Virus W32.Myzor.fk@yf

Mike -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
J'ai été infecté par le virus W32.Myzor.fk@yf sous Windows XP Service pack 2, en plus j'ai une barre de tâche supplémentaire dans explorer pour télécharger des logiciels...
Voici le rapport Hijackthis :
En vous remerciant d'avance pour votre aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:23, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\TEMP\QLE20E.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.29.234.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll
O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Pare-feu d'OfficeScan NT (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 5877 bytes

Merci @+
Configuration: Windows XP
Explorer
Firefox 2.0.0.12

12 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    vire le fichier mywaySA et netproject en allant dans poste de travail puis C puis prog files:

    C:\Program Files\MyWaySA
    C:\Program Files\NetProject
    _____________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll

    __________________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    _________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    scan en ligne firefox

    ___________________

    recolle un rapport hiajkchtis et dis tes soucis
    0
  2. Mike
     
    Problème résolu,
    Il n'y a plus rien

    MERCI !!!
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut mike,

    tu es sur?

    post un nouveau rapport hijack this

    @+
    0
  4. litea Messages postés 33 Statut Membre 5
     
    Bonsoir, je suis malheureusement infecter aussi :s Voici donc mon log sous HiJackThis - Windows XP Media Center edition SP2 :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:17:19, on 21/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee\msc\mcuimgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\NetProject\scit.exe
    C:\Documents and Settings\Litea\Bureau\Remoce scit\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 213.239.219.83 l2authd.lineage2.com # m0o age
    O1 - Hosts: 213.239.219.83 L2testauthd.lineage2.com #m0o age
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203549329.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut litea,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.

