Pc lent besoin d'aide (rapport Hijack)

Résolu
Yannuss Messages postés 1 Statut Membre -  
lordyannuss Messages postés 41 Date d'inscription   Statut Membre -
Bonjour,
Mon pc est devenu progressivement très lent, je pense bien sur à une infection mais à confirmer;
Je poste mon rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 14:24:07, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
I:\mes documents 2 (gros)\downloads\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000351
(file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Sur ce, merci d'avance !
Configuration: Windows XP
Firefox 2.0.0.11

11 réponses

  1. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    Personne pour répondre? svp!
    1
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    je confirme ! infection

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  3. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    Merci pour ta réponse rapide!
    voilà le rapport Sd Fix:

    SDFix: Version 1.117

    Run by Aur‚lie on 08/12/2007 at 16:06

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\AURLIE~1\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Name:
    Client IP-IPX

    Path:
    "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000351

    Client IP-IPX - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\484429~1 - Deleted
    C:\WINDOWS\system32\CatRoot\TMP21.tmp - Deleted
    C:\WINDOWS\system32\CatRoot\TMP4.tmp - Deleted
    C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M1009NetInstaller.exe - Deleted

    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\dawn of war\\W40k.exe"="D:\\dawn of war\\W40k.exe:*:Enabled:W40K"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe:*:Enabled:W40K"
    "C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
    "C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe:*:Enabled:Civilization3"
    "C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"
    "C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"="C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3Xd"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe:*:Enabled:W40K"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Downloads\\tnet_fr\\TetriNET fr.exe"="C:\\Downloads\\tnet_fr\\TetriNET fr.exe:*:Enabled:TetriNET fr"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Team17\\Worms 2\\Frontend.exe"="C:\\Program Files\\Team17\\Worms 2\\Frontend.exe:*:Enabled:Worms 2 Frontend"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Documents and Settings\\Aurélie\\Local Settings\\Temporary Internet Files\\Content.IE5\\EF2RKNST\\CabalTemp\\ESTdnheadless.exe"="C:\\Documents and Settings\\Aurélie\\Local Settings\\Temporary Internet Files\\Content.IE5\\EF2RKNST\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
    "C:\\Documents and Settings\\Aurélie\\Bureau\\WoW-2.0.0-frfr-Installer.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\WoW-2.0.0-frfr-Installer.exe:*:Enabled:Blizzard Downloader"
    "C:\\Jeux\\DoD Lan\\hl.exe"="C:\\Jeux\\DoD Lan\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Jeux\\Halh-life LAN\\hl.exe"="C:\\Jeux\\Halh-life LAN\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\Program Files\\Freeciv-1.14.0\\civserver.exe"="C:\\Program Files\\Freeciv-1.14.0\\civserver.exe:*:Enabled:civserver"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe:*:Enabled:Maple 11"
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
    "C:\\WINDOWS\\temp\\~os2.tmp\\ossproxy.exe"="C:\\WINDOWS\\temp\\~os2.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "C:\\WINDOWS\\system32\\rlvknlg.exe"="C:\\WINDOWS\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\AURLIE~1\Bureau\SDFix\backups\backups.zip

    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Aur‚lie\Bureau\SDFix\dummy.exe
    C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc32\dummy.exe
    C:\Documents and Settings\Aur‚lie\Bureau\SDFix\dummy.sys
    C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc32\dummy.sys
    C:\Documents and Settings\Aur‚lie\Bureau\boulot\100_FUJI\SIV12.tmp

    Finished

    Et le nouveau rapport Hijack...

    Logfile of HijackThis v1.99.1
    Scan saved at 16:21:50, on 08/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\dwwin.exe
    I:\mes documents 2 (gros)\downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Merci beaucoup!
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    Excuse moi si j'ai mis tant de temps à revenir ^^

    voilà le rapport combofix:

    ComboFix 07-12-08.1 - Aurélie 2007-12-08 17:45:02.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.364 [GMT 1:00]
    Running from: C:\Documents and Settings\Aurélie\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\nfo
    C:\Documents and Settings\All Users\Application Data.\nfo\arch\1001.dfn
    C:\Documents and Settings\All Users\Application Data.\nfo\keys.dat
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0104.dbd
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0106.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0204.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0315.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0412.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0504.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon0904.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon1125.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon1204.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon1215.dbd
    C:\Documents and Settings\All Users\Application Data.\nfo\mon1909.ddx
    C:\Documents and Settings\All Users\Application Data.\nfo\mon1920.dbd
    C:\Documents and Settings\All Users\Application Data.\nfo\mon2007.dbd
    C:\Documents and Settings\All Users\Application Data.\vidmon
    C:\Documents and Settings\All Users\Application Data.\vidmon\vidmon.inf
    C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com
    C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com\played_list.sol
    C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\#SharedObjects\QS6FBR9C\www.broadcaster.com\video_queue.sol
    C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Aurélie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp
    C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
    C:\Documents and Settings\Aurélie\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
    C:\lswmv.ini
    C:\Program Files\Fichiers communs\uninstall information
    C:\Program Files\inetget2
    C:\Program Files\vsadd-in
    C:\Program Files\webhancer
    C:\WINDOWS\system32\ldpackage.dll
    C:\WINDOWS\system32\model.dat
    C:\WINDOWS\system32\nfomon
    C:\WINDOWS\system32\nfomon\License.txt
    C:\WINDOWS\system32\rlls.dll
    C:\WINDOWS\system32\rlxf.dll
    C:\WINDOWS\system32\silc_dll.dll
    C:\WINDOWS\system32\vidmon

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-08 16:05 . 2007-12-08 16:05 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-04 16:39 . 2007-12-04 16:39 <REP> d-------- C:\WINDOWS\ftpcache
    2007-12-04 16:39 . 2007-12-04 16:39 <REP> d-------- C:\Program Files\HbTools_Icons
    2007-12-04 16:39 . 2003-04-01 09:17 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
    2007-12-04 16:39 . 2003-04-01 09:21 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
    2007-12-04 16:39 . 2003-04-01 09:18 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
    2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\twyhxim.exe
    2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\rdmj.exe
    2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\njnobeb.exe
    2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\juac.exe
    2007-12-04 16:39 . 2007-02-11 22:00 1,024 --a------ C:\dpwkyifu.exe
    2007-12-04 16:39 . 2006-04-05 17:29 192 --a------ C:\persist.dbs
    2007-12-02 17:53 . 2007-12-02 17:53 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-12-02 17:53 . 2007-12-08 16:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-02 17:53 . 2007-12-08 17:49 4,745,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-02 17:53 . 2007-12-02 18:11 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-02 17:53 . 2007-12-02 18:11 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-02 17:53 . 2007-12-08 17:41 66,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-02 17:53 . 2007-12-08 17:41 28,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-02 17:53 . 2007-12-08 17:41 4,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-12-02 16:20 . 2007-12-02 16:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-01 15:26 . 2007-12-01 15:26 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-12-01 15:17 . 2007-08-20 10:59 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-01 15:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-01 15:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-01 15:17 . 2007-08-20 10:59 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-01 15:17 . 2007-08-20 10:59 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-01 15:17 . 2007-08-20 10:59 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-01 15:17 . 2007-08-20 10:59 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-01 15:17 . 2007-08-20 10:59 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-01 15:17 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-01 12:26 . 2007-12-01 12:26 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
    2007-11-30 09:00 . 2007-11-30 09:00 712,704 --a------ C:\WINDOWS\system32\rlph.dll
    2007-11-29 22:21 . 2007-12-08 14:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-29 22:21 . 2007-11-29 22:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-24 18:30 . 2007-11-24 18:30 8,464 --a------ C:\WINDOWS\system32\sporder.dll
    2007-11-24 15:06 . 2007-12-02 20:21 <REP> d-------- C:\Program Files\OneStepSearch
    2007-11-24 11:28 . 2007-11-24 11:28 268 --ah----- C:\sqmdata16.sqm
    2007-11-24 11:28 . 2007-11-24 11:28 244 --ah----- C:\sqmnoopt16.sqm
    2007-11-21 18:47 . 2007-11-21 18:47 268 --ah----- C:\sqmdata15.sqm
    2007-11-21 18:47 . 2007-11-21 18:47 244 --ah----- C:\sqmnoopt15.sqm
    2007-11-17 12:55 . 2007-11-17 12:55 268 --ah----- C:\sqmdata14.sqm
    2007-11-17 12:55 . 2007-11-17 12:55 244 --ah----- C:\sqmnoopt14.sqm
    2007-11-14 15:07 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
    2007-11-14 15:07 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
    2007-11-14 15:07 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
    2007-11-14 15:07 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
    2007-11-14 15:07 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
    2007-11-14 14:03 . 2007-11-14 15:07 <REP> d-------- C:\Program Files\UBISOFT

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-08 12:11 --------- d-----w C:\Program Files\Hachette
    2007-12-02 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-02 20:42 --------- d-----w C:\Program Files\Samsung
    2007-12-01 17:01 --------- d-----w C:\Program Files\Warcraft III
    2007-11-06 18:52 --------- d-----w C:\Program Files\mIRC
    2007-10-27 19:30 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-10-27 19:30 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2007-10-27 19:30 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-10-27 19:30 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-10-27 19:25 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2007-10-27 19:25 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2007-10-27 19:25 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2007-10-13 11:46 --------- d-----w C:\Program Files\MIKSOFT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 13:17]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
    "Steam"="" []
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 22:57]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-22 19:17]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" []
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-14 17:25]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-07 16:30]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
    "vidmon"="C:\WINDOWS\system32\vidmon\vidmon.exe" []
    "I downloaded pirated Software from P2P "="C:\WINDOWS\system32\[u]0[/u]106.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54]
    "ctpmon"="ctpmon.exe" []

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C0982322-2A6C-4022-92F1-C7CB9F86DCC8}"= C:\WINDOWS\system32\vtussrr.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\WINDOWS\system32\systu2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AudioDeck.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AudioDeck.lnk
    backup=C:\WINDOWS\pss\AudioDeck.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2004-08-03 21:10 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2004-08-03 23:54 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2004-06-03 21:05 32881 --a------ C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{896ca478-b962-11db-8e7e-0011096048dc}]
    \Shell\AutoRun\command - E:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-08-11 07:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\user32.exe
    "2007-11-11 16:00:00 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\dr.exe
    "2007-11-11 13:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\dr.exe
    "2007-11-11 19:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\patcher.exe
    "2005-04-13 13:06:53 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1113397553.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2005-11-06 17:51:55 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1123059668.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2007-12-01 23:31:00 C:\WINDOWS\Tasks\WebReg 20070802003116.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070802003116 /N
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\oghpedet.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-08 17:49:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-08 17:51:10 - machine was rebooted
    C:\ComboFix2.txt ... 2007-02-14 22:42
    .
    --- E O F ---
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    pas de soucis !

    poste un nouveau hijack stp

    ++
    0
  8. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    Voilà un nouvel Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:21:32, on 22/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    I:\mes documents 2 (gros)\downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais ce qui est indiqué ici et précise l'évolution de la situation stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    @+
    0
  10. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    Mon pb est reglé, merci beaucoup;

    Bonne année!

    # Je peux pas mettre résolu, j'ai fait 2 comptes sur ce site je sais pas trop comment, j'en suis désolé, si un modérateur passe par là, merci de mettre résolu ou de clore le sujet#
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Bonne année à toi aussi ! :-)

    si tu pouvais préciser en quelques lignes comment tu as procédé ! merci !

    @+

    PS : ayé ! c'est noté comme résolu
    0
  12. lordyannuss Messages postés 41 Date d'inscription   Statut Membre 1
     
    J'ai suivi le tuto pour première infection et pc lent, ça m'a grandement améliorié la vitesse du pc et après j'ai refait différent scan (vundo, combo...) et j'ai fini par un scan online pour m'assurer de la bonne santé du pc! voilà ;)
    0