Infection win32. demande analyse hijackthis.

Résolu
eartz Messages postés 22 Date d'inscription   Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

voila, j'ai une infection avec un win32 trajen, j'ai fait un raport hijackthis mais je n'y comprend rien.
si quelqu'un peut me dire une demarche a suivre afin de l'eliminer. merci beaucoup.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:51 p.m., on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.nz/ig/dell?hl=en&client=dell-row-rel&channel=nz&ibd=3071123
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.nz/hws/sb/dell-row-rel/en/side.html?channel=nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.nz/ig/dell?hl=en&client=dell-row-rel&channel=nz&ibd=3071123
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [c0bb8425] rundll32.exe "C:\WINDOWS\system32\mxpdrihs.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Configuration: Windows XP
Firefox 2.0.0.12

24 réponses

  • 1
  • 2
  1. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    je vien de faire une annalyse sur housecall trend micro quime dit:

    infection:

    1 trojen vundo.bcc
    19 vundo.art
    3 vundo.yek
    18 cryp_tap-2
    1 zaptchast.dm

    il me demande si je veu netoyer mais me dit qu'il y a des risque car les fichier peuvent etre important. doi-je accepter?
    0
  2. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    bonjour,

    j'ai fait le netoyage avec housecall, mais certaines infection n'ont pas etaient suprimee.

    si quelqu'un peut m'aider se serai cool car mon pc rame pasmal maintenant (500 mb de ram utilise en permanance est ce normal?)

    merci a tous a+
    0
  3. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    quelqu'un pour m'aider SVP?
    0
  4. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    quelqu'un pourrait il m'indiquer une démarche a suivre? merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut eatz,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    0
  7. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    d'abord merci g!rly,

    ensuite voila le rapport de combofix:

    ComboFix 08-03-10.1 - Antoine 2008-03-11 22:16:11.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2465 [GMT 13:00]
    Running from: C:\Documents and Settings\Antoine\Desktop\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMc388b7b9.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\byxvuut.dll
    C:\WINDOWS\system32\cadhwjeh.dll
    C:\WINDOWS\system32\ferjiyfv.ini
    C:\WINDOWS\system32\ftmgkktm.dll
    C:\WINDOWS\system32\ilkkj.ini
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jityyaoj.dll
    C:\WINDOWS\system32\jkkli.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\vfyijref.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_FAD

    ((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
    .

    2008-03-10 16:37 . 2008-03-10 16:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-03-10 16:36 . 2008-03-10 16:38 <DIR> d-------- C:\Documents and Settings\Antoine\.housecall6.6
    2008-03-10 16:35 . 2008-03-10 16:35 <DIR> d-------- C:\WINDOWS\Sun
    2008-03-10 16:08 . 2008-03-10 16:08 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-09 22:07 . 2008-03-11 07:47 1,308,676 --ahs---- C:\WINDOWS\system32\shirdpxm.ini
    2008-03-09 21:46 . 2008-03-09 21:46 <DIR> d-------- C:\Program Files\Panda Security
    2008-03-09 21:46 . 2008-03-09 21:46 0 --a------ C:\WINDOWS\mozver.dat
    2008-03-09 21:04 . 2008-03-09 21:04 1,308,196 --ahs---- C:\WINDOWS\system32\vbhuyhpq.ini
    2008-03-09 20:04 . 2008-03-09 20:04 1,308,136 --ahs---- C:\WINDOWS\system32\lnygdcgr.ini
    2008-03-09 19:26 . 2008-03-09 19:26 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2008-03-09 19:01 . 2008-03-09 19:01 1,308,076 --ahs---- C:\WINDOWS\system32\wgjlwcen.ini
    2008-03-09 19:00 . 2008-03-11 22:23 8,105 --a------ C:\WINDOWS\system32\Config.MPF
    2008-03-09 18:58 . 2008-03-11 18:41 26,464 --ahs---- C:\WINDOWS\system32\wxjiigcr.dllbox
    2008-03-09 18:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
    2008-03-09 18:53 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-03-09 18:53 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-03-09 18:53 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-03-09 18:53 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-03-09 18:53 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-03-09 18:53 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-03-09 18:51 . 2008-03-09 18:51 <DIR> d-------- C:\Program Files\McAfee.com
    2008-03-09 18:50 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\McAfee
    2008-03-09 18:50 . 2008-03-09 18:53 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-03-09 18:07 . 2008-03-09 18:08 1,308,016 --ahs---- C:\WINDOWS\system32\mpkhgriy.ini
    2008-03-07 17:15 . 2008-03-09 17:56 1,309,374 --ahs---- C:\WINDOWS\system32\mfsifyxs.ini
    2008-03-07 16:06 . 2008-03-07 16:06 1,309,254 --ahs---- C:\WINDOWS\system32\aarhlhjr.ini
    2008-03-06 22:22 . 2008-03-07 15:55 1,309,194 --ahs---- C:\WINDOWS\system32\lmopmmoi.ini
    2008-03-06 20:41 . 2008-03-06 21:20 1,308,954 --ahs---- C:\WINDOWS\system32\gvowpkyp.ini
    2008-03-06 19:38 . 2008-03-06 19:38 1,303,318 --ahs---- C:\WINDOWS\system32\hwnferfk.ini
    2008-03-06 18:38 . 2008-03-06 18:45 1,303,258 --ahs---- C:\WINDOWS\system32\xyqwwwus.ini
    2008-03-06 17:31 . 2008-03-06 17:31 1,303,138 --ahs---- C:\WINDOWS\system32\kbiajcnv.ini
    2008-03-06 08:54 . 2008-03-06 17:29 1,303,078 --ahs---- C:\WINDOWS\system32\cpqyueem.ini
    2008-03-03 20:30 . 2008-03-03 20:30 <DIR> d-------- C:\WINDOWS\Cache
    2008-03-03 19:59 . 2008-03-03 19:59 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Microsoft Game Studios
    2008-03-03 19:38 . 2008-03-03 19:38 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Atari
    2008-02-24 22:32 . 2008-02-24 22:32 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Steinberg
    2008-02-23 23:54 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
    2008-02-23 23:53 . 2008-02-23 23:53 <DIR> d-------- C:\Program Files\Syncrosoft
    2008-02-23 23:53 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
    2008-02-23 23:53 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
    2008-02-23 23:53 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
    2008-02-23 23:53 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
    2008-02-23 23:53 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
    2008-02-23 23:53 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
    2008-02-23 23:53 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
    2008-02-23 23:28 . 2008-02-23 23:28 <DIR> d-------- C:\Program Files\uTorrent
    2008-02-23 23:28 . 2008-03-06 18:12 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\uTorrent
    2008-02-11 18:16 . 2008-02-11 18:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-02-11 18:16 . 2006-10-05 03:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-02-11 18:16 . 2006-10-05 03:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-02-11 18:16 . 2006-10-05 03:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d-------- C:\e89d5469a16c4307f5

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 07:45 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
    2009-03-03 07:45 94,208 ----a-w C:\Documents and Settings\Antoine\Application Data\ezplay.sys
    2009-03-03 07:45 87,608 ----a-w C:\Documents and Settings\Antoine\Application Data\inst.exe
    2009-03-03 07:45 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2009-03-03 07:45 47,360 ----a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
    2008-03-11 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-09 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-02-28 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-02-03 10:09 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Skype
    2008-02-03 09:08 --------- d-----w C:\Documents and Settings\Antoine\Application Data\skypePM
    2008-01-25 09:51 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Talkback
    2008-01-24 04:14 --------- d-----w C:\Program Files\Dell Support Center
    2008-01-24 04:14 --------- d-----w C:\Program Files\Common Files\supportsoft
    2008-01-24 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-01-24 02:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-23 04:42 --------- d-----w C:\Program Files\Common Files\Stardock
    2008-01-13 19:57 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-13 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-13 19:28 --------- d-----w C:\Program Files\Skype
    2008-01-13 19:28 --------- d-----w C:\Program Files\Common Files\Skype
    2008-01-13 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2003-02-03 10:04 22,328 ----a-w C:\Documents and Settings\Antoine\Application Data\PnkBstrK.sys
    2007-11-23 10:30 76 --sh--r C:\WINDOWS\CT4CET.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-26 22:43 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 19:20 851968]
    "nwiz"="nwiz.exe" [2007-06-06 20:40 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2007-06-06 20:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 18:03 36975]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 21:32 823296]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 21:30 974848]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 20:28 405504 C:\WINDOWS\stsystra.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 16:35 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 16:37 81920]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 21:10 184320]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 20:39 8429568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvuut]
    byxvuut.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wxjiigcr]
    wxjiigcr.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2007-12-15 23:02 482760 C:\logiciel\daemon tool\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    --------- 2007-07-27 21:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    --a------ 2007-03-15 17:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    --a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    --a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 06:24 286720 C:\logiciel\quicktime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a------ 2006-08-17 14:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a------ 2006-11-05 16:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-12-12 15:20 21686568 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-26 22:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\logiciel\\girder(ir_configue)\\girder\\girder.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\logiciel\\games\\halo\\halo.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC

    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 15:35]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 17:31]
    R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 19:54]
    R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 19:55]
    S3 cpuz128;cpuz128;C:\DOCUME~1\Antoine\LOCALS~1\Temp\cpuz_x32.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-05 04:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-09 05:52:21 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-03-09 05:52:19 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 22:25:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\system32\DLAAPI_W.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-11 22:28:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-11 09:28:20
    .
    2008-02-13 20:45:58 --- E O F ---

    je te passe celui de hijackthis desuite.merci.
    0
  8. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    voila hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38:26 p.m., on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Antoine\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.nz/ig/dell?hl=en&client=dell-row-rel&channel=nz&ibd=3071123
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: byxvuut - byxvuut.dll (file missing)
    O20 - Winlogon Notify: wxjiigcr - wxjiigcr.dll (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    fais ceci :

    Vide tes fichiers temporaires avec ceci:
    ->Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    ->aide en image:(merci a Balltrap34)
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    click sur option et décoche la case devant : delete prefect files

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\shirdpxm.ini
    C:\WINDOWS\system32\vbhuyhpq.ini
    C:\WINDOWS\system32\lnygdcgr.ini
    C:\WINDOWS\system32\wgjlwcen.ini
    C:\WINDOWS\system32\mpkhgriy.ini
    C:\WINDOWS\system32\mfsifyxs.ini
    C:\WINDOWS\system32\aarhlhjr.ini
    C:\WINDOWS\system32\lmopmmoi.ini
    C:\WINDOWS\system32\gvowpkyp.ini
    C:\WINDOWS\system32\hwnferfk.ini
    C:\WINDOWS\system32\xyqwwwus.ini
    C:\WINDOWS\system32\kbiajcnv.ini
    C:\WINDOWS\system32\cpqyueem.ini
    C:\e89d5469a16c4307f5

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvuut]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wxjiigcr]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  10. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    re,

    a ta demande:

    rapport combofix :

    ComboFix 08-03-10.1 - Antoine 2008-03-11 23:08:33.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2506 [GMT 13:00]
    Running from: C:\Documents and Settings\Antoine\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Antoine\Desktop\CFScript.txt
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

    FILE ::
    C:\e89d5469a16c4307f5
    C:\WINDOWS\system32\aarhlhjr.ini
    C:\WINDOWS\system32\cpqyueem.ini
    C:\WINDOWS\system32\gvowpkyp.ini
    C:\WINDOWS\system32\hwnferfk.ini
    C:\WINDOWS\system32\kbiajcnv.ini
    C:\WINDOWS\system32\lmopmmoi.ini
    C:\WINDOWS\system32\lnygdcgr.ini
    C:\WINDOWS\system32\mfsifyxs.ini
    C:\WINDOWS\system32\mpkhgriy.ini
    C:\WINDOWS\system32\shirdpxm.ini
    C:\WINDOWS\system32\vbhuyhpq.ini
    C:\WINDOWS\system32\wgjlwcen.ini
    C:\WINDOWS\system32\xyqwwwus.ini
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Antoine\Application Data\inst.exe
    C:\WINDOWS\system32\aarhlhjr.ini
    C:\WINDOWS\system32\cpqyueem.ini
    C:\WINDOWS\system32\gvowpkyp.ini
    C:\WINDOWS\system32\hwnferfk.ini
    C:\WINDOWS\system32\kbiajcnv.ini
    C:\WINDOWS\system32\lmopmmoi.ini
    C:\WINDOWS\system32\lnygdcgr.ini
    C:\WINDOWS\system32\mfsifyxs.ini
    C:\WINDOWS\system32\mpkhgriy.ini
    C:\WINDOWS\system32\shirdpxm.ini
    C:\WINDOWS\system32\vbhuyhpq.ini
    C:\WINDOWS\system32\wgjlwcen.ini
    C:\WINDOWS\system32\wxjiigcr.dllbox
    C:\WINDOWS\system32\xyqwwwus.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
    .

    2008-03-11 22:59 . 2008-03-11 22:59 <DIR> d-------- C:\Program Files\CleanUp!
    2008-03-10 16:37 . 2008-03-10 16:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-03-10 16:36 . 2008-03-10 16:38 <DIR> d-------- C:\Documents and Settings\Antoine\.housecall6.6
    2008-03-10 16:35 . 2008-03-10 16:35 <DIR> d-------- C:\WINDOWS\Sun
    2008-03-10 16:08 . 2008-03-10 16:08 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-09 21:46 . 2008-03-09 21:46 <DIR> d-------- C:\Program Files\Panda Security
    2008-03-09 21:46 . 2008-03-09 21:46 0 --a------ C:\WINDOWS\mozver.dat
    2008-03-09 19:26 . 2008-03-09 19:26 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2008-03-09 19:00 . 2008-03-11 23:07 8,105 --a------ C:\WINDOWS\system32\Config.MPF
    2008-03-09 18:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
    2008-03-09 18:53 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-03-09 18:53 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-03-09 18:53 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-03-09 18:53 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-03-09 18:53 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-03-09 18:53 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-03-09 18:51 . 2008-03-09 18:51 <DIR> d-------- C:\Program Files\McAfee.com
    2008-03-09 18:50 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\McAfee
    2008-03-09 18:50 . 2008-03-09 18:53 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-03-03 20:30 . 2008-03-03 20:30 <DIR> d-------- C:\WINDOWS\Cache
    2008-03-03 19:59 . 2008-03-03 19:59 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Microsoft Game Studios
    2008-03-03 19:38 . 2008-03-03 19:38 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Atari
    2008-02-24 22:32 . 2008-02-24 22:32 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\Steinberg
    2008-02-23 23:54 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
    2008-02-23 23:53 . 2008-02-23 23:53 <DIR> d-------- C:\Program Files\Syncrosoft
    2008-02-23 23:53 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
    2008-02-23 23:53 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
    2008-02-23 23:53 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
    2008-02-23 23:53 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
    2008-02-23 23:53 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
    2008-02-23 23:53 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
    2008-02-23 23:53 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
    2008-02-23 23:28 . 2008-02-23 23:28 <DIR> d-------- C:\Program Files\uTorrent
    2008-02-23 23:28 . 2008-03-06 18:12 <DIR> d-------- C:\Documents and Settings\Antoine\Application Data\uTorrent
    2008-02-11 18:16 . 2008-02-11 18:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-02-11 18:16 . 2006-10-05 03:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-02-11 18:16 . 2006-10-05 03:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-02-11 18:16 . 2006-10-05 03:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d-------- C:\e89d5469a16c4307f5

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 07:45 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
    2009-03-03 07:45 94,208 ----a-w C:\Documents and Settings\Antoine\Application Data\ezplay.sys
    2009-03-03 07:45 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2009-03-03 07:45 47,360 ----a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
    2008-03-11 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-09 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-02-28 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-02-03 10:09 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Skype
    2008-02-03 09:08 --------- d-----w C:\Documents and Settings\Antoine\Application Data\skypePM
    2008-01-25 09:51 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Talkback
    2008-01-24 04:14 --------- d-----w C:\Program Files\Dell Support Center
    2008-01-24 04:14 --------- d-----w C:\Program Files\Common Files\supportsoft
    2008-01-24 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-01-24 02:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-23 04:42 --------- d-----w C:\Program Files\Common Files\Stardock
    2008-01-13 19:57 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-13 19:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-13 19:28 --------- d-----w C:\Program Files\Skype
    2008-01-13 19:28 --------- d-----w C:\Program Files\Common Files\Skype
    2008-01-13 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2003-02-03 10:04 22,328 ----a-w C:\Documents and Settings\Antoine\Application Data\PnkBstrK.sys
    2007-11-23 10:30 76 --sh--r C:\WINDOWS\CT4CET.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-26 22:43 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 19:20 851968]
    "nwiz"="nwiz.exe" [2007-06-06 20:40 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2007-06-06 20:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 18:03 36975]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 21:32 823296]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 21:30 974848]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 20:28 405504 C:\WINDOWS\stsystra.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 16:35 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 16:37 81920]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 21:10 184320]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 20:39 8429568]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2007-12-15 23:02 482760 C:\logiciel\daemon tool\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    --------- 2007-07-27 21:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    --a------ 2007-03-15 17:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    --a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    --a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 06:24 286720 C:\logiciel\quicktime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a------ 2006-08-17 14:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a------ 2006-11-05 16:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-12-12 15:20 21686568 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-26 22:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\logiciel\\girder(ir_configue)\\girder\\girder.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\logiciel\\games\\halo\\halo.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC

    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 15:35]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 17:31]
    R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 19:54]
    R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 19:55]
    S3 cpuz128;cpuz128;C:\DOCUME~1\Antoine\LOCALS~1\Temp\cpuz_x32.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-05 04:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-09 05:52:21 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-03-09 05:52:19 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 23:09:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-11 23:09:49
    ComboFix-quarantined-files.txt 2008-03-11 10:09:47
    ComboFix2.txt 2008-03-11 09:28:24
    .
    2008-02-13 20:45:58 --- E O F ---

    _______________________

    rapport hijack this:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:18 p.m., on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Antoine\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.nz/ig/dell?hl=en&client=dell-row-rel&channel=nz&ibd=3071123
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    ce n´est pas encore fini mais je dois m´absenter pour le moment...

    @+
    0
  12. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    ok, pas de problème!

    merci pour tous. j'espère que j'en ai bientôt fini avec se virus!

    je ne pourrait pas revenir avant demain matin sur ce forum.
    Alors je ne sait pas si il faudra que je fasse un nouveau topic ou juste un "up" sur celui la.

    En tous cas merci et @+.
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    non tu peux rester sur ce topik...

    regardes ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    puis performes un scan en ligne ici et post le rapport :

    Fais un scan en ligne Kaspersky avec Internet Explorer :
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    -> Click sur Démarrer Online-Scanner
    -> Click maintenant sur J'accepte.
    -> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    -> Patiente pendant l'installation des Mises à jour.
    -> Choisis par la suite l'analyse du Poste de travail.
    -> Sauvegarde puis colle le rapport généré en fin d'analyse.

    @+
    0
  14. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    salut,

    j'ai fais ce que tu ma dit mais j'ai pas eu de rapport en fin d'analyse...
    j'ai pourtant essayer deux fois mais rien, quand le scan se fini internet exploreur se ferme et pas plus...
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    eatz,

    mince alors ;-(

    peux tu faire ce scan alors et poster son rapport :

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    @+
    0
  16. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    bonjour a tous et particulierement a g!rly.

    J'ai essayer un scan bitdeffender mais comme le scan precedant avec kaspersky, je n'ai pas eu de rapport.
    j'ai ensuite changer d'anti virus (mcafee etant limiter a 30 jours) pour antivir (ton avis sur cet anti virus?).
    J'ai ensuite reesayer un scan kaspersky et la, magie j'ai eu un rapport...
    Sache que durant le scan antivire a detecte une dizaine de trojan qu'il a ensuite suprime a ma demande (peut etre aurai je du les metre en quarantaine?).

    en tous cas voila le scan kaspersky et merci beaucoup de ne pas m'avoir abandonne:

    Friday, March 14, 2008 8:37:11 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 14/03/2008
    Enregistrements dans la base antivirus Kaspersky : 567975

    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai

    Cible de l'analyse Poste de travail
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Statistiques de l'analyse
    Total d'objets analysés 115978
    Nombre de virus trouvés 2
    Nombre d'objets infectés 7 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:10:54

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Intro\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\.housecall6.6\Quarantine\windows.bac_a01880 Infecté : Trojan.Win32.Zapchast.dt ignoré

    C:\Documents and Settings\Antoine\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Application Data\SingleClick Systems\HomeNet Manager\Intro\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\Documents and Settings\Antoine\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\Antoine\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Default User\Local Settings\Application Data\SingleClick Systems\HomeNet Manager\Intro\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\i386\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\Program Files\Dell Network Assistant\Intro\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020957.dll L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\change.log L'objet est verrouillé ignoré

    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\EventCache\{89935AC1-E1F0-4ADC-AAB0-FD9F52AE31E3}.bin L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\SingleClick Systems\HomeNet Manager\Intro\intro.exe Infecté : Trojan-Dropper.Win32.Agent.fwa ignoré

    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré

    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut eatz,

    oui j´ai pas l´habitude d´abandonner les gents de qui je m´occupe, meme si parfois je mets un peu de tems a repondre...

    je pensse qu´antivir est tres bien comme antivirus, je l´ai egalement ;-)

    pourrais tu me dire ce qu´il a detecté.

    tu fais comme ceci :

    click sur l´icone d´antivir dans la barre des taches puis tu click sur l´onglet events la tu vas voir les elements detectés, dis moi quoi, et repost un nouveau hijack this egalement.

    @+
    0
  18. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    voila ce que antivir a detecte:

    Exported events:

    15/03/2008 9:35 [Scheduler] Service started
    The service was started.
    Version of service 7.0.0.62

    15/03/2008 9:35 [Guard] Service started
    Service started.
    Version of service: 7.0.0.82
    Version of Engine: 7.6.0.73
    Version of VDF: 7.0.3.26

    14/03/2008 23:36 [Scheduler] Service stopped
    The service was stopped.

    14/03/2008 23:36 [Guard] Service stopped
    Service stopped.

    14/03/2008 20:26 [Guard] Malware found
    Virus or unwanted program 'TR/Trash.Gen [TR/Trash.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0021222.dll.
    Action performed: Move file to quarantine

    14/03/2008 20:26 [Guard] Malware found
    Virus or unwanted program 'TR/Trash.Gen [TR/Trash.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0021221.dll.
    Action performed: Move file to quarantine

    14/03/2008 20:26 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0021215.dll.
    Action performed: Move file to quarantine

    14/03/2008 20:25 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020957.dll.
    Action performed: Deny access

    14/03/2008 20:25 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020834.dll.
    Action performed: Move file to quarantine

    14/03/2008 20:25 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020833.dll.
    Action performed: Delete file

    14/03/2008 20:25 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020832.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020831.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020830.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020829.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020826.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020824.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020822.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020821.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0020820.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0020179.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0020178.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0020177.dll.
    Action performed: Delete file

    14/03/2008 20:24 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0020176.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0020174.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019175.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019174.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019144.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019129.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019128.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019109.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019108.dll.
    Action performed: Delete file

    14/03/2008 20:23 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP76\A0019107.dll.
    Action performed: Delete file

    14/03/2008 20:17 [Guard] Malware found
    Virus or unwanted program 'TR/Drop.Delf.XG [TR/Drop.Delf.XG]'
    detected in file 'C:\System Volume
    Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0009954.exe.
    Action performed: Delete file

    14/03/2008 20:14 [Guard] Malware found
    Virus or unwanted program 'TR/Vundo.Gen [TR/Vundo.Gen]'
    detected in file 'C:\QooBox\Quarantine\C\WINDOWS\system32\vfyijref.dll.vir.
    Action performed: Delete file

    14/03/2008 20:14 [Guard] Malware found
    Virus or unwanted program 'TR/Trash.Gen [TR/Trash.Gen]'
    detected in file 'C:\QooBox\Quarantine\C\WINDOWS\system32\jkkli.dll.vir.
    Action performed: Delete file

    14/03/2008 20:14 [Guard] Malware found
    Virus or unwanted program 'TR/Trash.Gen [TR/Trash.Gen]'
    detected in file 'C:\QooBox\Quarantine\C\WINDOWS\system32\byxvuut.dll.vir.
    Action performed: Delete file

    14/03/2008 18:19 [Updater] Update performed
    Update performed successfully from http://dl7.avgate.net
    13 new files downloaded and installed.

    14/03/2008 18:19 [Guard] Service started
    Service started.
    Version of service: 7.0.0.82
    Version of Engine: 7.6.0.73
    Version of VDF: 7.0.3.26

    14/03/2008 18:19 [Scheduler] Service started
    The service was started.
    Version of service 7.0.0.62

    14/03/2008 18:19 [Guard] Service stopped
    Service stopped.

    14/03/2008 18:19 [Scheduler] Service stopped
    The service was stopped.

    14/03/2008 18:15 [Scheduler] Job started
    The job "Immediate Update"
    was started successfully.

    14/03/2008 18:14 [Guard] Malware found
    Virus or unwanted program 'HTML/Zones.Gen [HTML/Zones.Gen]'
    detected in file 'C:\Documents and Settings\All Users\Application
    Data\SupportSoft\DellSupportCenter\SYSTEM\data\default.xml.
    Action performed: Move file to quarantine

    14/03/2008 18:14 [Scheduler] Service started
    The service was started.
    Version of service 7.0.0.62

    14/03/2008 18:14 [Guard] Service started
    Service started.
    Version of service: 7.0.0.81
    Version of Engine: 7.6.0.15
    Version of VDF: 7.0.0.2

    14/03/2008 18:09 [Guard] Service stopped
    Service stopped.

    14/03/2008 18:09 [Scheduler] Service stopped
    The service was stopped.

    14/03/2008 18:04 [Guard] Service started
    Service started.
    Version of service: 7.0.0.81
    Version of Engine: 7.6.0.15
    Version of VDF: 7.0.0.2

    14/03/2008 18:04 [Scheduler] Service started
    The service was started.
    Version of service 7.0.0.62

    hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:17:57 p.m., on 15/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Antoine\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.nz/ig/dell?hl=en&client=dell-row-rel&channel=nz&ibd=3071123
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\logiciel\quicktime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    en faite toutes les detections concerne la quarantaine de combofix, et la restauration system

    fais ceci :

    Désactive ta restauration système:
    pour cela :
    Click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration système;
    coche la case désactiver la restauration systèm et applique.
    puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration systèm
    décoche la case désactiver la restauration systèm et applique.

    puis instales un par feu :

    par feu : kerio

    telechargement : http://sd-1.archive-host.com/membres/up/1366464061/kerio-kpf-422-911-win.rar

    tuto :

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    un bonus a ne pas negliger : petit mais costaud !

    anti spyware :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    puis

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
  20. eartz Messages postés 22 Date d'inscription   Statut Membre
     
    re,

    merci pour tous,
    j'ai donc suivi tes conseils.
    Par contre, kerio, comodo, online armor et zone alarm je doit en choisir qu'un seul?je ne doit pas tous les instaler?

    et voila le rapport toolscleaner:

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Antoine\Desktop\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Antoine\Desktop\ComboFix.exe: trouvé !
    C:\Documents and Settings\Antoine\Desktop\HijackThis.exe: trouvé !
    C:\Documents and Settings\Antoine\Desktop\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Antoine\Desktop\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Antoine\Desktop\ComboFix.exe: supprimé !
    C:\Documents and Settings\Antoine\Desktop\HijackThis.exe: supprimé !
    C:\Documents and Settings\Antoine\Desktop\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !

    merci beaucoup @+
    0
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    eatz,

    oui tu en instales un seul de la liste ;-)

    @+
    0
  • 1
  • 2