    @+
    0
  7. litea Messages postés 33 Statut Membre 5
     
    Log de combofix

    ComboFix 08-02-21 - Litea 2008-02-21 11:42:22.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2800 [GMT 1:00]
    Endroit: C:\Documents and Settings\Litea\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-21 00:57 . 2008-02-21 01:00 <REP> d-------- C:\Program Files\RogueRemover FREE
    2008-02-21 00:15 . 2008-02-21 00:28 <REP> d-------- C:\Program Files\NetProject
    2008-02-21 00:15 . 2008-02-21 00:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-20 13:56 . 2008-02-20 13:56 <REP> d-------- C:\Program Files\Ubisoft
    2008-02-20 11:09 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Qtracker
    2008-02-20 00:32 . 2008-02-20 00:32 <REP> d-------- C:\Program Files\xyr0x security
    2008-02-20 00:23 . 2008-02-20 00:23 <REP> d-------- C:\Program Files\DNA
    2008-02-20 00:23 . 2008-02-20 00:23 <REP> d-------- C:\Program Files\BitTorrent
    2008-02-20 00:23 . 2008-02-21 02:31 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DNA
    2008-02-20 00:23 . 2008-02-20 00:30 <REP> d-------- C:\Documents and Settings\Litea\Application Data\BitTorrent
    2008-02-19 22:55 . 2003-07-18 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-02-19 22:55 . 2005-01-02 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-02-19 22:37 . 2008-02-19 23:16 <REP> d-------- C:\Program Files\L2 C7
    2008-02-19 21:51 . 2008-02-20 11:17 <REP> d-------- C:\PunkBuster
    2008-02-19 21:45 . 2008-02-19 21:52 <REP> d-------- C:\Program Files\The All-Seeing Eye
    2008-02-19 20:44 . 2008-02-19 20:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-19 19:09 . 2004-08-18 04:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-02-19 16:19 . 2008-02-19 16:19 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Atari
    2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
    2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Leadertech
    2008-02-19 16:13 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
    2008-02-19 16:11 . 2008-02-19 16:11 <REP> d-------- C:\Program Files\Atari
    2008-02-19 13:49 . 2008-02-19 13:49 <REP> d--h----- C:\WINDOWS\PIF
    2008-02-19 11:15 . 2008-02-19 11:15 <REP> dr-h----- C:\Documents and Settings\Litea\Application Data\SecuROM
    2008-02-19 11:14 . 2008-02-19 11:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-02-19 11:02 . 2008-02-19 11:12 <REP> d-------- C:\Program Files\EA Sports
    2008-02-19 01:03 . 2008-02-19 11:42 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-02-19 01:03 . 2008-02-19 22:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\IDM
    2008-02-19 01:03 . 2008-02-21 11:40 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DMCache
    2008-02-18 21:16 . 2008-02-18 21:16 <REP> d-------- C:\Program Files\Empire Interactive
    2008-02-18 13:41 . 2008-02-18 13:41 <REP> d-------- C:\Program Files\Flagship Studios
    2008-02-17 15:25 . 2008-02-17 15:25 <REP> d-------- C:\WINDOWS\system32\Msinstall
    2008-02-14 20:59 . 2008-02-14 21:00 <REP> d-------- C:\Documents and Settings\Litea\Application Data\F4
    2008-02-14 20:58 . 2008-02-14 20:58 <REP> d-------- C:\Program Files\OpenAL
    2008-02-14 20:58 . 2008-02-14 21:00 <REP> d-------- C:\Program Files\Exalight
    2008-02-14 20:58 . 2008-02-14 20:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-02-14 20:58 . 2008-02-14 20:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-02-13 15:22 . 2008-02-13 15:49 <REP> d-------- C:\Program Files\Bonjour
    2008-02-13 15:14 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\VstPlugins
    2008-02-13 15:14 . 2003-04-07 12:07 217,088 --a------ C:\WINDOWS\system32\rewire.dll
    2008-02-13 15:13 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\Image-Line
    2008-02-13 15:13 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Sonic Foundry
    2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry Setup
    2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry
    2008-02-13 15:10 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
    2008-02-13 15:10 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
    2008-02-13 15:10 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
    2008-02-13 15:10 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2008-02-13 15:10 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
    2008-02-13 15:10 . 2008-02-13 15:10 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
    2008-02-08 20:22 . 2008-02-08 20:22 <REP> d-------- C:\Program Files\Microsoft Games
    2008-02-07 16:29 . 2008-02-20 11:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\OpenOffice.org2
    2008-02-06 22:31 . 2008-02-06 22:31 <REP> d-------- C:\Program Files\Activision
    2008-02-06 22:27 . 2008-02-06 22:27 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-02-06 21:20 . 2008-02-06 21:20 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Java
    2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-02-06 21:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-06 17:48 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2008-02-06 17:48 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-02-06 17:48 . 2008-02-06 17:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-02-06 17:48 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2008-02-06 17:48 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-02-06 17:48 . 2008-02-06 17:48 22,328 --a------ C:\Documents and Settings\Litea\Application Data\PnkBstrK.sys
    2008-02-06 16:50 . 2008-02-06 16:50 <REP> d-------- C:\Program Files\thriXXX
    2008-02-06 15:48 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-02-06 15:09 . 2008-02-19 11:28 <REP> d-------- C:\Downloads
    2008-02-06 15:00 . 2008-02-19 21:14 <REP> d-------- C:\Program Files\Free Download Manager
    2008-02-04 19:47 . 2008-02-04 19:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-02-04 19:37 . 2008-02-04 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
    2008-02-04 19:29 . 2008-02-04 19:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-04 19:08 . 2008-02-07 16:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-02 16:12 . 2008-02-02 16:12 <REP> d-------- C:\Program Files\Common Files
    2008-02-02 15:29 . 2008-02-02 16:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
    2008-02-02 13:58 . 2008-02-02 14:01 <REP> d-------- C:\Program Files\VirtualDJ
    2008-01-31 01:22 . 2008-01-31 01:22 <REP> d-------- C:\Program Files\Veoh Networks
    2008-01-30 14:05 . 2008-02-06 17:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-01-30 14:04 . 2008-01-30 14:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-30 14:04 . 2008-02-06 17:48 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-01-30 14:04 . 2008-02-06 17:48 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-01-28 15:06 . 2008-02-19 21:27 <REP> d-------- C:\Documents and Settings\Litea\Application Data\FileZilla
    2008-01-28 14:56 . 2008-01-28 14:57 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 18:38 . 2008-01-25 18:38 <REP> d-------- C:\Program Files\DivX
    2008-01-23 19:21 . 2008-01-23 19:21 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Apple Computer
    2008-01-23 19:21 . 2008-02-21 11:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-23 19:21 . 2008-01-23 19:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\QuickTime
    2008-01-23 19:20 . 2008-01-23 19:21 <REP> d-------- C:\Program Files\iTunes
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\iPod
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 13:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-20 12:56 13,312 --s-a-w C:\WINDOWS\system32\wbchha.dll
    2008-02-19 20:15 --------- d-----w C:\Program Files\Lineage II
    2008-02-19 18:09 --------- d-----w C:\Program Files\EA GAMES
    2008-02-18 23:25 --------- d-----w C:\Program Files\Electronic Arts
    2008-02-01 19:36 --------- d-----w C:\Documents and Settings\Litea\Application Data\teamspeak2
    2008-02-01 16:07 --------- d-----w C:\Program Files\GUILD WARS
    2008-01-29 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-26 20:27 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-01-25 05:03 --------- d-----w C:\Program Files\McAfee
    2008-01-21 05:07 --------- d-----w C:\Documents and Settings\Litea\Application Data\ATI
    2008-01-20 20:19 --------- d-----w C:\Program Files\ATI Technologies
    2008-01-20 20:15 --------- d-----w C:\Program Files\MSBuild
    2008-01-20 20:13 --------- d-----w C:\Program Files\Reference Assemblies
    2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Litea\Application Data\vlc
    2008-01-20 19:44 --------- d-----w C:\Program Files\VideoLAN
    2008-01-19 14:35 --------- d-----w C:\Documents and Settings\Litea\Application Data\Media Player Classic
    2008-01-19 14:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-01-18 18:35 --------- d-----w C:\Program Files\GUILD WARS2
    2008-01-18 16:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-01-18 16:58 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-18 16:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9805.sys
    2008-01-18 16:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-16 20:50 --------- d-----w C:\Program Files\GameSpy
    2008-01-16 20:37 --------- d-----w C:\Program Files\Realtek
    2008-01-16 20:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-16 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\skypePM
    2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\Skype
    2008-01-16 20:16 --------- d-----w C:\Program Files\Skype
    2008-01-16 20:16 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-01-16 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-16 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-16 20:05 --------- d-----w C:\Program Files\Windows Live
    2008-01-16 20:00 --------- d-----w C:\Documents and Settings\Litea\Application Data\Talkback
    2008-01-16 19:40 --------- d-----w C:\Program Files\Intel
    2008-01-16 19:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-01-16 19:38 --------- d-----w C:\Program Files\Dell
    2008-01-16 19:28 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-01-16 19:28 --------- d-----w C:\Program Files\Belkin
    2008-01-16 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-01-16 19:24 --------- d-----w C:\Program Files\Fichiers communs\McAfee
    2008-01-16 19:23 --------- d-----w C:\Program Files\McAfee.com
    2008-01-16 19:14 --------- d-----w C:\Program Files\GemMasterFrench
    2008-01-16 19:14 --------- d-----w C:\Program Files\FrenchOtto
    2008-01-16 19:08 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-16 19:06 --------- d-----w C:\Program Files\Services en ligne
    2008-01-16 19:03 --------- d-----w C:\Program Files\Windows Plus
    2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2007-12-07 00:47 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}]
    C:\Program Files\Helper\1203549329.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
    2008-02-21 11:40 9728 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263}
    {81705D67-3F73-4983-859B-97D0922E5ABE}

    [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]

    [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "msnmsgr"="C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-23 12:23 3497984]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-06 16:06 2590128]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-20 00:23 287040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.exe]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some"= C:\Program Files\NetProject\scit.exe
    "start"= C:\Program Files\NetProject\sbmntr.exe

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\system32\wbchha.dll [2008-02-20 13:56 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-11-08 23:00 128920 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-16 19:23:30 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-01-16 19:23:28 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-21 11:47:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\system32\wbchha.dll
    .
    Temps d'accomplissement: 2008-02-21 11:47:57
    ComboFix-quarantined-files.txt 2008-02-21 10:47:49
    .
    2008-02-13 20:51:54 --- E O F ---

    Log d'hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:07:08, on 21/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\PROGRA~1\McAfee\MSC\mcregist.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee\msc\mcuimgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Litea\Bureau\Remove scit\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 213.239.219.83 l2authd.lineage2.com # m0o age
    O1 - Hosts: 213.239.219.83 L2testauthd.lineage2.com #m0o age
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203549329.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\wbchha.dll

    Folder::
    C:\Program Files\NetProject
    C:\Program Files\Helper
    C:\Program Files\DNA
    C:\Program Files\xyr0x security

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
    [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some"=-
    "start"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
    "{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    Ps : c´est quoi ceci :

    C:\Program Files\L2 C7

    C:\Program Files\Qtracker

    @+
    0
  9. litea Messages postés 33 Statut Membre 5
     
    L2 C7 => Lineage 2 Chronicle 7 Kamel :)
    Qtracker => Logiciel permettant l'acces aux serveurs de tout type de jeux.

    Je vais faire ce que tu m'as dis de ce pas.
    0
  10. litea Messages postés 33 Statut Membre 5
     
    Virus => Partit :)

    Log file Combofix :

    ComboFix 08-02-21 - Litea 2008-02-21 15:51:55.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2821 [GMT 1:00]
    Endroit: C:\Documents and Settings\Litea\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-21 12:49 . 2008-02-21 12:49 <REP> d-------- C:\Program Files\Rockstar Games
    2008-02-21 12:17 . 2008-02-21 12:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-02-21 00:57 . 2008-02-21 01:00 <REP> d-------- C:\Program Files\RogueRemover FREE
    2008-02-21 00:15 . 2008-02-21 00:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-20 13:56 . 2008-02-20 13:56 <REP> d-------- C:\Program Files\Ubisoft
    2008-02-20 11:09 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Qtracker
    2008-02-20 00:23 . 2008-02-21 15:24 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DNA
    2008-02-20 00:23 . 2008-02-20 00:30 <REP> d-------- C:\Documents and Settings\Litea\Application Data\BitTorrent
    2008-02-19 22:55 . 2003-07-18 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-02-19 22:55 . 2005-01-02 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-02-19 22:37 . 2008-02-19 23:16 <REP> d-------- C:\Program Files\L2 C7
    2008-02-19 21:51 . 2008-02-20 11:17 <REP> d-------- C:\PunkBuster
    2008-02-19 21:45 . 2008-02-19 21:52 <REP> d-------- C:\Program Files\The All-Seeing Eye
    2008-02-19 20:44 . 2008-02-19 20:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-19 19:09 . 2004-08-18 04:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-02-19 16:19 . 2008-02-19 16:19 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Atari
    2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Leadertech
    2008-02-19 16:11 . 2008-02-19 16:11 <REP> d-------- C:\Program Files\Atari
    2008-02-19 13:49 . 2008-02-19 13:49 <REP> d--h----- C:\WINDOWS\PIF
    2008-02-19 11:15 . 2008-02-19 11:15 <REP> dr-h----- C:\Documents and Settings\Litea\Application Data\SecuROM
    2008-02-19 11:14 . 2008-02-19 11:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-02-19 11:02 . 2008-02-19 11:12 <REP> d-------- C:\Program Files\EA Sports
    2008-02-19 01:03 . 2008-02-19 11:42 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-02-19 01:03 . 2008-02-19 22:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\IDM
    2008-02-19 01:03 . 2008-02-21 15:44 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DMCache
    2008-02-18 21:16 . 2008-02-18 21:16 <REP> d-------- C:\Program Files\Empire Interactive
    2008-02-18 13:41 . 2008-02-18 13:41 <REP> d-------- C:\Program Files\Flagship Studios
    2008-02-17 15:25 . 2008-02-17 15:25 <REP> d-------- C:\WINDOWS\system32\Msinstall
    2008-02-14 20:59 . 2008-02-21 14:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\F4
    2008-02-14 20:58 . 2008-02-14 20:58 <REP> d-------- C:\Program Files\OpenAL
    2008-02-14 20:58 . 2008-02-14 20:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-02-14 20:58 . 2008-02-14 20:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-02-13 15:22 . 2008-02-13 15:49 <REP> d-------- C:\Program Files\Bonjour
    2008-02-13 15:14 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\VstPlugins
    2008-02-13 15:14 . 2003-04-07 12:07 217,088 --a------ C:\WINDOWS\system32\rewire.dll
    2008-02-13 15:13 . 2008-02-21 14:56 <REP> d-------- C:\Program Files\Image-Line
    2008-02-13 15:13 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Sonic Foundry
    2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry Setup
    2008-02-13 15:10 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
    2008-02-13 15:10 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
    2008-02-13 15:10 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
    2008-02-13 15:10 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2008-02-13 15:10 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
    2008-02-13 15:10 . 2008-02-13 15:10 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
    2008-02-08 20:22 . 2008-02-08 20:22 <REP> d-------- C:\Program Files\Microsoft Games
    2008-02-07 16:29 . 2008-02-20 11:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\OpenOffice.org2
    2008-02-06 22:31 . 2008-02-06 22:31 <REP> d-------- C:\Program Files\Activision
    2008-02-06 22:27 . 2008-02-06 22:27 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-02-06 21:20 . 2008-02-06 21:20 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Java
    2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-02-06 21:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-06 17:48 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2008-02-06 17:48 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-02-06 17:48 . 2008-02-06 17:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-02-06 17:48 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2008-02-06 17:48 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2008-02-06 17:48 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-02-06 17:48 . 2008-02-06 17:48 22,328 --a------ C:\Documents and Settings\Litea\Application Data\PnkBstrK.sys
    2008-02-06 16:50 . 2008-02-06 16:50 <REP> d-------- C:\Program Files\thriXXX
    2008-02-06 15:48 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-02-06 15:09 . 2008-02-19 11:28 <REP> d-------- C:\Downloads
    2008-02-06 15:00 . 2008-02-19 21:14 <REP> d-------- C:\Program Files\Free Download Manager
    2008-02-04 19:47 . 2008-02-04 19:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-02-04 19:37 . 2008-02-04 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
    2008-02-04 19:29 . 2008-02-04 19:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-04 19:08 . 2008-02-07 16:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-02 16:12 . 2008-02-02 16:12 <REP> d-------- C:\Program Files\Common Files
    2008-02-02 15:29 . 2008-02-02 16:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
    2008-02-02 13:58 . 2008-02-02 14:01 <REP> d-------- C:\Program Files\VirtualDJ
    2008-01-31 01:22 . 2008-01-31 01:22 <REP> d-------- C:\Program Files\Veoh Networks
    2008-01-30 14:05 . 2008-02-06 17:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-01-30 14:04 . 2008-01-30 14:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-30 14:04 . 2008-02-06 17:48 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-01-30 14:04 . 2008-02-06 17:48 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-01-28 15:06 . 2008-02-19 21:27 <REP> d-------- C:\Documents and Settings\Litea\Application Data\FileZilla
    2008-01-28 14:56 . 2008-01-28 14:57 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 18:38 . 2008-01-25 18:38 <REP> d-------- C:\Program Files\DivX
    2008-01-23 19:21 . 2008-01-23 19:21 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Apple Computer
    2008-01-23 19:21 . 2008-02-21 15:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-23 19:21 . 2008-01-23 19:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\QuickTime
    2008-01-23 19:20 . 2008-01-23 19:21 <REP> d-------- C:\Program Files\iTunes
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\iPod
    2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-21 07:05 . 2008-01-21 07:05 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-01-21 06:07 . 2008-01-21 06:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-01-21 06:06 . 2008-01-21 06:06 0 --a------ C:\WINDOWS\ativpsrm.bin

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-21 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-21 11:34 --------- d-----w C:\Program Files\McAfee
    2008-02-19 20:15 --------- d-----w C:\Program Files\Lineage II
    2008-02-19 18:09 --------- d-----w C:\Program Files\EA GAMES
    2008-02-18 23:25 --------- d-----w C:\Program Files\Electronic Arts
    2008-02-01 19:36 --------- d-----w C:\Documents and Settings\Litea\Application Data\teamspeak2
    2008-02-01 16:07 --------- d-----w C:\Program Files\GUILD WARS
    2008-01-29 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-26 20:27 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-01-21 05:07 --------- d-----w C:\Documents and Settings\Litea\Application Data\ATI
    2008-01-20 20:19 --------- d-----w C:\Program Files\ATI Technologies
    2008-01-20 20:15 --------- d-----w C:\Program Files\MSBuild
    2008-01-20 20:13 --------- d-----w C:\Program Files\Reference Assemblies
    2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Litea\Application Data\vlc
    2008-01-20 19:44 --------- d-----w C:\Program Files\VideoLAN
    2008-01-19 14:35 --------- d-----w C:\Documents and Settings\Litea\Application Data\Media Player Classic
    2008-01-19 14:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-01-18 18:35 --------- d-----w C:\Program Files\GUILD WARS2
    2008-01-18 16:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-01-18 16:58 --------- d-----w C:\Program Files\DAEMON Tools
    2008-01-18 16:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9805.sys
    2008-01-18 16:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-16 20:50 --------- d-----w C:\Program Files\GameSpy
    2008-01-16 20:37 --------- d-----w C:\Program Files\Realtek
    2008-01-16 20:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-16 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\skypePM
    2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\Skype
    2008-01-16 20:16 --------- d-----w C:\Program Files\Skype
    2008-01-16 20:16 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-01-16 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-16 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-16 20:05 --------- d-----w C:\Program Files\Windows Live
    2008-01-16 20:00 --------- d-----w C:\Documents and Settings\Litea\Application Data\Talkback
    2008-01-16 19:40 --------- d-----w C:\Program Files\Intel
    2008-01-16 19:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-01-16 19:38 --------- d-----w C:\Program Files\Dell
    2008-01-16 19:28 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-01-16 19:28 --------- d-----w C:\Program Files\Belkin
    2008-01-16 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-01-16 19:24 --------- d-----w C:\Program Files\Fichiers communs\McAfee
    2008-01-16 19:23 --------- d-----w C:\Program Files\McAfee.com
    2008-01-16 19:14 --------- d-----w C:\Program Files\GemMasterFrench
    2008-01-16 19:14 --------- d-----w C:\Program Files\FrenchOtto
    2008-01-16 19:08 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-16 19:06 --------- d-----w C:\Program Files\Services en ligne
    2008-01-16 19:03 --------- d-----w C:\Program Files\Windows Plus
    2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2007-12-07 00:47 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "msnmsgr"="C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-23 12:23 3497984]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-06 16:06 2590128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.exe]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\system32\wbchha.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-11-08 23:00 128920 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-16 19:23:30 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-01-16 19:23:28 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-21 15:56:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-21 15:56:43
    ComboFix-quarantined-files.txt 2008-02-21 14:56:35
    ComboFix2.txt 2008-02-21 14:38:20
    ComboFix3.txt 2008-02-21 11:12:39
    ComboFix4.txt 2008-02-21 10:47:58
    .
    2008-02-13 20:51:54 --- E O F ---

    Logfile d'hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58:33, on 21/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Litea\Bureau\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Litea\Bureau\Remove scit\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    Oui ca a l´air mieux ;-)

    A l´aide de hijack this coche et fix les lignes ci dessous :

    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)

    Comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Puis performes ce scan en ligne et post le rapport ici sur le forum :

    Fais un scan en ligne Kaspersky avec Internet Explorer :
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    -> Click sur Démarrer Online-Scanner
    -> Click maintenant sur J'accepte.
    -> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    -> Patiente pendant l'installation des Mises à jour.
    -> Choisis par la suite l'analyse du Poste de travail.
    -> Sauvegarde puis colle le rapport généré en fin d'analyse.

    @+
    0
  12. T4C-Master
     
    Bonjour,

    J'ai moi aussi été infecté par le virus. Voici mon log Hijackthis. Je ne sais pas quoi faire. Merci d'avance.

    Logfile of HijackThis v1.99.1
    Scan saved at 01:04:36, on 2008-04-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
    O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = ?
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sb44.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0