Sujet Précédent Sujet Suivant

Aïe! Virus, ça beugue !

Profil bloqué -  
 Profil bloqué -
Bonjour, depuis un certain temps,malgré mes efforts pour prendre soin de mon ordi(scan anti pop-up; scan anti-virus; défragmentages de disque...),celui-ci a du attrapper un bon virus !
Depuis un certain temps, malgré mes nombreuses recrches avec "Spybot" pour chasser les espions de mon ordi, ils reviennent à chaque fois; j'ai même essayé de les chasser moi même en mode sans échec mais mon ordinateur bloque sur un écran noir quand je le sélectionne...

Et puis voilà, j'en suis rendu à l'appel d'urgence !

Je vous remercie d'avance pour votre aide(que j'esserais de vous rendre) mais voyez-vous, dans ce texte, j'ai réecris mes phrases plusieurs fois à force d'être interompu par des fenêtres publicitaires intempestives ...

C'est urgent, merci beaucoup !
A voir également:

57 réponses

Précédent
Réponse 41 / 57
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
une fois posté le rapport combo , tu feras ceci :

télécharge hostxpert :http://www.funkytoad.com/download/HostsXpert.zip

Lorsqu'il s'ouvre, cliquez sur le bouton Restore Original Hosts (restaurer le fichier hosts d'origine) puis quittez HostsXpert.

0
Réponse 42 / 57
Profil bloqué
 
Voilà le scan ComboFix ! :

ComboFix 08-02-13.2 - Yolette 2008-02-13 9:29:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.350 [GMT 1:00]
Endroit: C:\Documents and Settings\Yolette\Local Settings\Temporary Internet Files\Content.IE5\K5QGOKLO\ComboFix[1].exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gebcd.dll
C:\Documents and Settings\Yolette\Application Data\macromedia\Flash Player\#SharedObjects\8GLP89HL\iforex.com
C:\Documents and Settings\Yolette\Application Data\macromedia\Flash Player\#SharedObjects\8GLP89HL\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Yolette\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Yolette\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\mcroso~1.net
C:\Program Files\outlook
C:\Program Files\vsadd-in
C:\Program Files\winupdates
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\rayiou.exe
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\aobnhmhs.ini
C:\WINDOWS\system32\byjhrxiy.ini
C:\WINDOWS\system32\daposweh.dll
C:\WINDOWS\system32\daposweh.dll . . . . Echec de suppression
C:\WINDOWS\system32\daposweh.dllbox
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gvvplsib.ini
C:\WINDOWS\system32\kcxybgry.dll
C:\WINDOWS\system32\maoophfp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\najdvnpo.ini
C:\WINDOWS\system32\nwpenqky.ini
C:\WINDOWS\system32\obhkjbcr.dll
C:\WINDOWS\system32\pjoskrlg.ini
C:\WINDOWS\system32\qmrkelkw.ini
C:\WINDOWS\system32\quqtsjgr.ini
C:\WINDOWS\system32\rcbjkhbo.ini
C:\WINDOWS\system32\ssqpool.dll
C:\WINDOWS\system32\uddxlpwd.dll
C:\WINDOWS\system32\viloalep.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wklekrmq.dll
C:\WINDOWS\system32\wkxvuuih.dll
C:\WINDOWS\system32\wtagasba.ini
C:\WINDOWS\system32\xuevlypr.ini
C:\WINDOWS\system32\ydyewtyv.dll
C:\WINDOWS\system32\zqwrsbql.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-13 09:27 . 2008-02-13 09:37 163,904 --a------ C:\WINDOWS\system32\daposweh.dll
2008-02-11 16:11 . 2008-02-11 16:11 <REP> d----c--- C:\Program Files\Trend Micro
2008-02-09 20:23 . 2008-02-09 20:23 163,904 --a------ C:\WINDOWS\system32\zqwrsbql.dll.vir
2008-02-09 20:18 . 2008-02-09 20:18 294 ---hs---- C:\WINDOWS\system32\lejtufqg.ini
2008-02-09 18:55 . 2008-02-09 20:15 <REP> d-------- C:\VundoFix Backups
2008-02-08 12:18 . 2008-02-10 15:56 <REP> d-------- C:\Documents and Settings\Yolette\Application Data\U3
2008-02-05 11:37 . 2008-02-05 11:37 <REP> d-------- C:\Documents and Settings\Yolette\Application Data\Grisoft
2008-02-05 11:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 11:35 . 2008-02-05 11:35 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 17:08 . 2008-01-28 17:14 5,153 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 18:36 . 2008-02-12 19:10 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-01-26 17:11 . 2008-01-30 19:09 319 --ahs---- C:\WINDOWS\system32\pqtwa.ini
2008-01-24 18:31 . 2008-02-13 09:12 <REP> d--hs---- C:\windowsuy679

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 08:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 13:29 7,680 -csha-w C:\Program Files\Thumbs.db
2008-02-11 09:51 340,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-11 09:51 28,964,896 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-10 11:48 --------- dc----w C:\Program Files\Paint.NET
2008-02-02 20:53 --------- dc----w C:\Program Files\Navilog1
2008-01-29 18:29 --------- dc----w C:\Program Files\ffdshow
2008-01-28 16:14 70,796 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-28 13:04 --------- dc----w C:\Program Files\LimeWire
2008-01-19 16:37 --------- dc----w C:\Program Files\Multi_Media_France
2008-01-19 16:16 --------- dc----w C:\Program Files\Fichiers communs\Adobe
2008-01-14 13:37 --------- dc----w C:\Program Files\Microsoft Games
2008-01-11 19:27 --------- dc----w C:\Program Files\Windows Live Safety Center
2008-01-09 10:29 --------- dc----w C:\Program Files\Shareaza Applications
2008-01-08 17:45 --------- d-----w C:\Documents and Settings\Yolette\Application Data\Shareaza
2008-01-07 17:51 --------- d-----w C:\Documents and Settings\Yolette\Application Data\Vso
2008-01-07 17:39 --------- d-----w C:\Documents and Settings\Yolette\Application Data\Azureus
2008-01-06 14:20 --------- dc----w C:\Program Files\Architecte 3D Platinium Demo
2008-01-06 12:49 --------- dc----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-01-06 12:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-01-06 12:48 --------- dc----w C:\Program Files\BoontyGames
2008-01-06 12:48 --------- dc----w C:\Program Files\Boonty
2008-01-05 23:33 --------- dc----w C:\Program Files\GameSpy Arcade
2008-01-05 18:12 --------- dc----w C:\Program Files\DVDFab Platinum 4
2007-12-30 13:56 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-30 13:54 --------- dc----w C:\Program Files\Yahoo!
2007-12-30 13:53 --------- dc----w C:\Program Files\BitTyrant
2007-12-30 13:50 --------- dc----w C:\Program Files\Windows Live
2007-12-28 16:24 --------- dc----w C:\Program Files\EA GAMES
2007-12-26 11:29 --------- dc----w C:\Program Files\Sierra
2007-12-14 19:37 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-14 19:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-19 13:04 512 ----a-w C:\ScanSectorLog.dat
2007-11-13 19:38 471,040 ------w C:\WINDOWS\Harry Potter Lumos.scr
2007-11-13 19:38 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-09-16 20:30 1,528 -c--a-w C:\Program Files\gmax.ini
2007-09-10 07:41 64 -c--a-w C:\Program Files\maxscrpt.dsk
2007-09-10 07:40 523 -c--a-w C:\Program Files\gmax.log
2007-08-01 10:48 124 -c--a-w C:\Program Files\plugin.ini
2007-02-12 17:15 94,080 -c--a-w C:\Documents and Settings\Yolette\Application Data\ezplay.sys
2007-02-12 17:15 87,608 -c--a-w C:\Documents and Settings\Yolette\Application Data\ezpinst.exe
2007-02-10 17:03 47,360 -c--a-w C:\Documents and Settings\Yolette\Application Data\pcouffin.sys
2006-12-05 18:36 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-04 08:23 124 -c--a-w C:\Documents and Settings\Yolette\Application Data\wklnhst.dat
2004-08-09 14:13 1,852,928 -c--a-w C:\Program Files\ABBYY PDF Transformer 1.0.msi
2004-08-05 03:08 92,160 -c--a-w C:\Program Files\1036.mst
2004-08-05 03:08 81,920 -c--a-w C:\Program Files\1029.mst
2004-08-05 03:08 76,288 -c--a-w C:\Program Files\1031.mst
2004-08-05 03:08 74,752 -c--a-w C:\Program Files\1040.mst
2004-08-05 03:08 74,752 -c--a-w C:\Program Files\1038.mst
2004-08-05 03:08 71,680 -c--a-w C:\Program Files\1045.mst
2004-08-05 03:08 71,680 -c--a-w C:\Program Files\1043.mst
2004-08-05 03:08 71,680 -c--a-w C:\Program Files\1034.mst
2004-08-05 03:08 38,619,860 -c--a-w C:\Program Files\Data1.cab
2004-08-05 03:08 3,584 -c--a-w C:\Program Files\1033.mst
2004-08-05 03:08 121,856 -c--a-w C:\Program Files\1049.mst
2004-08-04 19:15 285 -c--a-w C:\Program Files\setup.ini
2004-01-21 10:05 303,104 -c--a-w C:\Program Files\setup.exe
2003-12-08 12:04 827,392 -c--a-w C:\Program Files\NPSWF32.dll
2002-10-31 13:13 295,946 -c--a-w C:\Program Files\Readme.Rtf
2002-03-11 09:06 1,822,520 -c--a-w C:\Program Files\instmsiW.exe
2002-03-11 08:45 1,708,856 -c--a-w C:\Program Files\instmsiA.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68FB1BD1-9AF9-4B08-B347-782D6A76295C}]
C:\WINDOWS\system32\jkklm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-13 09:37 163904 --a------ C:\WINDOWS\system32\daposweh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"Shareaza"="C:\CreativesFiles\Shareaza.exe" [2008-01-01 17:49 4739072]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-10-31 17:07 299048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtspmn]
awtspmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\daposweh]
daposweh.dll 2008-02-13 09:37 163904 C:\WINDOWS\system32\daposweh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xwxqctsc]
xwxqctsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zqwrsbql]
zqwrsbql.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Yolette^Menu Démarrer^Programmes^Démarrage^Magnifier.lnk]
path=C:\Documents and Settings\Yolette\Menu Démarrer\Programmes\Démarrage\Magnifier.lnk
backup=C:\WINDOWS\pss\Magnifier.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yolette^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Yolette\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yolette^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Yolette\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yolette^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Yolette\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yolette^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Yolette\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a--c--- 2007-07-06 13:12 2224128 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
C:\Documents and Settings\Yolette\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
--a--c--- 2007-04-04 14:18 1103360 C:\Program Files\BitDownload\BitDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cyushkx]
C:\Program Files\??mbols\m?hta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc503bce]
C:\WINDOWS\system32\wklekrmq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
--a------ 2005-02-08 05:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
C:\Program Files\Free Download Manager\fum\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reminder.exe]
--------- 2005-01-19 16:10 28672 C:\WINDOWS\reminder\fsc-reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a--c--- 2005-11-07 22:16 143360 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop up Blocker]
C:\Program Files\Pop up Blocker\pd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUp Destroy]
--a--c--- 2003-04-22 13:27 1806336 C:\Program Files\PopUp Destroy\Popup-Destroy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-04-15 16:13 45056 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
C:\WINDOWS\system32\xfgheurp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sixth64BirdComp]
C:\Documents and Settings\All Users\Application Data\Beep User Sixth 64\2mess.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a--c--- 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-11-11 15:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
C:\Documents and Settings\Yolette\Local Settings\Application Data\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]
--a------ 2004-08-05 13:00 33792 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Program Files\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
-----c--- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zilla Popup Killer]
C:\Program Files\Zilla Popup Killer\ZillaPop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FTRTSVC"=2 (0x2)
"OPTENET_FILTER"=2 (0x2)

R2 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-01-06 13:49]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-23 15:21]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 08:12]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [2007-06-04 15:14]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SoC PC-Camera Service;Q-TEC WEBCAM 100 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f072f4fd-d7d3-11dc-861a-0015f227ec45}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 11:35:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\daposweh.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\daposweh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\Ati2evxx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 11:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 10:38:51
.
2008-01-09 18:00:49 --- E O F ---
0
Réponse 43 / 57
Profil bloqué
 
pour hostxpert, c'est fait !
0
Réponse 44 / 57
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
reposte moi un nouveau hijack en attendant espion .....
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 57
Profil bloqué
 
Voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:34:28, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\CreativesFiles\Shareaza.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68FB1BD1-9AF9-4B08-B347-782D6A76295C} - C:\WINDOWS\system32\jkklm.dll (file missing)
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\daposweh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\CreativesFiles\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O9 - Extra 'Tools' menuitem: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://cgi5.ebay.fr/
O15 - Trusted Zone: https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
O15 - Trusted Zone: http://bl121w.blu121.mail.live.com
O15 - Trusted Zone: http://www.trefle.com
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: awtspmn - awtspmn.dll (file missing)
O20 - Winlogon Notify: daposweh - daposweh.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: xwxqctsc - xwxqctsc.dll (file missing)
O20 - Winlogon Notify: zqwrsbql - zqwrsbql.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 46 / 57
Profil bloqué
 
...
0
Réponse 47 / 57
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
salut giggs,

Télécharge CleanX-II de sUBs (merci mOe) ici :

http://download.bleepingcomputer.com/sUBs/CleanX-II.exe

Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système.
Double-clique sur CleanX-II.exe pour démarrer la réparation.
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape %temp%\report.txt . Le bloc-note va ouvrir le rapport.

Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
0
Réponse 48 / 57
espion3004 Messages postés 8687 Statut Membre 1 433
 
Attention pas de suite pour purger le système =>Désactive puis réactive ta restauration système.
0
Réponse 49 / 57
Profil bloqué
 
c'est a dire?....
0
Réponse 50 / 57
Profil bloqué
 
J'ai fait, et apres "post run analysis" ,ça marque cela:

NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
20:10:06,85

======================================================

Dois-je m'inquieter ?
0
Réponse 51 / 57
Profil bloqué
 
l'etat de mon ordinateur s'est assez amelioré sinon, mais ... est-ce que c'est fini ???
(Merci beaucoup j'usqu'à là!)
0
Réponse 52 / 57
espion3004 Messages postés 8687 Statut Membre 1 433
 
Bon, envois un rapport hijack this stp....
0
Réponse 53 / 57
guigs2
 
Voici ! ->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:06, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\CreativesFiles\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68FB1BD1-9AF9-4B08-B347-782D6A76295C} - C:\WINDOWS\system32\jkklm.dll (file missing)
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\CreativesFiles\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O9 - Extra 'Tools' menuitem: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://cgi5.ebay.fr/
O15 - Trusted Zone: https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
O15 - Trusted Zone: http://bl121w.blu121.mail.live.com
O15 - Trusted Zone: http://www.trefle.com
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: awtspmn - awtspmn.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: xwxqctsc - xwxqctsc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 54 / 57
Profil bloqué
 
en fait, je crois que mon probleme est reglé!
je n'ai plus aucun espion sur mon ordi!!!
merci a vous tous pour votre aide!!!!
qu'aurais-je fait sans vous?
encore MERCI !en fait, je crois que mon probleme est reglé!
je n'ai plus aucun espion sur mon ordi!!!
merci a vous tous pour votre aide!!!!
qu'aurais-je fait sans vous?
encore MERCI !
0
Réponse 55 / 57
espion3004 Messages postés 8687 Statut Membre 1 433
 
Confirmes avec un hijack stp ...
0
Réponse 56 / 57
Profil bloqué
 
Voici ->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:57, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\CreativesFiles\Shareaza.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Shareaza] "C:\CreativesFiles\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Cyushkx] "C:\Program Files\??mbols\m?hta.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://cgi5.ebay.fr/
O15 - Trusted Zone: http://bl121w.blu121.mail.live.com
O15 - Trusted Zone: www.mail.live.com
O15 - Trusted Zone: http://www.trefle.com
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: awtspmn - awtspmn.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: xwxqctsc - xwxqctsc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 57 / 57
Profil bloqué
 
alors ??je recommence a avoir des espions...
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses