Sujet Précédent Sujet Suivant

Probleme avec pop-up

Fermé
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015 - 30 oct. 2008 à 22:12
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015 - 15 nov. 2008 à 03:41
Bonjour,et bien voila jai un probleme qui est assez courant mais je sais pas comment le regler... le probleme est que jai des pop-up qui apparaise sur une base reguliere si qqun pourrait maider sa srai gentil ^_^ merci davance
A voir également:

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 19:16
et voila le TB





-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Stéphane ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:138 Go (Free:32 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 2008-11-08|13:14 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Url"="https://www.msn.com/fr-fr/actualite/"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..




[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-08|10:59 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-11-08|13:17 - Option : [2]

-----------\\ Fin du rapport a 13:17:29,36
0
Réponse 22 / 36
Utilisateur anonyme
8 nov. 2008 à 19:17
Re,

Fait moi un nouveau hijackthis STP.

merci
0
Réponse 23 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 19:18
voila !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:35, on 2008-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\STPHAN~1\AppData\Local\Temp\vtuSLcdd.dll,#1
O4 - HKCU\..\Run: [Facegame] "C:\Users\Stéphane\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Gool] "C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe"
O4 - HKCU\..\Run: [369b39af] rundll32.exe "C:\Users\STPHAN~1\AppData\Local\Temp\lbjsahaq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1144DE97-4A6B-4C70-A858-63C46C51524A}: NameServer = 206.47.199.71 67.69.240.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DFDB76-9ECB-46CF-8BCE-32697E9AF5C4}: NameServer = 67.69.239.49 207.164.234.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 24 / 36
Utilisateur anonyme
8 nov. 2008 à 19:28
Re,

▶ Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau


▶ Double-clique sur OTMoveIt.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie/colle le texte suivant en gris dans la case de gauche " Paste Instructions for items to be moved

Files:
c:\program files\daemon tools toolbar\dttoolbar.dll
c:\users\stphan~1\appdata\local\temp\vtuslcdd.dll
c:\users\stphan~1\appdata\local\temp\lbjsahaq.dll

:Commands
[reboot]
[emptytemp]


Clique sur " MoveIt! "

● Copie tout ce qui est marqué dans la case de droite " Results "

● Colle tout sur le forum.

( Rapport situé ici aussi : C:\_OTMoveIt\MovedFiles

Refait un hijackthis.merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 19:37
Error: Unable to interpret <Files:> in the current context!
Error: Unable to interpret <c:\program files\daemon tools toolbar\dttoolbar.dll> in the current context!
Error: Unable to interpret <c:\users\stphan~1\appdata\local\temp\vtuslcdd.dll> in the current context!
Error: Unable to interpret <c:\users\stphan~1\appdata\local\temp\lbjsahaq.dll> in the current context!
========== COMMANDS ==========
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\ahxobgfr.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\bYOhhIXN.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\etilqs_2CAadkMnvkdWhqwDifj5 scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\khfFVMDv.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\ppcrlui_4012_2 scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\uumseewl.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\xivdjejq.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DF1AB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DF4F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DF52E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DF54A8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Stéphane\AppData\Local\Mozilla\Firefox\Profiles\74cnwaoa.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11082008_133551
0
Réponse 26 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 19:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:35, on 2008-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\STPHAN~1\AppData\Local\Temp\vtuSLcdd.dll,#1
O4 - HKCU\..\Run: [Facegame] "C:\Users\Stéphane\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Gool] "C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe"
O4 - HKCU\..\Run: [369b39af] rundll32.exe "C:\Users\STPHAN~1\AppData\Local\Temp\lbjsahaq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1144DE97-4A6B-4C70-A858-63C46C51524A}: NameServer = 206.47.199.71 67.69.240.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DFDB76-9ECB-46CF-8BCE-32697E9AF5C4}: NameServer = 67.69.239.49 207.164.234.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 27 / 36
Utilisateur anonyme
8 nov. 2008 à 19:42
Re,

Sa n'as pas fonctionner:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.

• Appuie sur une touche pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

TUTORIAL

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !
0
Réponse 28 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 21:35
bon le probleme maintenant est que quand je clique sur runthis il apparait pendant une fraction de seconde et apres il disparait ...
0
Réponse 29 / 36
Utilisateur anonyme
8 nov. 2008 à 21:39
Re,

Oui tu n'est pas le premier qui et des blème avec sdfix.

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :



Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
0
Réponse 30 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 22:19
ComboFix 08-11-07.01 - St‚phane 2008-11-08 15:55:26.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.398 [GMT -5:00]
Lancé depuis: c:\users\St‚phane\Desktop\ComboFix.exe
* Resident AV is active

.
[i] ADS - Windows: deleted 24 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\St‚phane\AppData\Roaming\Facegame
c:\users\St‚phane\AppData\Roaming\Gool
c:\users\STPHAN~1\AppData\Local\Temp\bYOhhIXN.dll
c:\users\STPHAN~1\AppData\Local\Temp\cldqrkqw.dll
c:\users\Stéphane\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt
c:\users\Stéphane\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\Stéphane\AppData\Roaming\Facegame\Facegame.exe
c:\users\Stéphane\AppData\Roaming\Gool\Gool.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-08 au 2008-11-08 ))))))))))))))))))))))))))))))))))))
.

2008-11-08 13:50 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2008-11-08 13:35 . 2008-11-08 13:35 <REP> d-------- C:\_OTMoveIt
2008-11-08 10:56 . 2008-11-08 13:17 <REP> d-------- C:\ToolBar SD
2008-11-08 00:00 . 2008-11-08 10:45 <REP> d-------- C:\Lop SD
2008-11-07 19:38 . 2008-11-07 19:38 <REP> d-------- c:\program files\Trend Micro
2008-11-07 13:46 . 2008-11-07 17:48 <REP> d-------- c:\program files\Navilog1
2008-11-04 23:22 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-04 23:22 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-04 23:22 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-04 23:22 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-04 23:21 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-04 23:21 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-04 23:21 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-04 23:20 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-04 23:20 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-04 20:05 . 2008-11-04 20:24 <REP> d-------- c:\users\All Users\NexonUS
2008-11-04 20:05 . 2008-11-04 20:24 <REP> d-------- c:\programdata\NexonUS
2008-11-04 20:05 . 2008-11-04 20:05 <REP> d-------- C:\Nexon
2008-11-01 08:55 . 2008-11-01 08:55 <REP> d-------- c:\program files\Lavasoft
2008-10-30 16:10 . 2008-10-30 16:25 <REP> d-------- c:\program files\PhotoFiltre
2008-10-29 18:42 . <REP> c:\users\Stéphane\.gimp-2.6
2008-10-29 18:41 . <REP> c:\users\Stéphane\.gegl-0.0
2008-10-29 18:40 . 2008-10-29 18:40 <REP> d-------- c:\program files\Gimp-2.0
2008-10-29 15:17 . <REP> c:\users\Stéphane\AppData\Roaming\Download Manager
2008-10-29 08:01 . 2008-10-29 08:01 <REP> d-------- c:\users\Lyse\AppData\Roaming\Creative
2008-10-28 23:01 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:01 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll
2008-10-28 22:15 . <REP> c:\users\Stéphane\Live! Cam FX Creator
2008-10-28 22:15 . 2008-10-28 22:15 <REP> d-------- c:\users\All Users\EyePowerGames
2008-10-28 22:15 . 2008-10-28 22:15 <REP> d-------- c:\programdata\EyePowerGames
2008-10-28 22:07 . <REP> c:\users\Stéphane\AppData\Roaming\Creative
2008-10-28 20:44 . 2008-10-28 20:44 <REP> d-------- c:\users\Francis\AppData\Roaming\Creative
2008-10-28 19:52 . 2008-10-29 07:23 <REP> d-------- c:\users\All Users\Creative
2008-10-28 19:52 . 2008-10-29 07:23 <REP> d-------- c:\programdata\Creative
2008-10-28 18:54 . 2003-06-12 22:25 7,062 --a------ c:\windows\System32\audiopid.vxd
2008-10-28 18:52 . 2006-10-06 01:17 53,248 --------- c:\windows\Ctregrun.exe
2008-10-28 18:44 . 2006-08-30 06:10 158,456 --------- c:\windows\System32\pxwma.dll
2008-10-28 18:44 . 2006-08-30 06:10 36,528 --------- c:\windows\System32\drivers\PxHelp20.sys
2008-10-28 18:44 . 2006-08-30 06:10 2,560 --------- c:\windows\System32\drivers\cdralw2k.sys
2008-10-28 18:44 . 2006-08-30 06:10 2,432 --------- c:\windows\System32\drivers\cdr4_xp.sys
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- c:\program files\muvee Technologies
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- c:\program files\Common Files\muvee Technologies
2008-10-28 18:43 . 2006-05-16 10:54 57,344 --a------ c:\windows\System32\Mfc42loc.dll
2008-10-28 18:42 . 2008-10-28 18:42 <REP> d-------- c:\users\All Users\muvee Technologies
2008-10-28 18:42 . 2008-10-28 18:42 <REP> d-------- c:\programdata\muvee Technologies
2008-10-28 18:41 . 2008-10-28 18:41 <REP> d-------- c:\users\Francis\AppData\Roaming\InstallShield
2008-10-28 18:40 . 2008-10-28 18:40 <REP> d-------- c:\program files\SightSpeed
2008-10-28 18:24 . 2006-08-29 03:11 1,047,552 --------- c:\windows\System32\MFC71u.dll
2008-10-28 18:23 . 2003-02-20 15:42 348,160 --------- c:\windows\System32\msvcr71.dll
2008-10-28 18:18 . 2008-10-28 18:52 <REP> d-------- c:\program files\Creative
2008-10-27 16:35 . 2008-10-27 17:01 <REP> d-------- C:\Fonts
2008-10-17 20:08 . 2008-10-17 20:08 <REP> d-------- c:\users\Lyse\AppData\Roaming\Apple Computer
2008-10-16 18:01 . 2008-10-16 18:01 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-10-16 18:01 . 2008-10-16 18:01 <REP> d-------- c:\programdata\Yahoo! Companion
2008-10-12 13:31 . 2008-10-12 15:56 <REP> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-12 13:31 . 2008-11-06 08:13 <REP> d-------- C:\Temp
2008-10-11 15:50 . 2003-03-19 00:20 1,060,864 --a------ c:\windows\System32\mfc71.dll
2008-10-11 15:50 . 2003-03-18 23:14 499,712 --a------ c:\windows\System32\MSVCP71.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 18:23 --------- d-----w c:\program files\Image-Line
2008-11-08 07:01 --------- d-----w c:\users\Stéphane\AppData\Roaming\BitTorrent
2008-11-05 04:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-03 18:02 157,822,975 ----a-w c:\windows\DUMP3320.tmp
2008-11-03 17:54 --------- d-----w c:\users\Lyse\AppData\Roaming\BitTorrent
2008-10-29 23:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 23:16 --------- d-----w c:\program files\SlySoft
2008-10-29 23:14 --------- d-----w c:\users\Stéphane\AppData\Roaming\Mozilla
2008-10-29 20:25 --------- d-s---w c:\users\Stéphane\AppData\Roaming\Microsoft
2008-10-21 21:17 --------- d-----w c:\program files\Atari
2008-10-20 12:14 --------- d-----w c:\program files\Dl_cats
2008-10-16 21:41 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-12 00:51 150,204,415 ----a-w c:\windows\DUMP3938.tmp
2008-10-08 02:49 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 02:49 --------- d-----w c:\program files\iTunes
2008-10-08 02:48 --------- d-----w c:\program files\iPod
2008-10-07 14:22 --------- d-----w c:\users\Stéphane\AppData\Roaming\DAEMON Tools
2008-10-06 23:34 --------- d-----w c:\programdata\Avira
2008-10-06 23:34 --------- d-----w c:\program files\Avira
2008-10-04 21:37 --------- d-----w c:\program files\iTunes(3)
2008-10-04 21:37 --------- d-----w c:\program files\iPod(2)
2008-10-03 12:28 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-02 18:45 156,602,367 ----a-w c:\windows\DUMP39b5.tmp
2008-10-02 04:15 156,426,239 ----a-w c:\windows\DUMP3448.tmp
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-09-28 19:28 --------- d-----w c:\programdata\DVD Shrink
2008-09-28 19:17 --------- d-----w c:\programdata\SlySoft
2008-09-27 20:00 --------- d-----w c:\program files\Microsoft Games
2008-09-27 19:59 --------- d-----w c:\users\Stéphane\AppData\Roaming\Microsoft Games
2008-09-27 19:36 --------- d-----w c:\program files\DVD Shrink
2008-09-26 21:17 --------- d-----w c:\programdata\Messenger Plus!
2008-09-25 03:28 --------- d-----w c:\program files\Free Video Converter
2008-09-24 13:43 --------- d-----w c:\users\Stéphane\AppData\Roaming\vlc
2008-09-23 01:53 --------- d-----w c:\program files\Bonjour
2008-09-23 01:52 --------- d-----w c:\program files\QuickTime
2008-09-23 01:51 --------- d-----w c:\program files\Common Files\Apple
2008-09-23 01:47 --------- d-----w c:\program files\Apple Software Update
2008-09-21 21:09 --------- d-----w c:\users\Stéphane\AppData\Roaming\SPORE
2008-09-21 02:05 --------- d-----w c:\users\Francis\AppData\Roaming\SPORE
2008-09-21 01:35 --------- d-----w c:\program files\Electronic Arts
2008-09-17 00:50 --------- d-----w c:\programdata\SporeCreatureCreator
2008-09-13 22:32 --------- d-----w c:\users\Francis\AppData\Roaming\Bell
2008-09-11 20:07 --------- d-----w c:\program files\McAfee
2008-09-11 07:03 --------- d-----w c:\program files\Microsoft Works
2008-09-11 00:06 --------- d-----w c:\users\Stéphane\AppData\Roaming\LimeWire
2008-09-11 00:05 --------- d-----w c:\program files\LimeWire
2008-09-10 21:03 --------- d-----w c:\users\Stéphane\AppData\Roaming\Bell
2008-09-10 17:18 --------- d-----w c:\programdata\Bell
2008-09-10 16:51 --------- d-----w c:\users\Lyse\AppData\Roaming\Bell
2008-09-10 16:51 --------- d-----w c:\program files\Bell
2008-08-12 07:42 106 ----a-w c:\users\Stéphane\AppData\Roaming\wklnhst.dat
2008-07-11 15:15 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-11 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-07-10 495616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01CBDD49-2024-4350-86E1-546F5E3AE5F5}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{95E797BC-7A6A-45D9-871A-70E96E4062F5}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{48EF47CB-A4B8-4382-AFB4-0113303D3B90}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{288EB1BE-01E0-4D6F-9CC7-5AA9A7880107}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4414C19A-31C2-4BF0-A17E-C0452A881012}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{73EBCFE3-9E66-4F32-930C-BD1B8D2E0F21}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E1EADAAD-BD02-4462-9E65-16CAFF0C54DF}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{333D90A4-12E9-4E83-B68E-BC8AC82EA317}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4454EFE4-2EBD-4DA8-B268-0653C56EAD3C}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{66C22E18-C91C-4CA2-A584-E3AB807EEFD9}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{FAF584DE-98A9-496E-AC18-50538BD56BA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{623EB554-8CC6-4AA1-A757-7422FD77E15E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A90F76B0-477C-4A9C-8054-E89C2B941617}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{325511A0-90BB-48D1-B650-7D77EEBCA8A6}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{9072A46B-98E6-495E-A639-A4605AD86DFE}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{CFD5AD92-53F5-433A-AF0D-3D927595FF0D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CC2E84D3-F36A-4BAF-92C5-78325596A028}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3DA62383-8C9C-4B02-9981-C01DAB4E98E3}"= UDP:c:\windows\System32\dlcgcoms.exe:Lexmark Communications System
"{A1249FEF-7C72-4B18-804B-908730D8E3BB}"= TCP:c:\windows\System32\dlcgcoms.exe:Lexmark Communications System
"{B577BCF9-8A5C-44F7-A5E2-ED09FB869455}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{60D51B8C-07B3-47BA-AD9C-A0E3D9D22351}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{0C62726A-CEBD-4FAB-A250-E36091A8D353}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{F6691616-32DF-422B-975E-07F4B6C371C1}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{AFC5709F-1CAA-4915-8426-3F6D08A8D8BE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{6AF10CCC-766B-4EC6-8C93-FF7D1C740017}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{B804579F-70E8-4EFF-B2D8-96D96972C400}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BA26A6FE-A7CD-47A5-95B7-4766EDB643AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B312EE15-ECA5-409F-960A-37DE49F7EACD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{D9415365-143F-43CE-9970-634FE0A0FDFA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{CB548DF4-3ECA-4432-B093-A9138561DD64}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C40F18E5-13C9-439E-A88C-50AC1F26CAA1}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{83A004A7-60D0-40B1-913C-E176824278F0}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{4F70CEC6-2DBA-4000-8B69-9BE6DCD2B000}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A1942E9A-506F-4E6B-A8A5-CC297B96FF52}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{18540162-E9D7-4BE2-B3EF-0E92A8121C9D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{86B96FAC-6D93-482C-B273-E1E2A5DFF888}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{356BDDD2-FEBC-4C11-8189-FDC45D0A041F}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{81763C57-4CAA-49BC-8476-6E67B5833DEF}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{C7EE5A09-653E-4503-898F-215E375E3AEC}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{C9476480-9598-457C-A878-45A8B72EBE72}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DC9EA1C4-1C7B-4C45-ACB3-02EA520E2BEB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-10 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video Chat (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 170368]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2005-10-27 402432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175e387e-5595-11dd-aaac-000272592a54}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd58cb7-5690-11dd-b4f4-000272592a54}]
\shell\AutoRun\command - f:\_autorun\AUTORUN.EXE
\shell\instDX\command - f:\directx\dxsetup.exe
\shell\readme\command - notepad readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d9ee33-51c6-11dd-afa4-000272592a54}]
\shell\AutoRun\command - f:\_autorun\AUTORUN.EXE
\shell\instDX\command - f:\directx\dxsetup.exe
\shell\readit\command - notepad readme.doc
\shell\readme\command - notepad readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d394395e-4ec0-11dd-aac6-806e6f6e6963}]
\shell\AutoRun\command - e:\ctrun\start.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Facegame - c:\users\Stéphane\AppData\Roaming\Facegame\Facegame.exe


.
------- Examen supplémentaire -------
.
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O17 -: HKLM\CCS\Interface\{1144DE97-4A6B-4C70-A858-63C46C51524A}: NameServer = 206.47.199.71 67.69.240.9
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 16:12:20
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlcgcoms.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MPS\mps.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\McAfee\MSC\mcregist.exe
c:\program files\McAfee\MPS\mpsevh.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Mail\WinMail.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MSC\mcuimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-11-08 16:18:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-08 21:18:14

Avant-CF: 35ÿ339ÿ804ÿ672 octets libres
AprÞs-CF: 35,215,757,312 octets libres

303 --- E O F --- 2008-10-29 07:01:26
0
Réponse 31 / 36
Utilisateur anonyme
8 nov. 2008 à 22:24
Re,

refait un hijackthis.

merci
0
Réponse 32 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
8 nov. 2008 à 23:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:35, on 2008-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\STPHAN~1\AppData\Local\Temp\vtuSLcdd.dll,#1
O4 - HKCU\..\Run: [Facegame] "C:\Users\Stéphane\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Gool] "C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe"
O4 - HKCU\..\Run: [369b39af] rundll32.exe "C:\Users\STPHAN~1\AppData\Local\Temp\lbjsahaq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1144DE97-4A6B-4C70-A858-63C46C51524A}: NameServer = 206.47.199.71 67.69.240.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DFDB76-9ECB-46CF-8BCE-32697E9AF5C4}: NameServer = 67.69.239.49 207.164.234.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 33 / 36
Utilisateur anonyme
9 nov. 2008 à 10:05
Salut,

on avancera pas si tu me donne des rapport aprés avoir passer un fix.........

Scan saved at 19:38:35, on 2008-11-07

Fait moi un hijackthis tout neuf de ce jour .

merci
0
Réponse 34 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
9 nov. 2008 à 21:50
dsl pour le retard !!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:35, on 2008-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\STPHAN~1\AppData\Local\Temp\vtuSLcdd.dll,#1
O4 - HKCU\..\Run: [Facegame] "C:\Users\Stéphane\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Gool] "C:\Users\Stéphane\AppData\Roaming\Gool\Gool.exe"
O4 - HKCU\..\Run: [369b39af] rundll32.exe "C:\Users\STPHAN~1\AppData\Local\Temp\lbjsahaq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1144DE97-4A6B-4C70-A858-63C46C51524A}: NameServer = 206.47.199.71 67.69.240.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DFDB76-9ECB-46CF-8BCE-32697E9AF5C4}: NameServer = 67.69.239.49 207.164.234.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 35 / 36
Utilisateur anonyme
9 nov. 2008 à 21:51
Re,

Ton rapport hijackthis date de deux jours:Scan saved at 19:38:35, on 2008-11-07
0
Réponse 36 / 36
Stéphane. Messages postés 80 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 23 avril 2015
15 nov. 2008 à 03:41
peu importe le probleme est regler je nai plus de pop up ! comment jai réglé sa ? aucune idée ! mais merci pour l'aide c'est tres aprécier
0

Discussions similaires

Comment lire un DVD avec un pop-up mobile external DVD-RW
Anna -
Anna -

2 réponses
Notifications pop UP sous Android 14
Mich -
Panth33ra -

5 réponses
virus pop up avast
ririmeca -
bazfile -

9 réponses
Freebox pop
Kuza -
CCMBot -

1 réponse