Virtualmonde

yannickgo Messages postés 8 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,À vous
Je me refere a vous car mon ordi est rendu lent et meouvre des fenetres Je ne sais plus trop quoi faire.Nod32 ma detecter virtual monde je crois meme que j'ai un trojan.
j'aimerais bien avoir vos suggestion pour enlever ces bebite la
Configuration: Windows XP
Internet Explorer 7.0

12 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    il faut aussi le rapport de clean

    ensuite fait ceci

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ensuite
    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    ensuite une fois ceci fait refais un rapport hijack
    @+
    1
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bonjour
    tu peux commencer par ceci
    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    =Double-clic dessus
    =installe
    =Clic Do a system scan and save the log
    =coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  3. yannickgo Messages postés 8 Statut Membre
     
    Voici mon rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:34:31, on 2007-12-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Distributel Web Accelerator\slipcore.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Distributel Web Accelerator\slipgui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\YANNIC~1\LOCALS~1\Temp\Rar$EX04.641\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Distributel Web Accelerator\slipcore.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
    O4 - HKLM\..\Run: [a85cfe0b] rundll32.exe "C:\WINDOWS\system32\pdclpyyv.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Accelerateur Web Distributel.lnk = C:\Program Files\Distributel Web Accelerator\slipgui.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Afficher l'image originale. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/328
    O8 - Extra context menu item: Afficher toutes les images originales. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/327
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRdownload.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7ACAA93-CD48-4891-BAB9-92B03FD50F8A}: NameServer = 206.80.254.4 206.80.254.68
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]

    = installe le
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1 ( = taper 1 )
    ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

    le rapport se trouve dans c: fixnavi.txt

    tu postes ce rapport.

    ---------------------
    Télecharge http://www.malekal.com/download/clean.zip sur le bureau
    Dézippe sur le bureau.
    = ouvrir le dossier clean
    = clique sur le symbole roue dentée avec le nom clean
    = choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
    = ensuite colle le rapport
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yannickgo Messages postés 8 Statut Membre
     
    voici mon rapport navilog

    Search Navipromo version 3.3.8 commencé le 2007-12-23 à 4:49:39,87

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Recherche dossiers dans "C:\Documents and Settings\Yannick Gouin\application data" ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\Yannick Gouin\local settings\application data" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :

    * Dans "C:\Documents and Settings\Yannick Gouin\local settings\application data" :

    3)Recherche Certificats :

    Certificat Egroup absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\abadd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\yccdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\yccdd.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\yccdd.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 2007-12-23 à 4:51:37,36 ***
    0
  7. yannickgo Messages postés 8 Statut Membre
     
    VundoFix V6.7.7

    Checking Java version...

    Sun Java not detected
    Scan started at 05:02:41 2007-12-23

    Listing files found while scanning....

    C:\WINDOWS\system32\abadd.ini
    C:\WINDOWS\system32\abadd.ini2
    C:\WINDOWS\system32\ddaba.dll
    C:\WINDOWS\system32\pdclpyyv.dll
    C:\WINDOWS\system32\pmnklih.dll
    C:\WINDOWS\system32\qomnnmj.dll
    C:\WINDOWS\system32\ulgmpkai.dll
    C:\WINDOWS\system32\winbue32.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\abadd.ini
    C:\WINDOWS\system32\abadd.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\abadd.ini2
    C:\WINDOWS\system32\abadd.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddaba.dll
    C:\WINDOWS\system32\ddaba.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pdclpyyv.dll
    C:\WINDOWS\system32\pdclpyyv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnklih.dll
    C:\WINDOWS\system32\pmnklih.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\qomnnmj.dll
    C:\WINDOWS\system32\qomnnmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ulgmpkai.dll
    C:\WINDOWS\system32\ulgmpkai.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winbue32.dll
    C:\WINDOWS\system32\winbue32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Sun Java not detected
    Scan started at 16:04:12 2007-12-23

    Listing files found while scanning....

    C:\WINDOWS\system32\pmnklih.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmnklih.dll
    C:\WINDOWS\system32\pmnklih.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    et

    [12/23/2007, 16:24:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Yannick Gouin\Bureau\VirtumundoBeGone.exe" )
    [12/23/2007, 16:24:36] - Detected System Information:
    [12/23/2007, 16:24:36] - Windows Version: 5.1.2600, Service Pack 2
    [12/23/2007, 16:24:36] - Current Username: Yannick Gouin (Admin)
    [12/23/2007, 16:24:36] - Windows is in NORMAL mode.
    [12/23/2007, 16:24:37] - Searching for Browser Helper Objects:
    [12/23/2007, 16:24:37] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (HelperObject Class)
    [12/23/2007, 16:24:37] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [12/23/2007, 16:24:37] - BHO 3: {1515B906-999A-48F3-8BF4-B7EC61BF5B38} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - Checking for HKLM\...\Winlogon\Notify\pmnklih
    [12/23/2007, 16:24:37] - Key not found: HKLM\...\Winlogon\Notify\pmnklih, continuing.
    [12/23/2007, 16:24:37] - BHO 4: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - No filename found. Continuing.
    [12/23/2007, 16:24:37] - BHO 5: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} (PBlockHelper Class)
    [12/23/2007, 16:24:37] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/23/2007, 16:24:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/23/2007, 16:24:37] - BHO 7: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
    [12/23/2007, 16:24:37] - BHO 8: {70936dd6-a4d8-4312-9213-d2eaf021f9df} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - Checking for HKLM\...\Winlogon\Notify\ulgmpkai
    [12/23/2007, 16:24:37] - Key not found: HKLM\...\Winlogon\Notify\ulgmpkai, continuing.
    [12/23/2007, 16:24:37] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - No filename found. Continuing.
    [12/23/2007, 16:24:37] - BHO 10: {9AA2F14F-E956-44B8-8694-A5B615CDF341} (NOW!Imaging)
    [12/23/2007, 16:24:37] - BHO 11: {9B1F83CE-6735-4B7D-81F5-EC7771F0A033} ()
    [12/23/2007, 16:24:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/23/2007, 16:24:37] - Checking for HKLM\...\Winlogon\Notify\ddaba
    [12/23/2007, 16:24:37] - Key not found: HKLM\...\Winlogon\Notify\ddaba, continuing.
    [12/23/2007, 16:24:37] - BHO 12: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
    [12/23/2007, 16:24:37] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [12/23/2007, 16:24:37] - Finished Searching Browser Helper Objects
    [12/23/2007, 16:24:37] - Finishing up...
    [12/23/2007, 16:24:37] - Nothing found! Exiting...

    et pour finir hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:30:42, on 2007-12-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Distributel Web Accelerator\slipcore.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Distributel Web Accelerator\slipgui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Distributel Web Accelerator\slipcore.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
    O4 - HKLM\..\Run: [a85cfe0b] rundll32.exe "C:\WINDOWS\system32\itfcmcox.dll",b
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Accelerateur Web Distributel.lnk = C:\Program Files\Distributel Web Accelerator\slipgui.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Afficher l'image originale. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/328
    O8 - Extra context menu item: Afficher toutes les images originales. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/327
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRdownload.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7ACAA93-CD48-4891-BAB9-92B03FD50F8A}: NameServer = 206.80.254.4 206.80.254.68
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour,

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    @+
    0
  9. yannickgo Messages postés 8 Statut Membre
     
    Voici le rapport de combofix

    ComboFix 07-12-21.4 - Yannick Gouin 2007-12-26 18:19:51.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.597 [GMT -5:00]
    Running from: C:\Documents and Settings\Yannick Gouin\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\G1810.tmp.exe
    C:\WINDOWS\system32\G52D7.tmp.exe
    C:\WINDOWS\system32\LD8A1.tmp.exe
    C:\WINDOWS\system32\uagwwsdd.dllbox

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_MSUPDATE
    -------\msupdate

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-26 16:36 . 2004-08-04 00:55 294,912 --a------ C:\WINDOWS\system\MSH263.DRV
    2007-12-26 16:36 . 2004-08-04 00:54 47,616 --a------ C:\WINDOWS\system\IYUV_32.DLL
    2007-12-25 14:38 . 2007-12-25 16:04 7,168 --a------ C:\WINDOWS\system32\windows
    2007-12-25 14:12 . 2007-12-25 14:12 <REP> d-------- C:\WINDOWS\Setup533
    2007-12-25 14:12 . 2002-10-21 11:37 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
    2007-12-25 14:12 . 2002-01-19 15:33 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
    2007-12-25 14:12 . 2002-01-19 15:33 131,072 --a------ C:\WINDOWS\system\SP5X_32.DLL
    2007-12-25 14:12 . 2000-04-12 12:25 118,784 --a------ C:\WINDOWS\ShowBmp.exe
    2007-12-25 14:12 . 2002-05-02 17:26 65,536 --a------ C:\WINDOWS\amcap533.exe
    2007-12-25 14:12 . 2002-07-30 19:40 16,384 --a------ C:\WINDOWS\system32\Dext533.ax
    2007-12-25 14:12 . 2002-07-25 11:19 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
    2007-12-25 14:12 . 2002-08-01 16:50 1,888 --a------ C:\WINDOWS\CA533A.INI
    2007-12-25 14:12 . 2003-01-06 13:33 1,325 --a------ C:\WINDOWS\Remove.ini
    2007-12-23 21:47 . 2007-12-23 21:47 14,033 --a------ C:\pos5DA.tmp
    2007-12-23 21:46 . 2007-12-23 21:47 14,033 --a------ C:\pos4FB.tmp
    2007-12-23 18:23 . 2007-12-23 18:23 14,033 --a------ C:\posF9.tmp
    2007-12-23 17:35 . 2007-12-25 14:19 990,821 ---hs---- C:\WINDOWS\system32\xocmcfti.ini
    2007-12-23 17:30 . 2007-12-23 17:30 282,711 ---hs---- C:\WINDOWS\system32\srutv.bak2
    2007-12-23 17:18 . 2007-12-23 22:14 1,325 ---hs---- C:\WINDOWS\system32\srutv.ini2
    2007-12-23 17:18 . 2007-12-23 17:18 704 ---hs---- C:\WINDOWS\system32\srutv.tmp
    2007-12-23 16:29 . 2007-12-23 17:18 704 ---hs---- C:\WINDOWS\system32\srutv.ini
    2007-12-23 16:18 . 2007-12-23 16:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-12-23 05:02 . 2007-12-23 16:04 <REP> d-------- C:\VundoFix Backups
    2007-12-23 04:48 . 2007-12-23 04:51 <REP> d-------- C:\Program Files\Navilog1
    2007-12-23 04:36 . 2007-12-23 04:36 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-22 17:42 . 2007-12-22 17:43 990,630 ---hs---- C:\WINDOWS\system32\vyyplcdp.ini
    2007-12-20 16:00 . 2007-12-20 16:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-12-20 00:18 . 2007-12-20 01:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-19 01:18 . 2007-12-19 07:32 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-12-18 08:09 . 2001-08-23 17:47 126,976 --a------ C:\WINDOWS\system32\hpgt34tk.dll
    2007-12-18 08:09 . 2001-08-23 17:47 126,976 --a--c--- C:\WINDOWS\system32\dllcache\hpgt34tk.dll
    2007-12-18 08:09 . 2001-08-23 17:47 101,376 --a------ C:\WINDOWS\system32\hpgt34.dll
    2007-12-18 08:09 . 2001-08-23 17:47 101,376 --a--c--- C:\WINDOWS\system32\dllcache\hpgt34.dll
    2007-12-18 08:09 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2007-12-18 08:09 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2007-12-18 08:09 . 2001-08-23 17:47 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll
    2007-12-18 08:09 . 2001-08-23 17:47 32,768 --a--c--- C:\WINDOWS\system32\dllcache\hpgtmcro.dll
    2007-12-18 08:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-12-18 08:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-12-17 22:23 . 2004-08-04 00:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
    2007-12-17 22:23 . 2004-08-04 00:55 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
    2007-12-17 22:23 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-12-17 22:23 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
    2007-12-17 22:23 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-12-17 22:23 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
    2007-12-17 22:23 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-12-17 22:23 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
    2007-12-17 22:23 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-12-17 22:23 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
    2007-12-17 22:22 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-12-17 22:22 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
    2007-12-17 22:22 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-12-17 22:22 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
    2007-12-17 22:22 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-12-17 22:22 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
    2007-12-17 22:20 . 2007-12-17 22:50 <REP> d-------- C:\Documents and Settings\Yannick Gouin\Application Data\Ulead Systems
    2007-12-17 22:00 . 2007-12-17 22:00 <REP> d-------- C:\WINDOWS\system32\windows media
    2007-12-17 22:00 . 2007-12-17 22:00 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-12-17 21:58 . 2007-12-17 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2007-12-17 21:57 . 2007-12-17 21:57 <REP> d-------- C:\Program Files\Windows Media Components
    2007-12-17 21:56 . 2007-12-17 21:56 <REP> d-------- C:\Program Files\Ulead Systems
    2007-12-17 21:56 . 2007-12-17 21:57 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
    2007-12-17 21:56 . 2007-12-17 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-12-17 21:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-12-17 21:52 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-12-17 16:16 . 2007-12-26 18:24 0 --a------ C:\WINDOWS\system32\Sweeper.cfg
    2007-12-17 16:14 . 2007-12-26 16:57 810 --a------ C:\WINDOWS\win.tmp
    2007-12-17 16:14 . 2007-12-23 17:20 227 --a------ C:\WINDOWS\system.tmp
    2007-12-17 15:01 . 2005-12-13 15:18 50,048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-12-17 15:00 . 2007-12-17 16:16 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-12-17 15:00 . 2007-12-17 15:00 <REP> d-------- C:\Documents and Settings\Yannick Gouin\Application Data\PC Tools
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d-------- C:\Documents and Settings\Yannick Gouin\Application Data\Grisoft
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-17 01:17 . 2007-12-17 01:17 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-17 01:15 . 2007-12-17 01:15 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-12-17 01:15 . 2007-12-17 01:15 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-17 01:09 . 2007-12-17 01:12 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-12-17 00:49 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-16 23:04 . 2007-12-17 01:12 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2007-12-16 23:00 . 2007-12-17 01:13 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-12-16 00:00 . 2007-12-24 02:01 318,898 --a------ C:\PokerStars.log.0
    2007-12-16 00:00 . 2007-12-20 00:28 177,503 --a------ C:\PokerStars.log.1
    2007-12-15 23:11 . 2007-12-17 23:25 0 --a------ C:\dump_dvd.vob
    2007-12-15 21:55 . 2007-12-15 21:55 46 --a------ C:\WINDOWS\.pod
    2007-12-15 21:43 . 2007-12-17 01:13 <REP> d-------- C:\Program Files\DVD Shrink
    2007-12-15 21:43 . 2007-12-17 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-12-15 02:03 . 2007-12-15 02:03 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-15 02:03 . 2007-12-15 02:03 <REP> d-------- C:\WINDOWS\AU_Log
    2007-12-15 02:03 . 2007-12-15 02:03 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-12-15 02:03 . 2007-12-15 02:03 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-12-15 02:03 . 2007-12-15 02:03 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-12-15 02:03 . 2007-12-15 02:03 170 --a------ C:\WINDOWS\GetServer.ini
    2007-12-13 17:28 . 2007-12-13 17:28 23,552 --a------ C:\WINDOWS\system32\mssrv32.exe
    2007-12-13 04:21 . 2007-12-19 03:06 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2007-12-13 00:04 . 2007-12-13 00:04 72,066 --ahs---- C:\WINDOWS\system32\yccdd.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-26 08:41 --------- d-----w C:\Documents and Settings\Yannick Gouin\Application Data\mIRC
    2007-12-26 07:32 --------- d-----w C:\Program Files\mIRC
    2007-12-25 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-23 07:32 --------- d-----w C:\Program Files\PokerStars
    2007-12-20 04:13 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-12-10 04:21 --------- d-----w C:\Documents and Settings\Yannick Gouin\Application Data\Ahead
    2007-12-04 03:30 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-19 23:17 --------- d-----w C:\Program Files\TechSmith
    2007-11-19 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
    2007-11-19 23:16 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-15 04:14 --------- d-----w C:\Program Files\Winamp
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-13 03:02 --------- d-----w C:\Documents and Settings\Yannick Gouin\Application Data\AdobeUM
    2007-11-13 02:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-11 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-11-09 07:15 --------- d-----w C:\Program Files\Infogrames Interactive
    2007-11-09 06:30 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-11-09 06:23 --------- d-----w C:\Program Files\Nero
    2007-11-09 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-09 06:17 --------- d-----w C:\Program Files\Microsoft.NET
    2007-11-09 05:55 0 ----a-w C:\Program Files\error.dat
    2007-11-09 05:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-09 05:54 --------- d-----w C:\Program Files\Brother
    2007-11-09 05:42 --------- d-----w C:\Program Files\ScanSoft
    2007-11-09 05:42 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
    2007-11-09 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2007-11-09 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
    2007-11-09 05:38 --------- d-----w C:\Program Files\Analog Devices
    2007-11-09 05:31 --------- d-----w C:\Program Files\VIA
    2007-11-09 05:17 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-09 05:15 --------- d-----w C:\Program Files\Services en ligne
    2007-11-09 05:14 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-09 00:05 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-09 00:05 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44ee1c3b-ceed-4dce-a3e6-3a1e12b81da0}]
    C:\WINDOWS\system32\bgpuemla.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B1F83CE-6735-4B7D-81F5-EC7771F0A033}]
    C:\WINDOWS\system32\ddaba.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-01-11 02:56]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [2005-09-07 15:35]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 20:11]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 11:20]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 11:39]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
    "SlipStream"="C:\Program Files\Distributel Web Accelerator\slipcore.exe" [2006-12-11 14:34]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-11 01:59]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 08:27]
    "a85cfe0b"="C:\WINDOWS\system32\itfcmcox.dll" []
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 C:\WINDOWS\system32\rundll32.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-01-11 02:56]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uagwwsdd]
    uagwwsdd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 15:40 155648 --a------ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2007-05-14 17:22 35328 --a------ C:\Program Files\Winamp\winampa.exe

    R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 07:53]
    S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
    S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
    S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]
    S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-26 22:51:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 18:26:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Completion time: 2007-12-26 18:27:17 - machine was rebooted [Yannick Gouin]
    .
    2007-12-13 09:22:01 --- E O F ---
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::
    [-HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B1F83CE-6735-4B7D-81F5-EC7771F0A033}]
    [-HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ee1c3b-ceed-4dce-a3e6-3a1e12b81da0}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uagwwsdd]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "a85cfe0b"=-

    File::
    C:\WINDOWS\system32\xocmcfti.ini
    C:\WINDOWS\system32\srutv.ini2
    C:\WINDOWS\system32\srutv.tmp
    C:\WINDOWS\system32\srutv.bak2
    C:\WINDOWS\system32\srutv.ini
    C:\WINDOWS\system32\vyyplcdp.ini
    C:\WINDOWS\system32\d3d8caps.dat
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\yccdd.ini


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite refais hijack
    mais il faut le renommer avant
    par exemple par yannickgo.exe
    une fois renommer relance un scan hijack et poste le rapport
    @+
    0
  11. yannickgo Messages postés 8 Statut Membre
     
    Désoler pour le temps !

    Voici le rapport hijacthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:28:39, on 2008-01-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Distributel Web Accelerator\slipcore.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Distributel Web Accelerator\slipgui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Documents and Settings\Yannick Gouin\Bureau\boot98seprinstall.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Distributel Web Accelerator\PBHelper.dll
    O2 - BHO: {0ad18b21-e1a3-6e3a-ecd4-deecb3c1ee44} - {44ee1c3b-ceed-4dce-a3e6-3a1e12b81da0} - C:\WINDOWS\system32\bgpuemla.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Distributel Web Accelerator\components\NOWImaging.dll
    O2 - BHO: (no name) - {9B1F83CE-6735-4B7D-81F5-EC7771F0A033} - C:\WINDOWS\system32\ddaba.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Distributel Web Accelerator\slipcore.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
    O4 - HKLM\..\Run: [a85cfe0b] rundll32.exe "C:\WINDOWS\system32\itfcmcox.dll",b
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Accelerateur Web Distributel.lnk = C:\Program Files\Distributel Web Accelerator\slipgui.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Afficher l'image originale. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/328
    O8 - Extra context menu item: Afficher toutes les images originales. - res://C:\Program Files\Distributel Web Accelerator\gui_resource.dll/327
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - I:\Sauvegarde avant formatage\Disque local (I)\Petit logiciel\GetRight\GRdownload.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7ACAA93-CD48-4891-BAB9-92B03FD50F8A}: NameServer = 206.80.254.4 206.80.254.68
    O20 - Winlogon Notify: uagwwsdd - uagwwsdd.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    tu n'as pas fait la manip avec combofix sur le poste 10

    une fois le bloc notes CFScript.txt créer il faut le faire glisser sur l'icône
    de combofix
    @+
    0