Virus W32.Myzor.fk@yf

Mike -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
J'ai été infecté par le virus W32.Myzor.fk@yf sous Windows XP Service pack 2, en plus j'ai une barre de tâche supplémentaire dans explorer pour télécharger des logiciels...
Voici le rapport Hijackthis :
En vous remerciant d'avance pour votre aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:23, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\TEMP\QLE20E.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.29.234.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll
O23 - Service: Scan en temps réel d'OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Service d'écoute d'OfficeScan NT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Pare-feu d'OfficeScan NT (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
A voir également:

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
slt,

vire le fichier mywaySA et netproject en allant dans poste de travail puis C puis prog files:

C:\Program Files\MyWaySA
C:\Program Files\NetProject
_____________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/fr-fr
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll


__________________



smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php




2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée


_________________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox

___________________


recolle un rapport hiajkchtis et dis tes soucis
0
Réponse 2 / 12
Mike
 
Problème résolu,
Il n'y a plus rien

MERCI !!!
0
Réponse 3 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut mike,

tu es sur?

post un nouveau rapport hijack this

@+
0
Réponse 4 / 12
litea Messages postés 33 Date d'inscription   Statut Membre Dernière intervention   5
 
Bonsoir, je suis malheureusement infecter aussi :s Voici donc mon log sous HiJackThis - Windows XP Media Center edition SP2 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:19, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\NetProject\scit.exe
C:\Documents and Settings\Litea\Bureau\Remoce scit\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 213.239.219.83 l2authd.lineage2.com # m0o age
O1 - Hosts: 213.239.219.83 L2testauthd.lineage2.com #m0o age
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203549329.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut litea,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.

@+
0
Réponse 6 / 12
litea Messages postés 33 Date d'inscription   Statut Membre Dernière intervention   5
 
Log de combofix




ComboFix 08-02-21 - Litea 2008-02-21 11:42:22.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2800 [GMT 1:00]
Endroit: C:\Documents and Settings\Litea\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.

