Storage protector VIRUS Fermé

Question

Bonjour,
Voilà j'ai chopé je ne sais comment le virus qui fait télécharger Storage Protector...
Donc j'ai éxécuté VundoFix puis j'ai éxécuté des scans; voici les rapports:


------------------------------------------------------------------------------------------ ---------------
------------------------------------------------------------------------------------------ ---------------


VirtumondoBeGone:


[01/13/2008, 13:06:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RAPHAEL\Bureau\VirtumundoBeGone.exe" )
[01/13/2008, 13:07:07] - Detected System Information:
[01/13/2008, 13:07:07] - Windows Version: 5.1.2600, Service Pack 2
[01/13/2008, 13:07:07] - Current Username: RAPHAEL (Admin)
[01/13/2008, 13:07:07] - Windows is in NORMAL mode.
[01/13/2008, 13:07:07] - Searching for Browser Helper Objects:
[01/13/2008, 13:07:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/13/2008, 13:07:07] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/13/2008, 13:07:07] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/13/2008, 13:07:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2008, 13:07:07] - No filename found. Continuing.
[01/13/2008, 13:07:07] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[01/13/2008, 13:07:07] - BHO 5: {c199d92d-00a2-4617-93fe-5ef6170d9edb} ()
[01/13/2008, 13:07:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2008, 13:07:07] - Checking for HKLM\...\Winlogon\Notify\lisnfsat
[01/13/2008, 13:07:07] - Key not found: HKLM\...\Winlogon\Notify\lisnfsat, continuing.
[01/13/2008, 13:07:07] - BHO 6: {C2C57D64-905C-4139-ABDF-8AA2CE269263} ()
[01/13/2008, 13:07:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2008, 13:07:07] - Checking for HKLM\...\Winlogon\Notify\mljge
[01/13/2008, 13:07:07] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing.
[01/13/2008, 13:07:07] - BHO 7: {E1759A31-E627-4758-9562-6899DF36C9C2} ()
[01/13/2008, 13:07:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2008, 13:07:07] - Checking for HKLM\...\Winlogon\Notify\urqnkjh
[01/13/2008, 13:07:07] - Key not found: HKLM\...\Winlogon\Notify\urqnkjh, continuing.
[01/13/2008, 13:07:07] - BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/13/2008, 13:07:07] - Finished Searching Browser Helper Objects
[01/13/2008, 13:07:07] - Finishing up...
[01/13/2008, 13:07:07] - Nothing found! Exiting...

raph83 · Answer

Je n'arrive pas à montrer le rapport ComboFix en entier donc j'en ai coupé une partie. J'ai juste coupé les fichiers temporaires supprimés qui étaient dans le disque local. Je les ai remplacés par "(...)".

ComboFix:

ComboFix 08-01-13.1 - RAPHAEL 2008-01-13 13:14:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.615 [GMT 1:00]
Running from: C:\Documents and Settings\RAPHAEL\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\StorageProtector
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\StorageProtector\Contact Customer Service.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\StorageProtector\StorageProtector.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\StorageProtector\Uninstall StorageProtector.lnk
C:\Documents and Settings\RAPHAEL\Application Data\setup_en[1].exe
C:\Documents and Settings\RAPHAEL\Application Data\storageprotector
C:\Documents and Settings\RAPHAEL\Application Data\storageprotector\Logs\update.log
C:\pos10.tmp
C:\pos100.tmp
(...)
C:\Program Files\Fichiers communs\StorageProtector
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\atl71.dll
C:\Program Files\StorageProtector\License.rtf
C:\Program Files\StorageProtector\mfc71.dll
C:\Program Files\StorageProtector\msvcp71.dll
C:\Program Files\StorageProtector\msvcr71.dll
C:\Program Files\StorageProtector\Readme.rtf
C:\Program Files\StorageProtector\Res\Main.ico
C:\Program Files\StorageProtector\Res\RecycleBin.ico
C:\Program Files\StorageProtector\rm.url
C:\Program Files\StorageProtector\sr.log
C:\Program Files\StorageProtector\swupd.log
C:\Program Files\StorageProtector\SysRep.exe.cer
C:\Program Files\StorageProtector\SysRep.exe.Log
C:\Program Files\StorageProtector\SysRep.exe.xml
C:\Program Files\StorageProtector\SysRep.url
C:\Program Files\StorageProtector\transpaid.exe
C:\Program Files\StorageProtector\unins000.dat
C:\Program Files\StorageProtector\unins000.exe
C:\Program Files\StorageProtector\urls.ini
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\urqnkjh.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-13 13:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 12:48 . 2008-01-13 12:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 12:46 . 2008-01-13 13:03 <REP> d-------- C:\VundoFix Backups
2008-01-13 12:43 . 2008-01-13 12:43 <REP> d-------- C:\Program Files\Trend Micro
2008-01-13 12:29 . 2008-01-13 12:33 <REP> d-------- C:\Program Files\OmniBack
2008-01-12 12:16 . 2008-01-12 12:16 268 --ah----- C:\sqmdata10.sqm
2008-01-12 12:16 . 2008-01-12 12:16 244 --ah----- C:\sqmnoopt10.sqm
2008-01-10 01:06 . 2008-01-10 01:08 32,764 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-10 00:15 . 2004-08-04 00:54 83,968 --a------ C:\WINDOWS\system32\CNBJMON2.DLL
2008-01-10 00:15 . 2001-08-23 15:46 58,276 --a------ C:\WINDOWS\system32\CNBJHLP2.HLP
2008-01-10 00:15 . 2001-08-23 15:46 1,312 --a------ C:\WINDOWS\system32\CNBJHLP2.CNT
2008-01-09 21:47 . 2008-01-09 21:47 <REP> d-------- C:\Program Files\Valve
2008-01-09 18:02 . 2008-01-09 18:02 <REP> d-------- C:\Program Files\ImTOO
2008-01-09 16:07 . 2008-01-09 16:07 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\AdobeUM
2008-01-08 20:03 . 2008-01-08 20:03 <REP> d-------- C:\Program Files\RapidSolution
2008-01-08 20:03 . 2008-01-08 20:15 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Tunebite
2008-01-08 20:03 . 2008-01-08 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-08 20:03 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-01-06 22:23 . 2008-01-06 22:24 <REP> d-------- C:\Program Files\Everest Poker
2008-01-03 19:53 . 2008-01-03 19:57 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Audacity
2008-01-03 03:41 . 2008-01-03 03:41 <REP> d--h----- C:\WINDOWS\PIF
2008-01-01 18:52 . 2008-01-13 03:17 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-01 18:32 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-01-01 18:32 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-01 18:32 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-01-01 18:31 . 2008-01-01 18:31 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-01 18:31 . 2008-01-01 18:32 <REP> d-------- C:\Program Files\Ahead
2008-01-01 18:31 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-01 18:31 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-01 18:31 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-01 18:31 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-01 16:10 . 2008-01-01 16:10 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Sonic
2008-01-01 16:10 . 2008-01-01 16:10 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Leadertech
2007-12-30 21:59 . 2008-01-03 02:22 <REP> d-------- C:\Program Files\DivX
2007-12-30 21:58 . 2007-12-30 21:59 684 --a------ C:\WINDOWS\mozver.dat
2007-12-29 19:23 . 2007-12-29 19:23 <REP> d-------- C:\Documents and Settings\All Users\SonicStage
2007-12-29 16:53 . 2007-12-29 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-29 16:52 . 2007-12-29 16:54 <REP> d-------- C:\Program Files\Sony
2007-12-29 16:52 . 2007-12-29 16:52 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-12-29 16:52 . 2007-12-29 19:23 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Sony Corporation
2007-12-28 13:32 . 2007-12-28 13:32 268 --ah----- C:\sqmdata09.sqm
2007-12-28 13:32 . 2007-12-28 13:32 244 --ah----- C:\sqmnoopt09.sqm
2007-12-27 23:49 . 2007-12-27 23:49 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\InstallShield
2007-12-27 23:49 . 2007-12-27 23:49 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Codemasters
2007-12-27 23:49 . 2007-12-27 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-27 23:49 . 2007-12-27 23:49 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-27 23:48 . 2007-12-27 23:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 23:48 . 2007-12-27 23:48 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-12-27 21:50 . 2007-12-27 21:50 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\vlc
2007-12-27 21:47 . 2007-12-27 21:47 <REP> d-------- C:\Program Files\VideoLAN
2007-12-27 21:01 . 2007-12-27 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-27 20:53 . 2007-12-27 20:56 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-27 20:37 . 2007-12-27 20:59 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-27 20:37 . 2008-01-13 03:41 <REP> d-------- C:\Program Files\eMule
2007-12-27 20:17 . 2007-12-27 20:17 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\MSNInstaller
2007-12-27 19:47 . 2007-12-27 19:46 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-12-27 19:47 . 2007-12-27 19:46 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-12-27 19:47 . 2007-12-27 19:46 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-27 19:42 . 2007-12-27 19:42 <REP> d-------- C:\Program Files\DAEMON Tools
2007-12-27 19:33 . 2007-12-27 19:33 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2007-12-27 19:33 . 2007-12-27 19:33 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-27 18:52 . 2007-12-27 18:53 <REP> d-------- C:\Program Files\Support Tools
2007-12-27 18:25 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-27 18:25 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-27 18:25 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-27 18:25 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-27 18:25 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-27 18:25 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-27 18:25 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-27 18:25 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-27 18:25 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-27 18:24 . 2007-12-27 18:25 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-27 02:06 . 2007-12-27 02:06 268 --ah----- C:\sqmdata08.sqm
2007-12-27 02:06 . 2007-12-27 02:06 244 --ah----- C:\sqmnoopt08.sqm
2007-12-27 01:58 . 2007-12-27 01:58 268 --ah----- C:\sqmdata07.sqm
2007-12-27 01:58 . 2007-12-27 01:58 244 --ah----- C:\sqmnoopt07.sqm
2007-12-26 22:40 . 2007-12-26 22:40 <REP> d-------- C:\Documents and Settings\SYNAKOWSKI\Application Data\Talkback
2007-12-26 21:47 . 2007-12-26 21:47 53,706 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-12-26 21:46 . 2007-12-26 21:46 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2007-12-26 21:44 . 2007-12-26 21:44 <REP> d-------- C:\WINDOWS\BricoPacks
2007-12-26 21:44 . 2007-12-26 21:47 6,118 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-12-26 21:41 . 2007-12-26 21:41 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-26 21:41 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-26 21:41 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-26 21:41 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-26 21:39 . 2007-12-26 21:39 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-26 21:39 . 2007-12-26 21:40 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-26 20:47 . 2007-12-26 20:47 <REP> d-------- C:\Program Files\Intel
2007-12-26 20:08 . 2007-12-26 20:08 <REP> d-------- C:\Program Files\DIFX
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Program Files\Lavalys
2007-12-26 19:47 . 2007-12-26 19:47 <REP> d-------- C:\Documents and Settings\RAPHAEL\Contacts
2007-12-26 19:47 . 2007-12-26 19:47 <REP> d-------- C:\Documents and Settings\RAPHAEL\Application Data\Talkback
2007-12-26 19:46 . 2007-12-26 19:46 <REP> d--hs---- C:\Documents and Settings\RAPHAEL\UserData
2007-12-26 19:44 . 2007-12-26 19:44 <REP> d-------- C:\Program Files\CCleaner
2007-12-26 19:38 . 2007-12-26 19:38 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-12-26 19:38 . 2007-12-26 19:38 <REP> d-------- C:\Program Files\Wanadoo Messager
2007-12-26 19:38 . 2008-01-11 16:43 <REP> d-------- C:\Program Files\Wanadoo
2007-12-26 19:38 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-12-26 19:38 . 2004-08-23 14:49 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-12-26 19:38 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 19:53 --------- d-----w C:\Program Files\Windows Live
2007-12-26 18:11 --------- d-----w C:\Documents and Settings\RAPHAEL\Application Data\Symantec
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c199d92d-00a2-4617-93fe-5ef6170d9edb}]
C:\WINDOWS\system32\lisnfsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2C57D64-905C-4139-ABDF-8AA2CE269263}]
C:\WINDOWS\system32\mljge.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-13 12:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-10-13 08:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-10-12 12:48:24 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 13:38:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 12:38:32
.
2008-01-09 11:19:56 --- E O F ---

raph83 · Answer

Et maintenant voici le rapport HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:38, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {bde9d071-6fe5-ef39-7164-2a00d29d991c} - {c199d92d-00a2-4617-93fe-5ef6170d9edb} - C:\WINDOWS\system32\lisnfsat.dll (file missing)
O2 - BHO: (no name) - {C2C57D64-905C-4139-ABDF-8AA2CE269263} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: E_SPSU01.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SPSU01.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
od32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

raph83 · Answer

svp help

raph83 · Answer

personne pr m'aider svp????

raph83 · Answer

svp help! J'ai encore plein de fichiers temporaires dans mes documents... et l'icône de mon disque local dans le poste de travail est une croix rouge... comment corriger mon problème svp??

Storage protector VIRUS

5 réponses

Discussions similaires