32\mlchmq.exe
Deleted
C:\WINDOWS\system32\ynmbgejcz.exe
Detected with: Adware.Navipromo.BYZ
C:\WINDOWS\system32\ynmbgejcz.exe
Disinfection failed
C:\WINDOWS\system32\ynmbgejcz.exe
Deleted
ET VOICI LE RAPPORT DE HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:00, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Domino.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
alors voila les scans ce que ca a donne :
Le rapport de bitdefender :
Statistics
Time
01:46:41
Files
371263
Folders
9265
Boot Sectors
5
Archives
7754
Packed Files
17357
Results
Identified Viruses
10
Infected Files
33
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
32
Engines Info
Virus Definitions
860256
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Detected with: Adware.Navipromo.BYZ
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Disinfection failed
C:\Documents and Settings\NiNa\Configuración local\Datos de programa\xalvfqzdve.exe
Deleted
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Infected with: Trojan.Generic.25658
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Disinfection failed
C:\Documents and Settings\NiNa\Datos de programa\VideoEgg\Updater\updater.exe
Deleted
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Infected with: Trojan.Generic.25658
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Disinfection failed
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)=>lzma_solid_nsis0013
Deleted
C:\Documents and Settings\NiNa\Escritorio\VideoEggPublisher.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067522.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067572.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Infected with: DeepScan:Generic.Virtumod.8DD6A2F7
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067667.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll
Infected with: Trojan.Downloader.Agent.YPO
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0067770.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Infected with: DeepScan:Generic.Virtumod.199508B9
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068770.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Infected with: DeepScan:Generic.Virtumod.199508B9
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP275\A0068878.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Infected with: DeepScan:Generic.Virtumod.1B6A3021
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068924.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Infected with: DeepScan:Generic.Virtumod.99345FDF
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0068947.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Infected with: DeepScan:Generic.Virtumod.99345FDF
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP276\A0069007.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll
Infected with: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069162.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll
Infected with: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP278\A0069443.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069593.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069661.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP279\A0069688.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0069741.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070787.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070807.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP280\A0070842.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0070998.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071098.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP281\A0071200.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP282\A0072097.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072154.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Detected with: Adware.Virtumonde.GGX
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072228.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Infected with: DeepScan:Generic.Virtumod.9DBF95A2
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP283\A0072240.dll
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Detected with: Adware.Navipromo.BYZ
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078058.exe
Deleted
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Infected with: Trojan.Generic.25658
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Disinfection failed
C:\System Volume Information\_restore{BA67144F-19FA-49BA-9708-71C2B7D8B069}\RP298\A0078059.exe
Deleted
C:\WINDOWS\system32\awvvu.dll
Detected with: Adware.Virtumonde.GGX
C:\WINDOWS\system32\awvvu.dll
Disinfection failed
C:\WINDOWS\system32\awvvu.dll
Delete failed
C:\WINDOWS\system32\mlchmq.exe
Detected with: Adware.Navipromo.BYZ
C:\WINDOWS\system32\mlchmq.exe
Disinfection failed
C:\WINDOWS\system32\mlchmq.exe
Deleted
C:\WINDOWS\system32\ynmbgejcz.exe
Detected with: Adware.Navipromo.BYZ
C:\WINDOWS\system32\ynmbgejcz.exe
Disinfection failed
C:\WINDOWS\system32\ynmbgejcz.exe
Deleted
ET VOICI LE RAPPORT DE HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:00, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Domino.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYES
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\NiNa\Mis documentos\telecharger programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://youandherbalife.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004C71D.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NTRconnect (ntrconnect) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Archivos de programa\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\ARCHIV~1\COMMON~1\X10\Common\x10nets.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