2008-02-21 00:57 . 2008-02-21 01:00 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-02-21 00:15 . 2008-02-21 00:28 <REP> d-------- C:\Program Files\NetProject
2008-02-21 00:15 . 2008-02-21 00:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 13:56 . 2008-02-20 13:56 <REP> d-------- C:\Program Files\Ubisoft
2008-02-20 11:09 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Qtracker
2008-02-20 00:32 . 2008-02-20 00:32 <REP> d-------- C:\Program Files\xyr0x security
2008-02-20 00:23 . 2008-02-20 00:23 <REP> d-------- C:\Program Files\DNA
2008-02-20 00:23 . 2008-02-20 00:23 <REP> d-------- C:\Program Files\BitTorrent
2008-02-20 00:23 . 2008-02-21 02:31 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DNA
2008-02-20 00:23 . 2008-02-20 00:30 <REP> d-------- C:\Documents and Settings\Litea\Application Data\BitTorrent
2008-02-19 22:55 . 2003-07-18 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-19 22:55 . 2005-01-02 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-19 22:37 . 2008-02-19 23:16 <REP> d-------- C:\Program Files\L2 C7
2008-02-19 21:51 . 2008-02-20 11:17 <REP> d-------- C:\PunkBuster
2008-02-19 21:45 . 2008-02-19 21:52 <REP> d-------- C:\Program Files\The All-Seeing Eye
2008-02-19 20:44 . 2008-02-19 20:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-19 19:09 . 2004-08-18 04:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-19 16:19 . 2008-02-19 16:19 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Atari
2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Leadertech
2008-02-19 16:13 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-02-19 16:11 . 2008-02-19 16:11 <REP> d-------- C:\Program Files\Atari
2008-02-19 13:49 . 2008-02-19 13:49 <REP> d--h----- C:\WINDOWS\PIF
2008-02-19 11:15 . 2008-02-19 11:15 <REP> dr-h----- C:\Documents and Settings\Litea\Application Data\SecuROM
2008-02-19 11:14 . 2008-02-19 11:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-19 11:02 . 2008-02-19 11:12 <REP> d-------- C:\Program Files\EA Sports
2008-02-19 01:03 . 2008-02-19 11:42 <REP> d-------- C:\Program Files\Internet Download Manager
2008-02-19 01:03 . 2008-02-19 22:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\IDM
2008-02-19 01:03 . 2008-02-21 11:40 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DMCache
2008-02-18 21:16 . 2008-02-18 21:16 <REP> d-------- C:\Program Files\Empire Interactive
2008-02-18 13:41 . 2008-02-18 13:41 <REP> d-------- C:\Program Files\Flagship Studios
2008-02-17 15:25 . 2008-02-17 15:25 <REP> d-------- C:\WINDOWS\system32\Msinstall
2008-02-14 20:59 . 2008-02-14 21:00 <REP> d-------- C:\Documents and Settings\Litea\Application Data\F4
2008-02-14 20:58 . 2008-02-14 20:58 <REP> d-------- C:\Program Files\OpenAL
2008-02-14 20:58 . 2008-02-14 21:00 <REP> d-------- C:\Program Files\Exalight
2008-02-14 20:58 . 2008-02-14 20:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-14 20:58 . 2008-02-14 20:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-13 15:22 . 2008-02-13 15:49 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 15:14 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\VstPlugins
2008-02-13 15:14 . 2003-04-07 12:07 217,088 --a------ C:\WINDOWS\system32\rewire.dll
2008-02-13 15:13 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\Image-Line
2008-02-13 15:13 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Sonic Foundry
2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry
2008-02-13 15:10 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-02-13 15:10 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-02-13 15:10 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-02-13 15:10 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-13 15:10 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-02-13 15:10 . 2008-02-13 15:10 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-08 20:22 . 2008-02-08 20:22 <REP> d-------- C:\Program Files\Microsoft Games
2008-02-07 16:29 . 2008-02-20 11:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\OpenOffice.org2
2008-02-06 22:31 . 2008-02-06 22:31 <REP> d-------- C:\Program Files\Activision
2008-02-06 22:27 . 2008-02-06 22:27 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-06 21:20 . 2008-02-06 21:20 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Java
2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-06 21:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 17:48 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-06 17:48 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-06 17:48 . 2008-02-06 17:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-06 17:48 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-06 17:48 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-06 17:48 . 2008-02-06 17:48 22,328 --a------ C:\Documents and Settings\Litea\Application Data\PnkBstrK.sys
2008-02-06 16:50 . 2008-02-06 16:50 <REP> d-------- C:\Program Files\thriXXX
2008-02-06 15:48 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-02-06 15:09 . 2008-02-19 11:28 <REP> d-------- C:\Downloads
2008-02-06 15:00 . 2008-02-19 21:14 <REP> d-------- C:\Program Files\Free Download Manager
2008-02-04 19:47 . 2008-02-04 19:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-04 19:37 . 2008-02-04 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-02-04 19:29 . 2008-02-04 19:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-04 19:08 . 2008-02-07 16:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-02 16:12 . 2008-02-02 16:12 <REP> d-------- C:\Program Files\Common Files
2008-02-02 15:29 . 2008-02-02 16:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-02-02 13:58 . 2008-02-02 14:01 <REP> d-------- C:\Program Files\VirtualDJ
2008-01-31 01:22 . 2008-01-31 01:22 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-30 14:05 . 2008-02-06 17:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-30 14:04 . 2008-01-30 14:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 14:04 . 2008-02-06 17:48 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-30 14:04 . 2008-02-06 17:48 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-28 15:06 . 2008-02-19 21:27 <REP> d-------- C:\Documents and Settings\Litea\Application Data\FileZilla
2008-01-28 14:56 . 2008-01-28 14:57 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-25 18:38 . 2008-01-25 18:38 <REP> d-------- C:\Program Files\DivX
2008-01-23 19:21 . 2008-01-23 19:21 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Apple Computer
2008-01-23 19:21 . 2008-02-21 11:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 19:21 . 2008-01-23 19:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\QuickTime
2008-01-23 19:20 . 2008-01-23 19:21 <REP> d-------- C:\Program Files\iTunes
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\iPod
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 13:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 12:56 13,312 --s-a-w C:\WINDOWS\system32\wbchha.dll
2008-02-19 20:15 --------- d-----w C:\Program Files\Lineage II
2008-02-19 18:09 --------- d-----w C:\Program Files\EA GAMES
2008-02-18 23:25 --------- d-----w C:\Program Files\Electronic Arts
2008-02-01 19:36 --------- d-----w C:\Documents and Settings\Litea\Application Data\teamspeak2
2008-02-01 16:07 --------- d-----w C:\Program Files\GUILD WARS
2008-01-29 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-26 20:27 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-01-25 05:03 --------- d-----w C:\Program Files\McAfee
2008-01-21 05:07 --------- d-----w C:\Documents and Settings\Litea\Application Data\ATI
2008-01-20 20:19 --------- d-----w C:\Program Files\ATI Technologies
2008-01-20 20:15 --------- d-----w C:\Program Files\MSBuild
2008-01-20 20:13 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Litea\Application Data\vlc
2008-01-20 19:44 --------- d-----w C:\Program Files\VideoLAN
2008-01-19 14:35 --------- d-----w C:\Documents and Settings\Litea\Application Data\Media Player Classic
2008-01-19 14:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-18 18:35 --------- d-----w C:\Program Files\GUILD WARS2
2008-01-18 16:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-18 16:58 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-18 16:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9805.sys
2008-01-18 16:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-16 20:50 --------- d-----w C:\Program Files\GameSpy
2008-01-16 20:37 --------- d-----w C:\Program Files\Realtek
2008-01-16 20:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-16 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\skypePM
2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\Skype
2008-01-16 20:16 --------- d-----w C:\Program Files\Skype
2008-01-16 20:16 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-01-16 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-16 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-16 20:05 --------- d-----w C:\Program Files\Windows Live
2008-01-16 20:00 --------- d-----w C:\Documents and Settings\Litea\Application Data\Talkback
2008-01-16 19:40 --------- d-----w C:\Program Files\Intel
2008-01-16 19:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-16 19:38 --------- d-----w C:\Program Files\Dell
2008-01-16 19:28 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-16 19:28 --------- d-----w C:\Program Files\Belkin
2008-01-16 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-16 19:24 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-01-16 19:23 --------- d-----w C:\Program Files\McAfee.com
2008-01-16 19:14 --------- d-----w C:\Program Files\GemMasterFrench
2008-01-16 19:14 --------- d-----w C:\Program Files\FrenchOtto
2008-01-16 19:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-16 19:06 --------- d-----w C:\Program Files\Services en ligne
2008-01-16 19:03 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-07 00:47 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}]
C:\Program Files\Helper\1203549329.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-02-21 11:40 9728 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263}
{81705D67-3F73-4983-859B-97D0922E5ABE}

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"msnmsgr"="C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-23 12:23 3497984]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-06 16:06 2590128]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-20 00:23 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe
"start"= C:\Program Files\NetProject\sbmntr.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\system32\wbchha.dll [2008-02-20 13:56 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 19:23:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-16 19:23:28 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 11:47:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\wbchha.dll
.
Temps d'accomplissement: 2008-02-21 11:47:57
ComboFix-quarantined-files.txt 2008-02-21 10:47:49
.
2008-02-13 20:51:54 --- E O F ---



Log d'hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:08, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NetProject\scm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\NetProject\sbsm.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\McAfee\MSC\mcregist.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Litea\Bureau\Remove scit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 213.239.219.83 l2authd.lineage2.com # m0o age
O1 - Hosts: 213.239.219.83 L2testauthd.lineage2.com #m0o age
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203549329.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
0
Réponse 7 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\wbchha.dll

Folder::
C:\Program Files\NetProject
C:\Program Files\Helper
C:\Program Files\DNA
C:\Program Files\xyr0x security

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
[-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=-
"start"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Ps : c´est quoi ceci :

C:\Program Files\L2 C7

C:\Program Files\Qtracker

@+
0
Réponse 8 / 12
litea Messages postés 33 Date d'inscription   Statut Membre Dernière intervention   5
 
L2 C7 => Lineage 2 Chronicle 7 Kamel :)
Qtracker => Logiciel permettant l'acces aux serveurs de tout type de jeux.

Je vais faire ce que tu m'as dis de ce pas.
0
Réponse 9 / 12
litea Messages postés 33 Date d'inscription   Statut Membre Dernière intervention   5
 
Virus => Partit :)

Log file Combofix :

ComboFix 08-02-21 - Litea 2008-02-21 15:51:55.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2821 [GMT 1:00]
Endroit: C:\Documents and Settings\Litea\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.

2008-02-21 12:49 . 2008-02-21 12:49 <REP> d-------- C:\Program Files\Rockstar Games
2008-02-21 12:17 . 2008-02-21 12:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-02-21 00:57 . 2008-02-21 01:00 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-02-21 00:15 . 2008-02-21 00:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 13:56 . 2008-02-20 13:56 <REP> d-------- C:\Program Files\Ubisoft
2008-02-20 11:09 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Qtracker
2008-02-20 00:23 . 2008-02-21 15:24 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DNA
2008-02-20 00:23 . 2008-02-20 00:30 <REP> d-------- C:\Documents and Settings\Litea\Application Data\BitTorrent
2008-02-19 22:55 . 2003-07-18 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-19 22:55 . 2005-01-02 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-19 22:37 . 2008-02-19 23:16 <REP> d-------- C:\Program Files\L2 C7
2008-02-19 21:51 . 2008-02-20 11:17 <REP> d-------- C:\PunkBuster
2008-02-19 21:45 . 2008-02-19 21:52 <REP> d-------- C:\Program Files\The All-Seeing Eye
2008-02-19 20:44 . 2008-02-19 20:44 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-19 19:09 . 2004-08-18 04:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-19 16:19 . 2008-02-19 16:19 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Atari
2008-02-19 16:13 . 2008-02-19 16:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Leadertech
2008-02-19 16:11 . 2008-02-19 16:11 <REP> d-------- C:\Program Files\Atari
2008-02-19 13:49 . 2008-02-19 13:49 <REP> d--h----- C:\WINDOWS\PIF
2008-02-19 11:15 . 2008-02-19 11:15 <REP> dr-h----- C:\Documents and Settings\Litea\Application Data\SecuROM
2008-02-19 11:14 . 2008-02-19 11:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-19 11:02 . 2008-02-19 11:12 <REP> d-------- C:\Program Files\EA Sports
2008-02-19 01:03 . 2008-02-19 11:42 <REP> d-------- C:\Program Files\Internet Download Manager
2008-02-19 01:03 . 2008-02-19 22:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\IDM
2008-02-19 01:03 . 2008-02-21 15:44 <REP> d-------- C:\Documents and Settings\Litea\Application Data\DMCache
2008-02-18 21:16 . 2008-02-18 21:16 <REP> d-------- C:\Program Files\Empire Interactive
2008-02-18 13:41 . 2008-02-18 13:41 <REP> d-------- C:\Program Files\Flagship Studios
2008-02-17 15:25 . 2008-02-17 15:25 <REP> d-------- C:\WINDOWS\system32\Msinstall
2008-02-14 20:59 . 2008-02-21 14:54 <REP> d-------- C:\Documents and Settings\Litea\Application Data\F4
2008-02-14 20:58 . 2008-02-14 20:58 <REP> d-------- C:\Program Files\OpenAL
2008-02-14 20:58 . 2008-02-14 20:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-14 20:58 . 2008-02-14 20:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-13 15:22 . 2008-02-13 15:49 <REP> d-------- C:\Program Files\Bonjour
2008-02-13 15:14 . 2008-02-13 15:14 <REP> d-------- C:\Program Files\VstPlugins
2008-02-13 15:14 . 2003-04-07 12:07 217,088 --a------ C:\WINDOWS\system32\rewire.dll
2008-02-13 15:13 . 2008-02-21 14:56 <REP> d-------- C:\Program Files\Image-Line
2008-02-13 15:13 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Sonic Foundry
2008-02-13 15:10 . 2008-02-13 15:10 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2008-02-13 15:10 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-02-13 15:10 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-02-13 15:10 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-02-13 15:10 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-13 15:10 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-02-13 15:10 . 2008-02-13 15:10 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-08 20:22 . 2008-02-08 20:22 <REP> d-------- C:\Program Files\Microsoft Games
2008-02-07 16:29 . 2008-02-20 11:13 <REP> d-------- C:\Documents and Settings\Litea\Application Data\OpenOffice.org2
2008-02-06 22:31 . 2008-02-06 22:31 <REP> d-------- C:\Program Files\Activision
2008-02-06 22:27 . 2008-02-06 22:27 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-06 21:20 . 2008-02-06 21:20 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Java
2008-02-06 21:19 . 2008-02-06 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-06 21:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 17:48 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-06 17:48 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-06 17:48 . 2008-02-06 17:48 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-06 17:48 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-06 17:48 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-06 17:48 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-06 17:48 . 2008-02-06 17:48 22,328 --a------ C:\Documents and Settings\Litea\Application Data\PnkBstrK.sys
2008-02-06 16:50 . 2008-02-06 16:50 <REP> d-------- C:\Program Files\thriXXX
2008-02-06 15:48 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-02-06 15:09 . 2008-02-19 11:28 <REP> d-------- C:\Downloads
2008-02-06 15:00 . 2008-02-19 21:14 <REP> d-------- C:\Program Files\Free Download Manager
2008-02-04 19:47 . 2008-02-04 19:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-04 19:37 . 2008-02-04 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-02-04 19:29 . 2008-02-04 19:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-04 19:08 . 2008-02-07 16:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-02 16:12 . 2008-02-02 16:12 <REP> d-------- C:\Program Files\Common Files
2008-02-02 15:29 . 2008-02-02 16:04 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2008-02-02 13:58 . 2008-02-02 14:01 <REP> d-------- C:\Program Files\VirtualDJ
2008-01-31 01:22 . 2008-01-31 01:22 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-30 14:05 . 2008-02-06 17:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-30 14:04 . 2008-01-30 14:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 14:04 . 2008-02-06 17:48 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-30 14:04 . 2008-02-06 17:48 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-28 15:06 . 2008-02-19 21:27 <REP> d-------- C:\Documents and Settings\Litea\Application Data\FileZilla
2008-01-28 14:56 . 2008-01-28 14:57 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-26 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-26 11:31 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-25 18:38 . 2008-01-25 18:38 <REP> d-------- C:\Program Files\DivX
2008-01-23 19:21 . 2008-01-23 19:21 <REP> d-------- C:\Documents and Settings\Litea\Application Data\Apple Computer
2008-01-23 19:21 . 2008-02-21 15:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 19:21 . 2008-01-23 19:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\QuickTime
2008-01-23 19:20 . 2008-01-23 19:21 <REP> d-------- C:\Program Files\iTunes
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Program Files\iPod
2008-01-23 19:20 . 2008-01-23 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-23 19:19 . 2008-01-23 19:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-21 07:05 . 2008-01-21 07:05 <REP> d-------- C:\Program Files\MSXML 6.0
2008-01-21 06:07 . 2008-01-21 06:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-21 06:06 . 2008-01-21 06:06 0 --a------ C:\WINDOWS\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 11:34 --------- d-----w C:\Program Files\McAfee
2008-02-19 20:15 --------- d-----w C:\Program Files\Lineage II
2008-02-19 18:09 --------- d-----w C:\Program Files\EA GAMES
2008-02-18 23:25 --------- d-----w C:\Program Files\Electronic Arts
2008-02-01 19:36 --------- d-----w C:\Documents and Settings\Litea\Application Data\teamspeak2
2008-02-01 16:07 --------- d-----w C:\Program Files\GUILD WARS
2008-01-29 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-26 20:27 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-01-21 05:07 --------- d-----w C:\Documents and Settings\Litea\Application Data\ATI
2008-01-20 20:19 --------- d-----w C:\Program Files\ATI Technologies
2008-01-20 20:15 --------- d-----w C:\Program Files\MSBuild
2008-01-20 20:13 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Litea\Application Data\vlc
2008-01-20 19:44 --------- d-----w C:\Program Files\VideoLAN
2008-01-19 14:35 --------- d-----w C:\Documents and Settings\Litea\Application Data\Media Player Classic
2008-01-19 14:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-18 18:35 --------- d-----w C:\Program Files\GUILD WARS2
2008-01-18 16:58 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-18 16:58 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-18 16:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9805.sys
2008-01-18 16:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-16 20:50 --------- d-----w C:\Program Files\GameSpy
2008-01-16 20:37 --------- d-----w C:\Program Files\Realtek
2008-01-16 20:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-16 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\skypePM
2008-01-16 20:18 --------- d-----w C:\Documents and Settings\Litea\Application Data\Skype
2008-01-16 20:16 --------- d-----w C:\Program Files\Skype
2008-01-16 20:16 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-01-16 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-16 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-16 20:05 --------- d-----w C:\Program Files\Windows Live
2008-01-16 20:00 --------- d-----w C:\Documents and Settings\Litea\Application Data\Talkback
2008-01-16 19:40 --------- d-----w C:\Program Files\Intel
2008-01-16 19:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-16 19:38 --------- d-----w C:\Program Files\Dell
2008-01-16 19:28 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-16 19:28 --------- d-----w C:\Program Files\Belkin
2008-01-16 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-16 19:24 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-01-16 19:23 --------- d-----w C:\Program Files\McAfee.com
2008-01-16 19:14 --------- d-----w C:\Program Files\GemMasterFrench
2008-01-16 19:14 --------- d-----w C:\Program Files\FrenchOtto
2008-01-16 19:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-16 19:06 --------- d-----w C:\Program Files\Services en ligne
2008-01-16 19:03 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-07 00:47 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"msnmsgr"="C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-23 12:23 3497984]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-06 16:06 2590128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30 152144]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\system32\wbchha.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 19:23:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-16 19:23:28 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 15:56:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-21 15:56:43
ComboFix-quarantined-files.txt 2008-02-21 14:56:35
ComboFix2.txt 2008-02-21 14:38:20
ComboFix3.txt 2008-02-21 11:12:39
ComboFix4.txt 2008-02-21 10:47:58
.
2008-02-13 20:51:54 --- E O F ---


Logfile d'hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:33, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Litea\Bureau\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Litea\Bureau\Remove scit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Litea\Bureau\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Litea\Local Settings\Temp\{F67C4E8A-1F0F-4705-8CC4-D220996DD6AA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
0
Réponse 10 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut,

Oui ca a l´air mieux ;-)

A l´aide de hijack this coche et fix les lignes ci dessous :

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll (file missing)

Comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Puis performes ce scan en ligne et post le rapport ici sur le forum :

Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.

@+
0
Réponse 11 / 12
T4C-Master
 
Bonjour,

J'ai moi aussi été infecté par le virus. Voici mon log Hijackthis. Je ne sais pas quoi faire. Merci d'avance.

Logfile of HijackThis v1.99.1
Scan saved at 01:04:36, on 2008-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NetProject\sbmntr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sb44.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Propriétaire\Bureau\AVG-Anti Espion!\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 12 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses