Sujet Précédent Sujet Suivant

Besoin d'aide pour infection

Fermé
missham Messages postés 5 Date d'inscription jeudi 14 février 2008 Statut Membre Dernière intervention 17 février 2008 - 14 févr. 2008 à 21:01
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 17 févr. 2008 à 22:23
Bonjour,

Voila une semaine que régulièrement mon utilitaire de téléchargement essaye de télécharger quelque chose qui a pour nom www.gladius.tm.fr et pop.php sans que je fasse rien. Bien entendu j'ai refusé systèmatiquement mais les messages n'arréte pas.

De plus mon antivirus ( kaspersky ) détecte très réguliérement les meme chose :

[...]Virtumonde[...]
[...]ad:gen[...]

Et aussi des popus genre : Attention votre PC est infecté, arrive réguliérement.

Je vous remercie de votre aide.

J'ai fait un rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:29, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {166b865e-16a6-8029-bee4-2002fdf77202} - {20277fdf-2002-4eeb-9208-6a61e568b661} - C:\WINDOWS\system32\uusentdm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - C:\WINDOWS\system32\fccbcya.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C875CD4A-441F-44D0-A83E-721357D0388B} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DD7048B9-F27A-49FC-B361-94974B0849BA} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {FEC709BC-13E8-4DE0-B1CD-07BC553E6709} - C:\WINDOWS\system32\awtsr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccbcya - C:\WINDOWS\
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

13 réponses

Réponse 1 / 13
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 févr. 2008 à 21:05
Bonsoir

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

refais aussi un nouveau rapport hijack
@+
0
Réponse 2 / 13
cindy
14 févr. 2008 à 21:05
bonsoir as tu essaye de scanner ton pc en ligne avec un autre antivirus. essaye toujours cette solution ca ne coute rien et tu sauras si tu es infecté.bon courage
0
Réponse 3 / 13
OpTyMyZeR Messages postés 49 Date d'inscription vendredi 3 août 2007 Statut Membre Dernière intervention 7 septembre 2009 11
14 févr. 2008 à 21:06
Va sur HijackThis.de et colle le log dans le Textbox et suis les étapes sur le site, tu auras des réponses.
Si tu n'y comprend rien, fais signe !
0
Réponse 4 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 févr. 2008 à 21:06
slt,




scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.


_________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

__________________

colle le rapport d'un scan en ligne
avec un des suivants: ou colle un rapport avec kaspersky que tu as


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr


______________________

recolle un rapport hiajkchtis et dis tes soucis

a plus
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
missham Messages postés 5 Date d'inscription jeudi 14 février 2008 Statut Membre Dernière intervention 17 février 2008
14 févr. 2008 à 21:52
J'ai suivit la procédure de EP44 :

Voici donc le rapport de VundoFix :


VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:12:30 14/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtsr.dll
C:\windows\system32\drvnipr.dll
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\uusentdm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvnipr.dll
C:\windows\system32\drvnipr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\rstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uusentdm.dll
C:\WINDOWS\system32\uusentdm.dll Has been deleted!

Performing Repairs to the registry.
Done!


Voici ensuite le raport de virtumondo :


[02/14/2008, 21:46:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\CROHEM\Bureau\VirtumundoBeGone.exe" )
[02/14/2008, 21:46:37] - Detected System Information:
[02/14/2008, 21:46:37] - Windows Version: 5.1.2600, Service Pack 2
[02/14/2008, 21:46:37] - Current Username: CROHEM (Admin)
[02/14/2008, 21:46:37] - Windows is in NORMAL mode.
[02/14/2008, 21:46:37] - Searching for Browser Helper Objects:
[02/14/2008, 21:46:37] - BHO 1: {000123B4-9B42-4900-B3F7-F4B073EFC214} (Octh Class)
[02/14/2008, 21:46:37] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/14/2008, 21:46:37] - BHO 3: {20277fdf-2002-4eeb-9208-6a61e568b661} ()
[02/14/2008, 21:46:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:37] - Checking for HKLM\...\Winlogon\Notify\uusentdm
[02/14/2008, 21:46:38] - Key not found: HKLM\...\Winlogon\Notify\uusentdm, continuing.
[02/14/2008, 21:46:38] - BHO 4: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[02/14/2008, 21:46:38] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[02/14/2008, 21:46:38] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/14/2008, 21:46:38] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/14/2008, 21:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:38] - No filename found. Continuing.
[02/14/2008, 21:46:38] - BHO 8: {9DB30F1E-538B-4395-9E49-37C1429AB459} ()
[02/14/2008, 21:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:38] - Checking for HKLM\...\Winlogon\Notify\fccbcya
[02/14/2008, 21:46:38] - Key not found: HKLM\...\Winlogon\Notify\fccbcya, continuing.
[02/14/2008, 21:46:38] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/14/2008, 21:46:38] - BHO 10: {C875CD4A-441F-44D0-A83E-721357D0388B} ()
[02/14/2008, 21:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:38] - Checking for HKLM\...\Winlogon\Notify\ddcyv
[02/14/2008, 21:46:38] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
[02/14/2008, 21:46:38] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[02/14/2008, 21:46:38] - BHO 12: {DD7048B9-F27A-49FC-B361-94974B0849BA} ()
[02/14/2008, 21:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:38] - Checking for HKLM\...\Winlogon\Notify\vtsqp
[02/14/2008, 21:46:38] - Key not found: HKLM\...\Winlogon\Notify\vtsqp, continuing.
[02/14/2008, 21:46:38] - BHO 13: {FEC709BC-13E8-4DE0-B1CD-07BC553E6709} ()
[02/14/2008, 21:46:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/14/2008, 21:46:38] - Checking for HKLM\...\Winlogon\Notify\awtsr
[02/14/2008, 21:46:38] - Key not found: HKLM\...\Winlogon\Notify\awtsr, continuing.
[02/14/2008, 21:46:38] - Finished Searching Browser Helper Objects
[02/14/2008, 21:46:38] - Finishing up...
[02/14/2008, 21:46:38] - Nothing found! Exiting...


Voici le nouveau rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:58, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccbcya - C:\WINDOWS\
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 6 / 13
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 févr. 2008 à 21:54
très bien maintenant
fait le combofix demandé par jlpjlp et poste le rapport

ensuite Télécharge LSPfix sur le bureau
http://www.cexx.org/LSPFix.exe

=Lance LSPfix et agrandis la fenêtre qui, par défaut, est trop petite
=Déconnecte toi d'Internet et ferme toutes les fenêtres
=Coche la case "I know what I'm doing"
=Sélectionne toutes les instances de la dll suivantes :

c:\windows\system32\nwprovau.dll

et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".

Clique sur le bouton [Finish].
0
Réponse 7 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 févr. 2008 à 21:57
ok je te laisse faire ep44



bonne continuation a tous
0
Réponse 8 / 13
missham Messages postés 5 Date d'inscription jeudi 14 février 2008 Statut Membre Dernière intervention 17 février 2008
16 févr. 2008 à 12:14
Voila j'ai fait se que tu as dit,
Pour LSPfix, j'ai juste choisi nwprovau.dll c'était bien ça ?

Voila le rapport ComboFix :

ComboFix 08-02-16.2 - CROHEM 2008-02-16 11:51:05.1 - NTFSx86
Endroit: C:\Documents and Settings\CROHEM\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\tmatcslu.ini
C:\WINDOWS\system32\uwqxbfbn.ini
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))))))
.

2008-02-15 22:46 . 2008-02-15 22:46 56 -r-hs---- C:\WINDOWS\system32\94AD9A6BE7.sys
2008-02-14 22:02 . 2008-02-14 22:03 <REP> d-------- C:\Program Files\Panda Security
2008-02-14 21:12 . 2008-02-14 22:35 <REP> d-------- C:\VundoFix Backups
2008-02-14 20:41 . 2008-02-14 20:41 <REP> d-------- C:\Program Files\Trend Micro
2008-02-10 21:57 . 2008-02-10 21:57 268 --ah----- C:\sqmdata15.sqm
2008-02-10 21:57 . 2008-02-10 21:57 244 --ah----- C:\sqmnoopt15.sqm
2008-02-10 21:27 . 2008-02-10 21:27 268 --ah----- C:\sqmdata14.sqm
2008-02-10 21:27 . 2008-02-10 21:27 244 --ah----- C:\sqmnoopt14.sqm
2008-02-10 21:20 . 2008-02-10 21:20 268 --ah----- C:\sqmdata13.sqm
2008-02-10 21:20 . 2008-02-10 21:20 244 --ah----- C:\sqmnoopt13.sqm
2008-02-10 21:13 . 2008-02-10 21:13 268 --ah----- C:\sqmdata12.sqm
2008-02-10 21:13 . 2008-02-10 21:13 244 --ah----- C:\sqmnoopt12.sqm
2008-02-10 18:32 . 2008-02-10 21:11 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-10 18:32 . 2008-02-10 18:32 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-10 18:28 . 2008-02-10 18:28 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-10 18:28 . 2008-02-16 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 18:28 . 2008-02-16 12:03 4,843,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-10 18:28 . 2008-02-16 12:01 67,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-10 18:28 . 2008-02-16 12:00 65,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 18:28 . 2008-02-16 12:00 7,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-10 18:27 . 2008-02-10 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-10 18:22 . 2008-02-10 18:22 268 --ah----- C:\sqmdata11.sqm
2008-02-10 18:22 . 2008-02-10 18:22 244 --ah----- C:\sqmnoopt11.sqm
2008-02-10 18:16 . 2008-02-10 18:16 268 --ah----- C:\sqmdata10.sqm
2008-02-10 18:16 . 2008-02-10 18:16 244 --ah----- C:\sqmnoopt10.sqm
2008-02-10 18:05 . 2008-02-10 18:05 268 --ah----- C:\sqmdata09.sqm
2008-02-10 18:05 . 2008-02-10 18:05 244 --ah----- C:\sqmnoopt09.sqm
2008-02-10 17:45 . 2008-02-10 17:45 268 --ah----- C:\sqmdata08.sqm
2008-02-10 17:45 . 2008-02-10 17:45 244 --ah----- C:\sqmnoopt08.sqm
2008-02-10 17:05 . 2008-02-10 17:05 268 --ah----- C:\sqmdata07.sqm
2008-02-10 17:05 . 2008-02-10 17:05 244 --ah----- C:\sqmnoopt07.sqm
2008-02-10 11:36 . 2008-02-10 11:36 <REP> d-------- C:\Program Files\Alwil Software
2008-02-10 11:28 . 2008-02-10 11:28 268 --ah----- C:\sqmdata06.sqm
2008-02-10 11:28 . 2008-02-10 11:28 244 --ah----- C:\sqmnoopt06.sqm
2008-02-10 11:07 . 2008-02-10 11:07 268 --ah----- C:\sqmdata05.sqm
2008-02-10 11:07 . 2008-02-10 11:07 244 --ah----- C:\sqmnoopt05.sqm
2008-02-09 18:31 . 2008-02-14 19:04 <REP> d-------- C:\Downloads
2008-02-09 18:30 . 2008-02-09 18:30 <REP> d-------- C:\Program Files\Orbitdownloader
2008-02-09 18:30 . 2008-02-14 19:15 <REP> d-------- C:\Documents and Settings\CROHEM\Application Data\Orbit
2008-02-09 18:19 . 2008-02-09 18:19 <REP> d-------- C:\WmrPro
2008-02-09 18:19 . 2008-02-09 19:17 <REP> d-------- C:\Program Files\WmrPro
2008-02-08 23:46 . 2008-02-08 23:46 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-04 18:55 . 2008-02-04 18:55 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Teleca
2008-02-04 18:54 . 2008-02-04 18:54 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2008-02-04 18:54 . 2008-02-04 18:54 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-02-04 18:54 . 2008-02-04 18:54 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-02-04 18:54 . 2008-02-04 18:54 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
2008-02-04 18:54 . 2008-02-04 18:54 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Sony Ericsson
2008-02-04 18:54 . 2008-02-04 18:54 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee.com Personal Firewall
2008-01-31 21:57 . 2008-02-10 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 15:11 . 2008-01-26 15:11 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-01-26 01:45 . 2008-01-26 01:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-20 21:27 . 2008-01-20 21:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-20 21:27 . 2008-01-20 21:28 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 11:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 10:48 --------- d-----w C:\Documents and Settings\CROHEM\Application Data\Azureus
2008-02-15 23:33 --------- d-----w C:\Documents and Settings\CROHEM\Application Data\FileZilla
2008-02-15 20:20 --------- d-----w C:\Documents and Settings\CROHEM\Application Data\Corel
2008-02-15 20:19 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-02-15 20:19 --------- d-----w C:\Program Files\Corel
2008-02-10 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-10 17:04 --------- d-----w C:\Program Files\Zylom Games
2008-02-10 17:04 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-03 09:49 --------- d-----w C:\Documents and Settings\CROHEM\Application Data\OpenOffice.org2
2008-01-20 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 21:56 --------- d-----w C:\Program Files\eMule
2008-01-05 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-04 18:18 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-30 09:27 --------- d-----w C:\Program Files\Dell Network Assistant
2007-12-28 22:29 758 ----a-w C:\Documents and Settings\CROHEM\Application Data\wklnhst.dat
2007-12-26 17:45 --------- d-----w C:\Program Files\Nero
2007-12-24 15:40 --------- d-----w C:\Documents and Settings\CROHEM\Application Data\Nero
2007-12-23 20:15 --------- d-----w C:\Program Files\Azureus
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-16 16:23 --------- d-----w C:\Program Files\Maxis
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NVHotkey"="nvHotkey.dll" [2006-03-21 13:03 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 17:16 184320]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 13:03 7557120]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-26 22:16 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbcya]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-14 15:20 462336 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
--------- 2005-02-23 16:57 57344 C:\Program Files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy PDF Creator]
C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-21 13:03 7557120 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-21 13:03 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-05-26 22:16 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-07 12:53 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72dfa806-2fc6-11dc-8a95-00188bafc9d3}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-15 17:30:00 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (LYDIE-CROHEM).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 12:02:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-16 12:07:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 11:07:09
.
2008-02-13 17:15:47 --- E O F ---


Merci encore de ton aide et de ta rapidité ^^
0
Réponse 9 / 13
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
16 févr. 2008 à 18:27
Bonjour

Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

ensuite on va faire un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
0
Réponse 10 / 13
missham Messages postés 5 Date d'inscription jeudi 14 février 2008 Statut Membre Dernière intervention 17 février 2008
17 févr. 2008 à 16:38
Merci encore pour ton aide et ton attention à mon problème.

Voila les rapports :

AVGspyware en mode sans échecs :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:45:40 17/02/2008

+ Résultat de l'analyse:



:mozilla.230:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.231:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.232:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.234:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.235:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.164:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.165:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.759:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.763:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.249:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.250:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.284:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.285:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.286:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.287:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.270:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.271:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.273:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.274:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.316:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.111:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.105:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.167:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.168:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.169:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.34:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.323:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.576:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.83:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.86:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.87:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.942:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.943:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.944:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.521:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.522:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.523:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.386:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.387:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.915:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.684:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Intelli-direct : Nettoyé.
:mozilla.796:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.797:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.798:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.799:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.800:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.447:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.448:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.449:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.450:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.451:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.452:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.453:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.73:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.74:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.75:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.76:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.95:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.96:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.97:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.98:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.99:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.520:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.184:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.185:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.186:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.543:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.255:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.256:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.257:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.258:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.188:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.189:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.190:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.191:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.192:C:\Documents and Settings\CROHEM\Application Data\Mozilla\Firefox\Profiles\gwzsxm1i.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport


et le rapport de bit defender :

BitDefender Online Scanner



Scan report generated at: Sun, Feb 17, 2008 - 15:30:18





Scan path: C:\;D:\;E:\;







Statistics

Time
01:26:41

Files
483377

Folders
10727

Boot Sectors
5

Archives
5130

Packed Files
20185




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
981551

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Adp_GUI.js
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Adp_GUI.js=>(JAVASCRIPT 1)
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Adp_GUI.js=>(JAVASCRIPT 2)
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Adp_GUI.js=>(JAVASCRIPT 5)
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\adpicon.ico
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\button_cirlce.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\button_disable.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\Chimes.wav
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\close_popup.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\close_popup_over.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\dot.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\Ending_v.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\Ending_x.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\field_bar.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\inprogress.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\installing.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\logo.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\main_bar.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\mini_logo.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\mini_topbar.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\Notify.wav
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\progress_bg.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\progress_slice.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Common\topbar.gif
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\De\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\De\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\De\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\En\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\En\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\En\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Es\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Es\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Es\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Fr\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Fr\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Fr\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\ImgOver.js
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Initialize.js
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\It\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\It\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\It\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Jp\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Jp\Generic.css
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Jp\global_adp_Text.xml
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Ko\
Clean

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\configuration\adpglobal\Ko\Generic.css
Clean
0
Réponse 11 / 13
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
17 févr. 2008 à 19:46
ok refais hijack stp
0
Réponse 12 / 13
missham Messages postés 5 Date d'inscription jeudi 14 février 2008 Statut Membre Dernière intervention 17 février 2008
17 févr. 2008 à 20:04
Voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:17, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccbcya - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 13 / 13
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
17 févr. 2008 à 22:23
Relance hijack et coche ceci
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070102
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: fccbcya - C:\WINDOWS\
ensuite clic sur fix checked

redémarre ton pc et dit moi si tu as encore des soucis
@+
0

Discussions similaires

Infection trojan.dialer, à l'aide !
Galactiix -
Malekal_morte- -

8 réponses
Infection ?
Tomy -
MisteryBean -

10 réponses
Infection par Brontok A à l'aide!!
Betty BOOP -
Smart91 -

32 réponses
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse