Sujet Précédent Sujet Suivant

Pc lent besoin d'aide (rapport Hijack)

Résolu
Yannuss Messages postés 1 Statut Membre -  
lordyannuss Messages postés 42 Statut Membre -
Bonjour,
Mon pc est devenu progressivement très lent, je pense bien sur à une infection mais à confirmer;
Je poste mon rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 14:24:07, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
I:\mes documents 2 (gros)\downloads\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000351
(file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Sur ce, merci d'avance !
A voir également:

11 réponses

Réponse 1 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
Personne pour répondre? svp!
1
Réponse 2 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

je confirme ! infection

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

++
0
Réponse 3 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
Merci pour ta réponse rapide!
voilà le rapport Sd Fix:

SDFix: Version 1.117

Run by Aur‚lie on 08/12/2007 at 16:06

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\AURLIE~1\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

Path:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000351

Client IP-IPX - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\484429~1 - Deleted
C:\WINDOWS\system32\CatRoot\TMP21.tmp - Deleted
C:\WINDOWS\system32\CatRoot\TMP4.tmp - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe - Deleted

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\dawn of war\\W40k.exe"="D:\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe:*:Enabled:Civilization3"
"C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"="C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3Xd"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Downloads\\tnet_fr\\TetriNET fr.exe"="C:\\Downloads\\tnet_fr\\TetriNET fr.exe:*:Enabled:TetriNET fr"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Team17\\Worms 2\\Frontend.exe"="C:\\Program Files\\Team17\\Worms 2\\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Aurélie\\Local Settings\\Temporary Internet Files\\Content.IE5\\EF2RKNST\\CabalTemp\\ESTdnheadless.exe"="C:\\Documents and Settings\\Aurélie\\Local Settings\\Temporary Internet Files\\Content.IE5\\EF2RKNST\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\\Documents and Settings\\Aurélie\\Bureau\\WoW-2.0.0-frfr-Installer.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\WoW-2.0.0-frfr-Installer.exe:*:Enabled:Blizzard Downloader"
"C:\\Jeux\\DoD Lan\\hl.exe"="C:\\Jeux\\DoD Lan\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Jeux\\Halh-life LAN\\hl.exe"="C:\\Jeux\\Halh-life LAN\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Freeciv-1.14.0\\civserver.exe"="C:\\Program Files\\Freeciv-1.14.0\\civserver.exe:*:Enabled:civserver"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe:*:Enabled:Maple 11"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\WINDOWS\\temp\\~os2.tmp\\ossproxy.exe"="C:\\WINDOWS\\temp\\~os2.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\WINDOWS\\system32\\rlvknlg.exe"="C:\\WINDOWS\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\AURLIE~1\Bureau\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\Aur‚lie\Bureau\SDFix\dummy.exe
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc32\dummy.exe
C:\Documents and Settings\Aur‚lie\Bureau\SDFix\dummy.sys
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc32\dummy.sys
C:\Documents and Settings\Aur‚lie\Bureau\boulot\100_FUJI\SIV12.tmp

Finished

Et le nouveau rapport Hijack...

Logfile of HijackThis v1.99.1
Scan saved at 16:21:50, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
I:\mes documents 2 (gros)\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Merci beaucoup!
0
Réponse 4 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
Excuse moi si j'ai mis tant de temps à revenir ^^

voilà le rapport combofix:

ComboFix 07-12-08.1 - Aurélie 2007-12-08 17:45:02.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.364 [GMT 1:00]
Running from: C:\Documents and Settings\Aurélie\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\nfo
C:\Documents and Settings\All Users\Application Data.\nfo\arch\1001.dfn
C:\Documents and Settings\All Users\Application Data.\nfo\keys.dat
C:\Documents and Settings\All Users\Application Data.\nfo\mon0104.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon0106.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0315.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0412.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0504.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0904.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1125.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1215.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon1909.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1920.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon2007.dbd
C:\Documents and Settings\All Users\Application Data.\vidmon
C:\Documents and Settings\All Users\Application Data.\vidmon\vidmon.inf
C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com
C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp
C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\lswmv.ini
C:\Program Files\Fichiers communs\uninstall information
C:\Program Files\inetget2
C:\Program Files\vsadd-in
C:\Program Files\webhancer
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\nfomon\License.txt
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\vidmon

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 16:05 . 2007-12-08 16:05 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-04 16:39 . 2007-12-04 16:39 <REP> d-------- C:\WINDOWS\ftpcache
2007-12-04 16:39 . 2007-12-04 16:39 <REP> d-------- C:\Program Files\HbTools_Icons
2007-12-04 16:39 . 2003-04-01 09:17 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
2007-12-04 16:39 . 2003-04-01 09:21 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
2007-12-04 16:39 . 2003-04-01 09:18 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\twyhxim.exe
2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\rdmj.exe
2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\njnobeb.exe
2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\juac.exe
2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\dpwkyifu.exe
2007-12-04 16:39 . 2006-04-05 17:29 192 --a------ C:\persist.dbs
2007-12-02 17:53 . 2007-12-02 17:53 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-02 17:53 . 2007-12-08 16:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-02 17:53 . 2007-12-08 17:49 4,745,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 17:53 . 2007-12-02 18:11 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-02 17:53 . 2007-12-02 18:11 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-02 17:53 . 2007-12-08 17:41 66,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 17:53 . 2007-12-08 17:41 28,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-02 17:53 . 2007-12-08 17:41 4,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-02 16:20 . 2007-12-02 16:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-01 15:26 . 2007-12-01 15:26 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-01 15:17 . 2007-08-20 10:59 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-01 15:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-01 15:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-01 15:17 . 2007-08-20 10:59 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-01 15:17 . 2007-08-20 10:59 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-01 15:17 . 2007-08-20 10:59 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-01 15:17 . 2007-08-20 10:59 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-01 15:17 . 2007-08-20 10:59 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-01 15:17 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-01 12:26 . 2007-12-01 12:26 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-11-30 09:00 . 2007-11-30 09:00 712,704 --a------ C:\WINDOWS\system32\rlph.dll
2007-11-29 22:21 . 2007-12-08 14:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-29 22:21 . 2007-11-29 22:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-24 18:30 . 2007-11-24 18:30 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-24 15:06 . 2007-12-02 20:21 <REP> d-------- C:\Program Files\OneStepSearch
2007-11-24 11:28 . 2007-11-24 11:28 268 --ah----- C:\sqmdata16.sqm
2007-11-24 11:28 . 2007-11-24 11:28 244 --ah----- C:\sqmnoopt16.sqm
2007-11-21 18:47 . 2007-11-21 18:47 268 --ah----- C:\sqmdata15.sqm
2007-11-21 18:47 . 2007-11-21 18:47 244 --ah----- C:\sqmnoopt15.sqm
2007-11-17 12:55 . 2007-11-17 12:55 268 --ah----- C:\sqmdata14.sqm
2007-11-17 12:55 . 2007-11-17 12:55 244 --ah----- C:\sqmnoopt14.sqm
2007-11-14 15:07 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-11-14 15:07 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-11-14 15:07 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2007-11-14 15:07 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2007-11-14 15:07 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-11-14 14:03 . 2007-11-14 15:07 <REP> d-------- C:\Program Files\UBISOFT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 12:11 --------- d-----w C:\Program Files\Hachette
2007-12-02 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 20:42 --------- d-----w C:\Program Files\Samsung
2007-12-01 17:01 --------- d-----w C:\Program Files\Warcraft III
2007-11-06 18:52 --------- d-----w C:\Program Files\mIRC
2007-10-27 19:30 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-27 19:30 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-27 19:30 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-27 19:30 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-27 19:25 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-27 19:25 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-27 19:25 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-10-13 11:46 --------- d-----w C:\Program Files\MIKSOFT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 13:17]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
"Steam"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 22:57]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-22 19:17]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-14 17:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-07 16:30]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"vidmon"="C:\WINDOWS\system32\vidmon\vidmon.exe" []
"I downloaded pirated Software from P2P "="C:\WINDOWS\system32\[u]0[/u]106.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54]
"ctpmon"="ctpmon.exe" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0982322-2A6C-4022-92F1-C7CB9F86DCC8}"= C:\WINDOWS\system32\vtussrr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\systu2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AudioDeck.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AudioDeck.lnk
backup=C:\WINDOWS\pss\AudioDeck.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-03 21:10 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 23:54 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-03 21:05 32881 --a------ C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{896ca478-b962-11db-8e7e-0011096048dc}]
\Shell\AutoRun\command - E:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-11 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\user32.exe
"2007-11-11 16:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\dr.exe
"2007-11-11 13:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\dr.exe
"2007-11-11 19:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\patcher.exe
"2005-04-13 13:06:53 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1113397553.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-11-06 17:51:55 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1123059668.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-12-01 23:31:00 C:\WINDOWS\Tasks\WebReg 20070802003116.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070802003116 /N
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\oghpedet.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 17:49:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 17:51:10 - machine was rebooted
C:\ComboFix2.txt ... 2007-02-14 22:42
.
--- E O F ---
0
Réponse 6 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

pas de soucis !

poste un nouveau hijack stp

++
0
Réponse 7 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
Voilà un nouvel Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 16:21:32, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
I:\mes documents 2 (gros)\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 8 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

fais ce qui est indiqué ici et précise l'évolution de la situation stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

@+
0
Réponse 9 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
Mon pb est reglé, merci beaucoup;

Bonne année!

# Je peux pas mettre résolu, j'ai fait 2 comptes sur ce site je sais pas trop comment, j'en suis désolé, si un modérateur passe par là, merci de mettre résolu ou de clore le sujet#
0
Réponse 10 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Bonne année à toi aussi ! :-)

si tu pouvais préciser en quelques lignes comment tu as procédé ! merci !

@+

PS : ayé ! c'est noté comme résolu
0
Réponse 11 / 11
lordyannuss Messages postés 42 Statut Membre 1
 
J'ai suivi le tuto pour première infection et pc lent, ça m'a grandement améliorié la vitesse du pc et après j'ai refait différent scan (vundo, combo...) et j'ai fini par un scan online pour m'assurer de la bonne santé du pc! voilà ;)
0