Sujet Précédent Sujet Suivant

Probleme de trojan

...TrEiZ... -  
 ...TrEiZ... -
Bonjour

Depuis quelques jours, une fenêtre " Windows Security Alert " s'ouvre m'avertissant que je suis infecter par un trojan et un lien me redirige vers un site pour acheter un logiciel payant qui soit disant est le seul à pouvoir le supprimer.

Cette fenêtre n'affiche pas tout le temps le même trojan

Trojan-Spy.Win32.KeyLogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Downloader.Win32.Agent.bq
Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.HTLM.Bankfraud.dq

Mon antivirus (Antivir Free) ne les détecte pas et il m'est impossible de les supprimer.

S'il vous plait merci de m'aider pour y arriver.
A voir également:

15 réponses

Réponse 1 / 15
azerty
 
Bonjour,

- Télécharge HiJackThis.zip de Merijn sur ton bureau.
- Dézippe le dans un dossier prévu à cet effet.
** exemple C:\hijackthis < Enregistre le bien dans c : !

- Double-clique dessus
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
- ** ne pas fixer de lignes sans notre avis **
Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte
[http://rginform.perso.orange.fr
0
Réponse 2 / 15
...TrEiZ...
 
Bonjour Azerty et merci de ton aide
voici mon rapport

Logfile of HijackThis v1.99.1
Scan saved at 22:19:10, on 07/09/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\pklohezc\vcrsdwts.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\SetHlp\xmvuvujs.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 3 / 15
...TrEiZ...
 
Je pense que mon premier rapport HijackThis est peut-être erroné car le logiciel à beuggué.
C'est pour cela que j'ai refait un rapport qui lui n' à eu aucun problème.

Le voici.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:10:30, on 08/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\ProgramData\SetHlp\xmvuvujs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\HiJackThis\HijackThis.exe
C:\Users\treiz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [LvC4EJSndU] C:\ProgramData\pklohezc\vcrsdwts.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 4 / 15
mido
 
Relancer HijackThis, appuyer sur [Do a system scan only],
cocher (à gauche) toutes les lignes suivantes et
appuyer sur [Fix Checked] pour les supprimer.
Afficher le rapport HijackThis sur votre prochain post.

O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
_________________________________________

Téléchargez OTMoveIt2 (de Old_Timer) sur votre Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double-cliquez sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll's and Ocx's" soit bien cochée !
Copiez / collez les lignes suivantes (en gras) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved".

C:\ProgramData\SetHlp\xmvuvujs.exe
C:\ProgramData\SetHlp
C:\ProgramData\HlpMon\gdijqrsx.exe
C:\ProgramData\HlpMon
C:\ProgramData\mntinfo\gvuxqtan.exe
C:\ProgramData\mntinfo
C:\ProgramData\DscSrvEn\ihcxmvwf.exe
C:\ProgramData\DscSrvEn
C:\ProgramData\EnSh\tojspirg.exe
C:\ProgramData\EnSh\
C:\ProgramData\MonDb\mpipkrwr.exe
C:\ProgramData\MonDb

Cliquez sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer votre PC, acceptez.
Lorsque un résultat apparaît dans le cadre Results, cliquez sur Exit>.
Afficher le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
___________________________________________

Télécharger Malwarebytes : http://www.malwarebytes.org/mbam.php
Tutoriel Malwarebytes : http://www.pcinfo-web.com/...
Dans [Paramètre] vous pouvez mettre en Français.
Installer et mettez à jours Malwarebytes.
Redémarrer en mode sans échec (au logo du Bios appuyer à répétition sur F8 ou F5).
Lancer une scan (Recherche) "Complet", lorsque terminé appuyer sur "Supprimer la sélection".
Afficher le rapport Malwarebytes sur votre prochain post.
___________________________________________

Télécharger CCleaner : https://www.ccleaner.com/ccleaner/download
Tutoriel CCleaner : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
Installer et lancer CCleaner.
Appuyer sur [Analyse] et [Lancer le Nettoyage].

Utiliser CCleaner après chaque session sur le net, installation/désinstallation de logiciels et/ou avant de fermer le PC.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
...TrEiZ...
 
Bonjour Mido

Voici mon rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:41, on 08/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Users\treiz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKLM\..\Policies\Explorer\Run: [LvC4EJSndU] C:\ProgramData\pklohezc\vcrsdwts.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 6 / 15
Utilisateur anonyme
 
...TrEiZ...,

Selon les dates de vos rapports, les suppressions faites avec OTMoveIt2 semblent être revenues.

Ré-afficher un autre rapport HijackThis .

Ont devra utiliser un logiciel plus efficace.
0
Réponse 7 / 15
...TrEiZ...
 
Voici un nouveau rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:32, on 08/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Users\treiz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKLM\..\Policies\Explorer\Run: [LvC4EJSndU] C:\ProgramData\pklohezc\vcrsdwts.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 8 / 15
...TrEiZ...
 
Par contre je n'est pas revu de fenêtre " Windows Security Alert " depuis ce matin.
0
Réponse 9 / 15
Utilisateur anonyme
 
...TrEiZ...,

>>>>> je n'est pas revu de fenêtre " Windows Security Alert
Il y encore un problème.

Ok, vous allez recommencer la manip. précédente avec HijackThis et OTMoveIT.
Mais cette fois ont va ajouter une ligne qui avait été omise, à supprimer avec HijackThis et un fichier et répertoire à supprimer avec OtMoveIT2 .

►Relancer HijackThis, appuyer sur [Do a system scan only],
cocher (à gauche) toutes les lignes suivantes et
appuyer sur [Fix Checked] pour les supprimer.

O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKLM\..\Policies\Explorer\Run: [LvC4EJSndU] C:\ProgramData\pklohezc\vcrsdwts.exe

_________________________________________

Téléchargez OTMoveIt2 (de Old_Timer) sur votre Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double-cliquez sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll's and Ocx's" soit bien cochée !
Copiez / collez les lignes suivantes (en gras) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved".

C:\ProgramData\SetHlp\xmvuvujs.exe
C:\ProgramData\SetHlp
C:\ProgramData\HlpMon\gdijqrsx.exe
C:\ProgramData\HlpMon
C:\ProgramData\mntinfo\gvuxqtan.exe
C:\ProgramData\mntinfo
C:\ProgramData\DscSrvEn\ihcxmvwf.exe
C:\ProgramData\DscSrvEn
C:\ProgramData\EnSh\tojspirg.exe
C:\ProgramData\EnSh\
C:\ProgramData\MonDb\mpipkrwr.exe
C:\ProgramData\MonDb
C:\ProgramData\pklohezc\vcrsdwts.exe
C:\ProgramData\pklohezc\

Cliquez sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer votre PC, acceptez.
Lorsque un résultat apparaît dans le cadre Results, cliquez sur Exit>.
Afficher le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
_________________________________________

Relancer également un autre recherche avec Malwarebytes.

Et un autre rapport HijakcThis.
0
Réponse 10 / 15
...TrEiZ...
 
J'ai fait tout ce que vous avez demandé

Rapport OTMoveIt

File/Folder C:\ProgramData\SetHlp\xmvuvujs.exe not found.
File/Folder C:\ProgramData\SetHlp not found.
File/Folder C:\ProgramData\HlpMon\gdijqrsx.exe not found.
File/Folder C:\ProgramData\HlpMon not found.
File/Folder C:\ProgramData\mntinfo\gvuxqtan.exe not found.
File/Folder C:\ProgramData\mntinfo not found.
File/Folder C:\ProgramData\DscSrvEn\ihcxmvwf.exe not found.
File/Folder C:\ProgramData\DscSrvEn not found.
File/Folder C:\ProgramData\EnSh\tojspirg.exe not found.
Folder C:\ProgramData\EnSh\ not found.
File/Folder C:\ProgramData\MonDb\mpipkrwr.exe not found.
File/Folder C:\ProgramData\MonDb not found.
File/Folder C:\ProgramData\pklohezc\vcrsdwts.exe not found.
C:\ProgramData\pklohezc moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_201950

Rapport Malwarebytes

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1128
Windows 6.0.6001 Service Pack 1

08/09/2008 22:11:05
mbam-log-2008-09-08 (22-11-05).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 138983
Temps écoulé: 1 hour(s), 49 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:42, on 08/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\taskeng.exe
C:\Users\treiz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SetHlp] C:\ProgramData\SetHlp\xmvuvujs.exe
O4 - HKCU\..\Run: [HlpMon] C:\ProgramData\HlpMon\gdijqrsx.exe
O4 - HKCU\..\Run: [mntinfo] C:\ProgramData\mntinfo\gvuxqtan.exe
O4 - HKCU\..\Run: [DscSrvEn] C:\ProgramData\DscSrvEn\ihcxmvwf.exe
O4 - HKCU\..\Run: [EnSh] C:\ProgramData\EnSh\tojspirg.exe
O4 - HKCU\..\Run: [MonDb] C:\ProgramData\MonDb\mpipkrwr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 11 / 15
Utilisateur anonyme
 
...TrEiZ...,

Téléchargez sur votre Bureau Lop S&D.exe : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Autre lien : https://www.sendspace.com/file/dcculg

Désactiver l'UAC http://www.laboratoire-microsoft.org/t/23933/
Désactiver votre antivirus,

- Lancer l’installation par un clic-droit sur Lop S&D.exe et choisissez "Exécuter en tant qu'administrateur".
Un raccourci sera créé sur votre bureau.
- Lancer Lop S&D par un clic-droit sur le raccourci du bureau et choisissez "Exécuter en tant qu'administrateur".

Choisissez la langue ici f pour Français puis validez par Entrée.

Sélectionner l'option 1 - Recherche. et valider
>>> Patientez scan en cours. <<<

Lorsque le scan est terminé, le Bloc-note va s'ouvrir avec un rapport
Afficher le rapport (C:\LopR.txt) .

(Si le Bureau ne réapparaît pas appuyer sur Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, entrez explorer.exe et validez)
0
Réponse 12 / 15
...TrEiZ...
 
Voici le rapport fait avec Lop S&D.

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : treiz ( Administrator )
BOOT : Normal boot
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 09/09/2008| 1:54 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[07/09/2008|04:25] C:\Users\treiz\AppData\Local\Adobe
[07/09/2008|03:42] C:\Users\treiz\AppData\Local\Apple Computer
[18/02/2008|13:07] C:\Users\treiz\AppData\Local\Application Data
[06/05/2008|16:21] C:\Users\treiz\AppData\Local\Apps
[09/03/2008|01:35] C:\Users\treiz\AppData\Local\CDBurnerXP_Soft
[07/09/2008|17:32] C:\Users\treiz\AppData\Local\d3d9caps.dat
[07/09/2008|00:56] C:\Users\treiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[02/08/2008|14:37] C:\Users\treiz\AppData\Local\GDIPFONTCACHEV1.DAT
[08/09/2008|17:54] C:\Users\treiz\AppData\Local\Google
[18/02/2008|13:07] C:\Users\treiz\AppData\Local\Historique
[09/09/2008|01:39] C:\Users\treiz\AppData\Local\IconCache.db
[26/04/2008|16:30] C:\Users\treiz\AppData\Local\keyfile3.drm
[03/03/2008|22:39] C:\Users\treiz\AppData\Local\MediaDirect
[24/05/2008|20:31] C:\Users\treiz\AppData\Local\Microsoft
[05/03/2008|15:48] C:\Users\treiz\AppData\Local\Microsoft Games
[05/03/2008|20:05] C:\Users\treiz\AppData\Local\Mozilla
[09/03/2008|00:57] C:\Users\treiz\AppData\Local\Nero
[01/08/2008|01:38] C:\Users\treiz\AppData\Local\Shareaza
[19/02/2008|17:40] C:\Users\treiz\AppData\Local\SupportSoft
[09/09/2008|01:54] C:\Users\treiz\AppData\Local\Temp
[18/02/2008|13:07] C:\Users\treiz\AppData\Local\Temporary Internet Files
[09/03/2008|00:57] C:\Users\treiz\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[09/09/2008 01:53][--ah-----] C:\Windows\tasks\SA.DAT
[09/09/2008 01:52][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[07/09/2008|21:12] C:\ProgramData\admgensys
[01/08/2008|13:46] C:\ProgramData\Adobe
[04/09/2008|00:36] C:\ProgramData\apimsgproc
[08/03/2008|00:59] C:\ProgramData\Apple
[08/03/2008|01:01] C:\ProgramData\Apple Computer
[18/02/2008|13:03] C:\ProgramData\Application Data
[05/09/2008|02:18] C:\ProgramData\Arovax
[07/09/2008|04:19] C:\ProgramData\Avira
[18/02/2008|13:03] C:\ProgramData\Bureau
[22/07/2008|22:04] C:\ProgramData\Cadsoft
[04/09/2008|00:35] C:\ProgramData\CfgSys
[05/09/2008|01:54] C:\ProgramData\CheckPoint
[14/02/2008|04:24] C:\ProgramData\CyberLink
[08/03/2008|19:22] C:\ProgramData\Dell
[18/02/2008|13:03] C:\ProgramData\Documents
[18/02/2008|13:03] C:\ProgramData\Favoris
[08/03/2008|14:50] C:\ProgramData\Google
[08/09/2008|16:06] C:\ProgramData\Google Updater
[14/02/2008|04:15] C:\ProgramData\InstallShield
[14/02/2008|04:03] C:\ProgramData\Intel
[31/07/2008|20:55] C:\ProgramData\Lavasoft
[06/09/2008|03:19] C:\ProgramData\Malwarebytes
[18/02/2008|13:03] C:\ProgramData\Menu D‚marrer
[08/03/2008|19:56] C:\ProgramData\Messenger Plus!
[29/03/2008|13:39] C:\ProgramData\Microsoft
[18/02/2008|13:03] C:\ProgramData\ModŠles
[07/09/2008|20:27] C:\ProgramData\NVIDIA
[17/06/2008|09:01] C:\ProgramData\phenomedia
[07/09/2008|04:44] C:\ProgramData\ProcCmdHlp
[21/07/2008|21:35] C:\ProgramData\RTE
[02/08/2008|18:37] C:\ProgramData\Skyline
[14/02/2008|04:15] C:\ProgramData\Sonic
[08/09/2008|19:47] C:\ProgramData\Spybot - Search & Destroy
[14/02/2008|04:23] C:\ProgramData\SupportSoft
[07/09/2008|20:18] C:\ProgramData\TEMP
[08/03/2008|13:48] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[01/08/2008|13:47] C:\Program Files\Adobe
[29/08/2008|17:56] C:\Program Files\adslTV
[07/03/2008|19:28] C:\Program Files\Alwil Software
[30/08/2008|22:48] C:\Program Files\Apple Software Update
[08/09/2008|04:43] C:\Program Files\a-squared Free
[26/05/2008|23:19] C:\Program Files\AssaultCube
[07/09/2008|04:19] C:\Program Files\Avira
[26/05/2008|22:31] C:\Program Files\Bobble Puzzle
[08/03/2008|01:01] C:\Program Files\Bonjour
[22/07/2008|22:04] C:\Program Files\Cadsoft
[24/05/2008|14:29] C:\Program Files\CCleaner
[13/06/2008|20:37] C:\Program Files\CDBurnerXP
[07/09/2008|14:55] C:\Program Files\Common Files
[24/05/2008|20:01] C:\Program Files\Crae Interactives
[14/02/2008|04:07] C:\Program Files\Creative
[14/02/2008|04:07] C:\Program Files\Creative Live! Cam
[14/02/2008|04:24] C:\Program Files\CyberLink
[14/02/2008|04:27] C:\Program Files\Dell
[14/02/2008|04:23] C:\Program Files\Dell Support Center
[14/02/2008|11:48] C:\Program Files\DellTPad
[18/02/2008|13:03] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/05/2008|22:41] C:\Program Files\FreeGamePick.com
[08/03/2008|00:52] C:\Program Files\GIMP-2.0
[05/09/2008|03:09] C:\Program Files\Google
[04/09/2008|05:08] C:\Program Files\InstallShield Installation Information
[14/02/2008|04:08] C:\Program Files\Intel
[14/02/2008|04:04] C:\Program Files\Intel, Inc
[02/08/2008|21:58] C:\Program Files\Internet Explorer
[30/08/2008|22:56] C:\Program Files\iPod
[30/08/2008|22:56] C:\Program Files\iTunes
[14/02/2008|04:03] C:\Program Files\Java
[07/09/2008|14:55] C:\Program Files\Lavasoft
[08/09/2008|13:21] C:\Program Files\Malwarebytes' Anti-Malware
[31/08/2008|19:33] C:\Program Files\Messenger Plus! Live
[31/05/2008|16:57] C:\Program Files\Microsoft Games
[29/03/2008|13:40] C:\Program Files\Microsoft Office
[29/08/2008|03:01] C:\Program Files\Microsoft Silverlight
[14/02/2008|04:14] C:\Program Files\Microsoft Works
[26/04/2008|14:54] C:\Program Files\Microsoft.NET
[02/08/2008|21:58] C:\Program Files\Movie Maker
[08/03/2008|13:39] C:\Program Files\Mozilla Firefox
[07/09/2008|20:38] C:\Program Files\Mozilla Firefox 3 Beta 3
[02/11/2006|14:37] C:\Program Files\MSBuild
[08/03/2008|15:07] C:\Program Files\MSXML 4.0
[29/08/2008|17:21] C:\Program Files\Neuf
[07/09/2008|20:54] C:\Program Files\Panda Security
[14/02/2008|04:06] C:\Program Files\Protector Suite QL
[30/08/2008|22:54] C:\Program Files\QuickTime
[28/08/2008|20:49] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[01/08/2008|01:38] C:\Program Files\Shareaza
[14/02/2008|03:53] C:\Program Files\Sigmatel
[02/08/2008|18:37] C:\Program Files\Skyline
[19/02/2008|18:10] C:\Program Files\SmartCom
[08/09/2008|04:56] C:\Program Files\Spybot - Search & Destroy
[06/09/2008|16:16] C:\Program Files\Trend Micro
[12/07/2008|18:39] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[26/05/2008|22:54] C:\Program Files\UNO Freeware
[13/06/2008|20:37] C:\Program Files\VideoLAN
[19/02/2008|18:11] C:\Program Files\WellPhone DirectSync
[14/02/2008|04:12] C:\Program Files\WIDCOMM
[02/08/2008|21:58] C:\Program Files\Windows Calendar
[02/08/2008|21:58] C:\Program Files\Windows Collaboration
[02/08/2008|21:58] C:\Program Files\Windows Defender
[02/08/2008|21:58] C:\Program Files\Windows Journal
[08/03/2008|13:54] C:\Program Files\Windows Live
[29/08/2008|03:12] C:\Program Files\Windows Mail
[02/08/2008|21:58] C:\Program Files\Windows Media Player
[18/02/2008|13:03] C:\Program Files\Windows NT
[02/08/2008|21:58] C:\Program Files\Windows Photo Gallery
[02/08/2008|21:58] C:\Program Files\Windows Sidebar
[07/09/2008|15:00] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/08/2008|13:46] C:\Program Files\Common Files\Adobe
[08/03/2008|00:59] C:\Program Files\Common Files\Apple
[13/06/2008|18:48] C:\Program Files\Common Files\AVSMedia
[22/07/2008|22:04] C:\Program Files\Common Files\Cadsoft
[26/04/2008|14:55] C:\Program Files\Common Files\DESIGNER
[08/03/2008|00:50] C:\Program Files\Common Files\GTK
[14/02/2008|04:16] C:\Program Files\Common Files\InstallShield
[14/02/2008|04:03] C:\Program Files\Common Files\Java
[31/07/2008|21:19] C:\Program Files\Common Files\microsoft shared
[09/03/2008|01:04] C:\Program Files\Common Files\Nero
[28/08/2008|20:49] C:\Program Files\Common Files\Real
[14/02/2008|04:07] C:\Program Files\Common Files\Reallusion
[10/06/2008|23:32] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[19/02/2008|18:11] C:\Program Files\Common Files\SmartCom
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[14/02/2008|04:23] C:\Program Files\Common Files\supportsoft
[02/08/2008|21:58] C:\Program Files\Common Files\System
[08/03/2008|13:52] C:\Program Files\Common Files\WindowsLiveInstaller
[19/02/2008|18:11] C:\Program Files\Common Files\XCPCSync.OEM
[28/08/2008|20:49] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 81 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 01:55:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1][D:2]-> C:\Users\treiz\AppData\Local\Temp
[F:3][D:1]-> C:\Users\treiz\AppData\Roaming\MICROS~1\Windows\Cookies
[F:6][D:4]-> C:\Users\treiz\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:7][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 09/09/2008| 1:46 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 09/09/2008| 1:51 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 09/09/2008| 1:56 - Option : [1]

--------------------\\ Fin du rapport a 1:56:22
[ UAC => 1 ]

Par contre je voulais savoir s'il était normal que les lignes que vous m'avez faites supprimer par HijackThis réapparaisse dans CCleaner lorsque je clique sur chercher des erreurs dans la partie Registre. Quand je clique sur réparer les erreurs, elle s'efface mais réapparaisse des que je reclique sur chercher des erreurs. Et ainsi de suite...
0
Réponse 13 / 15
Utilisateur anonyme
 
...TrIeZ...,

>>>>>s'il était normal que les lignes que vous m'avez faites supprimer par HijackThis réapparaisse dans CCleaner ..
Il reviennent aussi dans HijackThis et c'est n'est pas normal.

Afficher les fichiers et dossiers cachés : https://www.microsoft.com/en-us/windows/
- pressez la touche ALT du clavier. La barre des menus apparait
- Dans le menu Outils, choisissez Options des dossiers.
- Choisissez l'onglet Affichage.
- Cochez Afficher les fichiers et dossiers cachés.
- Décochez Cachez les fichiers système.
- Décochez Cacher les extensions dont le type est connu.
- Validez les modifications en cliquant sur OK.
L'options des dossiers est aussi accessible à partir du Panneau de configuration.
___________________________________

Désactiver votre antivirus.
Télécharger sur le bureau Combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

► Désactiver l'UAC : http://www.laboratoire-microsoft.org/t/23933/

/!\ Déconnectez l'internet et durant la durée de l'étape suivante, n'utilisez pas de votre PC et n'ouvrez aucun programmes. Si ComboFix a besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisser le aller..

► Double-cliquer sur Combofix
Appuyer sur 1 si nécessaire
Attendre la fermeture de l’outil ( 5-10 mn ou plus si infection importante)

/!\Notez qu'une fois que vous avez lancé ComboFix, vous ne devez pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme et même peut-être endommager votre système/!\

Afficher le rapport.
(vous pouvez aussi le trouver sur C:\Combofix.txt)

Réactiver l'antivirus.
0
Réponse 14 / 15
...TrEiZ...
 
D'accord j'ai comprit. En fait vous cherchez comment supprimer définitivement ces lignes qui sont la cause de mon problème.

Voici le rapport de Combofix

ComboFix 08-09-05.10 - treiz 2008-09-09 3:45:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2062 [GMT 2:00]
Endroit: C:\Users\treiz\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))))))))
.

2008-09-09 01:43 . 2008-09-09 01:56 <REP> d-------- C:\Lop SD
2008-09-08 13:17 . 2008-09-08 13:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 13:17 . 2008-09-08 00:11 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-08 13:17 . 2008-09-08 00:11 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-08 03:53 . 2008-09-08 04:09 <REP> d-------- C:\HiJackThis
2008-09-07 21:12 . 2008-09-07 21:12 <REP> d-------- C:\Users\All Users\admgensys
2008-09-07 21:12 . 2008-09-07 21:12 <REP> d-------- C:\ProgramData\admgensys
2008-09-07 20:55 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-07 20:54 . 2008-09-07 20:54 <REP> d-------- C:\Program Files\Panda Security
2008-09-07 20:45 . 2008-09-09 03:44 <REP> d-------- C:\327882R2FWJFW
2008-09-07 15:38 . 2008-09-08 04:43 <REP> d-------- C:\Program Files\a-squared Free
2008-09-07 15:37 . 2008-09-07 15:37 <REP> d-------- C:\VundoFix Backups
2008-09-07 15:01 . 2008-03-03 15:05 54,672 --a------ C:\Windows\System32\vsutil_loc040c.dll
2008-09-07 15:01 . 2008-09-07 15:01 5,571 --a------ C:\Windows\System32\vsconfig.xml
2008-09-07 15:00 . 2008-09-07 15:01 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-09-07 15:00 . 2008-09-07 15:00 <REP> d-------- C:\Program Files\Zone Labs
2008-09-07 15:00 . 2008-03-03 15:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-09-07 15:00 . 2008-09-09 03:49 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-09-07 15:00 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-09-07 14:56 . 2008-09-08 04:56 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 04:19 . 2008-09-07 04:19 <REP> d-------- C:\Users\All Users\Avira
2008-09-07 04:19 . 2008-09-07 04:19 <REP> d-------- C:\ProgramData\Avira
2008-09-07 04:19 . 2008-09-07 04:19 <REP> d-------- C:\Program Files\Avira
2008-09-07 03:48 . 2008-09-07 03:49 <REP> d-------- C:\Users\treiz\.housecall6.6
2008-09-06 16:40 . 2008-09-06 16:40 691 --a------ C:\Users\treiz\AppData\Roaming\GetValue.vbs
2008-09-06 16:40 . 2008-09-06 16:40 35 --a------ C:\Users\treiz\AppData\Roaming\SetValue.bat
2008-09-06 16:38 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-09-06 16:38 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-09-06 16:38 . 2008-09-02 23:58 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe
2008-09-06 16:38 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-09-06 16:38 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-09-06 16:38 . 2008-08-28 22:36 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-09-06 16:38 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe
2008-09-06 16:38 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-09-06 16:38 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-09-06 16:38 . 2008-09-06 16:40 6,266 --a------ C:\Windows\System32\tmp.reg
2008-09-06 16:32 . 2008-09-06 16:32 <REP> d-------- C:\_OTMoveIt
2008-09-06 16:16 . 2008-09-06 16:16 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 03:19 . 2008-09-06 03:19 <REP> d-------- C:\Users\treiz\AppData\Roaming\Malwarebytes
2008-09-06 03:19 . 2008-09-06 03:19 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-06 03:19 . 2008-09-06 03:19 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-05 03:08 . 2008-09-08 16:06 <REP> d-------- C:\Users\All Users\Google Updater
2008-09-05 03:08 . 2008-09-08 16:06 <REP> d-------- C:\ProgramData\Google Updater
2008-09-05 02:18 . 2008-09-05 02:18 <REP> d-------- C:\Users\All Users\Arovax
2008-09-05 02:18 . 2008-09-05 02:18 <REP> d-------- C:\ProgramData\Arovax
2008-09-05 01:54 . 2008-09-05 01:54 <REP> d-------- C:\Users\All Users\CheckPoint
2008-09-05 01:54 . 2008-09-05 01:54 <REP> d-------- C:\ProgramData\CheckPoint
2008-09-05 01:54 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-09-05 01:53 . 2008-09-09 03:50 <REP> d-------- C:\Windows\Internet Logs
2008-09-05 00:11 . 2008-09-08 19:47 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-05 00:11 . 2008-09-08 19:47 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-04 22:11 . 2008-09-07 20:18 <REP> d-a------ C:\Users\All Users\TEMP
2008-09-04 22:11 . 2008-09-07 20:18 <REP> d-a------ C:\ProgramData\TEMP
2008-09-04 21:34 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-04 21:34 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-04 21:34 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-04 21:34 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-04 21:34 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-04 21:34 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-04 21:34 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-04 21:34 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-04 21:34 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-04 12:37 . 2008-09-07 04:44 <REP> d-------- C:\Users\All Users\ProcCmdHlp
2008-09-04 12:37 . 2008-09-07 04:44 <REP> d-------- C:\ProgramData\ProcCmdHlp
2008-09-04 00:36 . 2008-09-04 00:36 <REP> d-------- C:\Users\All Users\apimsgproc
2008-09-04 00:36 . 2008-09-04 00:36 <REP> d-------- C:\ProgramData\apimsgproc
2008-09-04 00:35 . 2008-09-04 00:35 <REP> d-------- C:\Users\All Users\CfgSys
2008-09-04 00:35 . 2008-09-04 00:35 <REP> d-------- C:\ProgramData\CfgSys
2008-08-30 22:54 . 2008-08-30 22:54 <REP> d-------- C:\Program Files\QuickTime
2008-08-30 22:48 . 2008-08-30 22:48 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-29 17:46 . 2008-08-29 17:56 <REP> d-------- C:\Program Files\adslTV
2008-08-29 03:04 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-28 20:49 . 2008-08-28 20:49 <REP> d-------- C:\Program Files\Real
2008-08-28 20:49 . 2008-08-28 20:49 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-08-28 20:49 . 2008-08-28 20:49 <REP> d-------- C:\Program Files\Common Files\Real
2008-08-25 19:44 . 2008-08-25 19:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 01:40 --------- d---a-w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-09-07 18:27 --------- d-----w C:\ProgramData\NVIDIA
2008-09-07 18:24 103,424 ----a-w C:\Windows\Internet Logs\xDB814F.tmp
2008-09-07 12:55 --------- d-----w C:\Program Files\Lavasoft
2008-09-05 01:09 --------- d-----w C:\Program Files\Google
2008-09-04 03:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 01:39 27,335 ----a-w C:\Users\treiz\AppData\Roaming\nvModes.dat
2008-08-31 17:33 --------- d---a-w C:\Program Files\Messenger Plus! Live
2008-08-30 20:56 --------- d-----w C:\Program Files\iTunes
2008-08-30 20:56 --------- d-----w C:\Program Files\iPod
2008-08-30 13:47 --------- d-----w C:\Users\treiz\AppData\Roaming\vlc
2008-08-29 15:21 --------- d-----w C:\Program Files\Neuf
2008-08-29 01:12 --------- d-----w C:\Program Files\Windows Mail
2008-08-29 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-20 18:20 --------- d---a-w C:\Users\treiz\AppData\Roaming\gtk-2.0
2008-08-07 08:43 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-02 20:05 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Journal
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Defender
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-02 19:58 --------- d-----w C:\Program Files\Windows Calendar
2008-08-02 19:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-02 19:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-02 17:14 --------- d-----w C:\Users\treiz\AppData\Roaming\Skyline
2008-08-02 16:37 --------- d-----w C:\ProgramData\Skyline
2008-08-02 16:37 --------- d-----w C:\Program Files\Skyline
2008-08-02 12:37 --------- d-----w C:\Users\treiz\AppData\Roaming\Micro Application
2008-08-01 11:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 23:38 --------- d-----w C:\Program Files\Shareaza
2008-07-31 19:28 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll
2008-07-31 19:27 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-07-31 19:27 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-07-31 19:27 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-07-31 19:27 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-07-31 19:26 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-31 19:26 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-31 19:26 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-31 19:26 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-31 19:26 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-31 19:26 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-31 19:26 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-31 19:26 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-31 19:26 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-31 19:26 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-31 19:24 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-31 19:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-31 19:23 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-31 19:23 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-31 19:23 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-31 19:22 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 19:22 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-31 19:22 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 19:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 19:22 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-31 19:16 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-31 19:15 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-31 19:15 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-31 18:55 --------- d-----w C:\ProgramData\Lavasoft
2008-07-22 20:04 --------- d-----w C:\ProgramData\Cadsoft
2008-07-22 20:04 --------- d-----w C:\Program Files\Common Files\Cadsoft
2008-07-22 20:04 --------- d-----w C:\Program Files\Cadsoft
2008-07-21 19:35 --------- d-----w C:\Users\treiz\AppData\Roaming\RTE
2008-07-21 19:35 --------- d-----w C:\ProgramData\RTE
2008-07-12 16:39 --------- d-----w C:\Program Files\Ubisoft
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-26 14:30 0 ----a-w C:\Users\treiz\AppData\Roaming\wklnhst.dat
2008-02-14 02:07 76 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 21:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 21:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-14 77824]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-14 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-04-14 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-28 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 21:46 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40BEC8D7-BCCB-48A8-8ECE-2009CA79D0BF}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{7400C8E1-E4BE-4995-9805-2731BC5270F5}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{91789668-E90C-44EA-9DF2-0205B62700F3}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{25E92EAF-A7C6-492C-BB9D-516E3924EBB7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{64C21FAC-782C-4DFD-B3C8-F7FBE52505A8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{859C8F21-2D1E-4409-B084-BAF449368D3E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AA89FE47-CC42-4864-86D4-3B1D15699FDC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC01D712-7AA0-4C2F-BFA4-C0A3BEB96C6E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EAAEC661-BBB0-4FDE-AC28-923BAE729B69}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A6B56497-D90F-4F6D-9C47-7391DC435E2F}"= UDP:6346:Shareaza
"{D3C36D91-C2C2-4222-A280-D8355389A677}"= TCP:6346:Shareaza
"TCP Query User{6A5A6EC9-1BB4-4076-98B9-A644BFA23879}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{D1631BE5-89E7-4DE2-8297-153C3C66533C}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{8C7AD19F-BD1D-4BD3-8743-44EED361D8F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{35851DB6-4902-4303-ACEE-B012727B41E9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-12-03 73728]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S4 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SetHlp - C:\ProgramData\SetHlp\xmvuvujs.exe
HKCU-Run-HlpMon - C:\ProgramData\HlpMon\gdijqrsx.exe
HKCU-Run-mntinfo - C:\ProgramData\mntinfo\gvuxqtan.exe
HKCU-Run-DscSrvEn - C:\ProgramData\DscSrvEn\ihcxmvwf.exe
HKCU-Run-EnSh - C:\ProgramData\EnSh\tojspirg.exe
HKCU-Run-MonDb - C:\ProgramData\MonDb\mpipkrwr.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\treiz\AppData\Roaming\Mozilla\Firefox\Profiles\l3aps9qu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.cegetel.net/
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPOFFICE.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 03:51:40
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> G:\Windows\system32\iertutil.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-09 3:54:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 01:54:18

Pre-Run: 165,763,358,720 octets libres
Post-Run: 165,676,019,712 octets libres

340 --- E O F --- 2008-09-04 19:38:12
0
Réponse 15 / 15
...TrEiZ...
 
Bonjour

Cela va faire un petit moment que je n'ai plus de vos nouvelles
Donc je voudrais savoir si c'était parce que mon problème avait disparu ou pour une autre raison
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses