Sujet Précédent Sujet Suivant

Virus msn nouvo ?

aToto Messages postés 18 Statut Membre -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
donc voila j'ai recut un message d'un de mes contact de msn je ne sais plus exactement la phrase extacte si cela reviens je l'a posterais dans mes souvenirs c'était une adress http:/myspc. je ne sais plus quoi et apres photo= mon adresse msn. j'ai cliqué betement dessu et iil m'a enmener sur un site vierge et jai telecharger le truc :s et depuis il envoit se message avec l'adresse du contact qui le recoit donc voila. quand j'avais finis de telecharger bitdefender dit que j'ai eu un trojan mais que mon ordinateur n'a pas été infecter pourtant a se jour j'ai fait une analyse de mon antivirus et quand je vais dans mon disk c il m'affiche c:\ous.exe trojan ..donc.
Je suis allé voir et je ne peut pas le suprimmer il me dit impossible de le lire à partir du fichier ou de la disquette source ... comment faire ? et comment savoir si il n'a en avait pas plusieurs de trojan dans le truc que j'ai telecharger ?
A voir également:

45 réponses

Réponse 1 / 45
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
@ Drhouse1998 :

Tu es fort pour copier/coller des canned speech, mais est-ce que tu sais lire le rapport de Combofix ?

Le script que tu demandes de faire sert à effacer ce fichier :
c:\documents and settings\yves\local settings\temporary internet files\ijjistarter_verinfo.dat

Or, si tu regardes le rapport Combofix, tu verras qu'il l'a déjà supprimé (il est dans la partie "autre suppression")...

De plus, Combofix est dangereux, et les scripts le sont encore plus, une petite erreur peut créer de gros problèmes...
Il y a des moyens plus simples pour supprimer un fichier !

Plutôt que de demander un scan avec Combofix alors que tu ne le maitrises pas, utilise d'autres programmes (SDFix comme tu l'as dit, ou MalwareBytes)... Et si un fichier apparait encore sur un rapport : suppression manuelle avec OTMoveIt + fixer la ligne avec hijackthis

2
Mmsl35_ Messages postés 1865 Statut Membre 242
 
ce qui me semblait il avait l'air d'etre supprimé!
0
Réponse 2 / 45
Mmsl35_ Messages postés 1865 Statut Membre 242
 
la solution pour ne plus recevoir des messages de ton genre est de changer ton mot de passe principal!utilisé pour window live messenger.

>>>>>>Envoie un log hijackthis -- stp

F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
https://kerio.probb.fr/
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
1
Réponse 3 / 45
Utilisateur anonyme
 
Hi,

Cela ne le supprimera pas le trojan en la fixant...............

Alut.
1
Mmsl35_ Messages postés 1865 Statut Membre 242
 
ça evite juste qu'il s'éxécute? ça le supprime de la liste c'est tout ? je me trompe?
0
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > Mmsl35_ Messages postés 1865 Statut Membre
 
"ça evite juste qu'il s'éxécute?"

Oui mais ça ne fonctionne pas toujours... Et même si c'est le cas, le fichier est toujours la.
Par contre, ça gêne la désinfection parce que ça empêche ensuite de voir si les autres outils de désinfection utilisés ont été efficaces (puisque la ligne n'apparait plus)


0
Réponse 4 / 45
aToto Messages postés 18 Statut Membre
 
est ce grave si il se met direct sur mon bureau hijackthis ? si ui je ne sais pas comment faire pour le mettre directement sur mon disk c: il arrive sans etre comprésser .. alors que jai winrar autrement si sais nn mon rappport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:43, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\yves\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 45
twister2 Messages postés 223 Statut Membre 43
 
salu atoto

tu a un trojan ;
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
suprime cette ligne avec hijack .@t2
0
Réponse 6 / 45
aToto Messages postés 18 Statut Membre
 
que doit je faire alors ? :s
pour info je ne sais pas comment on fait pour enlever la ligne avec hijack :s
0
Réponse 7 / 45
Utilisateur anonyme
 
Hi,

==>Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

==>Double clique sur RSIT.exe pour lancer l'outil.

==>Clique sur ' continue ' à l'écran Disclaimer.

==>Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

0
Réponse 8 / 45
aToto Messages postés 18 Statut Membre
 
rapport info :

info.txt logfile of random's system information tool 1.04 2008-11-30 02:52:34

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Archlord Episode 3-->"C:\Program Files\Codemasters\Archlord\unins000.exe"
BitDefender 9 Professional Plus-->MsiExec.exe /I{0F7F74EE-0EB4-4133-A9C4-C242C6EFD087}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CABAL Online v3.3-->"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\unins000.exe"
Calendrier de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c /remove
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Club Internet Agent Wi-Fi V2.1-->C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\uninstall.exe
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove
Creative Live! Cam Doodling-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x40c /remove
Creative Live! Cam FX Creator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x40c /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove
Creative Live! Cam Optia Pro Driver (1.00.06.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0380.uns -plugin V0380Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
DebugMode Wax 2.0-->"C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
Decal Converter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe"
Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
FLV Player-->C:\Program Files\FLV Player\uninstall.exe
Folder Security Guard-->"C:\Program Files\FolderSecurityGuard\unins000.exe"
Football Manager 2009 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10570
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gestionnaire de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Gravity Ragnarok-->"C:\Program Files\Gravity\Ragnarok_france\uninstall.exe"
Guide de l'utilisateur Creative Live! Cam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c /remove
Gunbound-->"C:\Program Files\GOA\unins000.exe"
Half-Life-->C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Documents and Settings\yves\Bureau\HijackThis.exe" /uninstall
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Ivalice Launcher Version 11-->"C:\Program Files\World of Warcraft\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JkDefrag 3.36-->"C:\Program Files\JkDefrag\unins000.exe"
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
LRose_775_775-->"C:\Program Files\LRose\unins000.exe"
LRose_776_776-->"C:\Program Files\LRose\unins001.exe"
Ma-Config.com-->MsiExec.exe /X{B312D12A-0320-4462-B6F7-C9B69EB3DB5C}
MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP Manager-->MsiExec.exe /X{7DE4B31F-651E-4773-8DD4-399E7E58477E}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
muveeNow 2.0 - Creative-->C:\Program Files\InstallShield Installation Information\{B0F64C44-DC77-497D-9A27-C0F5BAB12493}\setup.exe -runfromtemp -l0x040c -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Programme d'installation Atheros Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.EXE" -l0x40c -removeonly
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rappelz-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A8838A-9469-425F-A5FB-FC14D4CF93B9}\setup.exe" -l0x40c -removeonly
SiSoftware Sandra Lite 2009-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\unins000.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMPlayer 0.6.0final-->"C:\Program Files\SMPlayer\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Talk to Me-->"C:\TALK TO ME 5.0\BIN\unsetup.exe" -file "C:\TALK TO ME 5.0\unsetup.aui"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: BitDefender 9 Professional Plus
FW: BitDefender 9 Professional Plus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009

-----------------EOF-----------------
0
Réponse 9 / 45
aToto Messages postés 18 Statut Membre
 
rapport log :

Logfile of random's system information tool 1.04 (written by random/random)
Run by yves at 2008-11-30 02:52:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 213 GB (70%) free of 305 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52:33, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\yves\Bureau\HiJackThis.exe
C:\Documents and Settings\yves\Bureau\RSIT.exe
C:\Documents and Settings\yves\Bureau\yves.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Mmsl35_ Messages postés 1865 Statut Membre 242
 
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
le trojan est toujours la!
0
Réponse 10 / 45
Utilisateur anonyme
 
Hi,

passe ceci:

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
0
Réponse 11 / 45
Utilisateur anonyme
 
Hi,

RSIT et un outil de diagnostic.

Alut.
0
Réponse 12 / 45
Utilisateur anonyme
 
Hi,

tu ne supprime que la clé pas le dossier.

Alut.
0
Mmsl35_ Messages postés 1865 Statut Membre 242
 
oui on n'enleve la clé du registre, il ne sera plus executé c'est de ça!

donc combofix est a la suite de RSIT, il supprime le trojan?

et aussi supprimer ça!O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
0
Réponse 13 / 45
Utilisateur anonyme
 
Hi,

Non rsit et un "complement" si je puis dire il vas plus en profondeur.

Ensuite combofix et très dangereux dans son utlisation mais avec lui on est a peu prés sur que rien n'est présent sur le pc.

Aussi j'aurait put passer SDFIX .

Alut.
0
Réponse 14 / 45
aToto Messages postés 18 Statut Membre
 
alors voila ^^

ComboFix 08-11-29.03 - yves 2008-11-30 3:17:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1482 [GMT 1:00]
Lancé depuis: c:\documents and settings\yves\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\yves\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\InfoSat.txt
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.

2008-11-30 02:52 . 2008-11-30 02:52 <REP> d-------- C:\rsit
2008-11-30 00:43 . 2008-11-30 00:43 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 00:16 . 2008-11-25 20:44 48,690 --a------ c:\windows\fxstaller.MSNFix
2008-11-30 00:16 . 2008-11-30 00:16 26,162 --a------ C:\ous.exe
2008-11-26 13:04 . 2008-11-26 13:04 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-24 19:06 . 2008-11-27 22:54 <REP> d-------- c:\program files\JkDefrag
2008-11-24 19:06 . 2008-09-02 15:49 253,952 --a------ c:\windows\system32\JkDefragScreenSaver.exe
2008-11-24 19:06 . 2008-09-02 15:49 106,496 --a------ c:\windows\system32\JkDefragScreenSaver.scr
2008-11-23 12:40 . 2008-11-23 18:39 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-23 12:40 . 2008-11-23 12:40 45 ---h----- c:\windows\dsez3205.dat
2008-11-20 22:05 . 2008-11-20 22:20 <REP> d-------- c:\program files\MediaCoder
2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\eRightSoft
2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\AviSynth 2.5
2008-11-20 21:04 . 2008-11-20 21:04 <REP> d-------- c:\program files\YouTUBE (TM) movie downloader
2008-11-20 20:54 . 2008-11-20 20:54 <REP> d-------- c:\program files\FLV Player
2008-11-16 16:30 . 2008-11-16 21:54 <REP> d-------- c:\documents and settings\yves\Application Data\MP-Manager
2008-11-16 16:29 . 2008-11-16 16:29 <REP> d-------- c:\program files\MPMAN
2008-11-15 11:37 . 2008-11-15 11:37 <REP> d-------- c:\program files\Codemasters
2008-11-14 20:18 . 2008-11-14 20:19 <REP> d-------- c:\documents and settings\yves\Application Data\Sports Interactive
2008-11-14 20:18 . 2008-11-14 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-14 20:18 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-14 20:17 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\windows\Logs
2008-11-14 10:54 . 2008-11-29 23:59 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-11-12 14:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-12 14:31 . 2008-11-12 14:33 <REP> d-------- c:\program files\TmNationsForever
2008-11-08 23:29 . 2008-11-10 23:33 <REP> d-------- c:\program files\mIRC
2008-11-08 23:29 . 2008-11-10 23:39 <REP> d-------- c:\documents and settings\yves\Application Data\mIRC
2008-11-07 23:29 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-11-06 20:47 . 2008-11-06 20:47 <REP> d-------- c:\documents and settings\jessica\Application Data\Logitech
2008-11-01 14:04 . 2008-11-01 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-01 13:43 . 2008-11-01 13:43 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-11-01 12:58 . 2001-10-26 23:16 16,384 --a------ c:\windows\system32\FileOps.exe
2008-11-01 12:56 . 2008-11-01 12:56 <REP> d-------- c:\windows\Adobe Illustrator CS
2008-10-28 22:37 . 2008-10-28 22:37 <REP> d-------- c:\program files\aMSN
2008-10-28 22:37 . 2008-11-26 19:34 <REP> d-------- c:\documents and settings\yves\amsn
2008-10-27 00:10 . 2008-10-27 07:05 <REP> d-------- c:\windows\SxsCaPendDel
2008-10-27 00:08 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\fr-FR
2008-10-27 00:05 . 2008-10-27 00:05 <REP> d-------- c:\program files\MSBuild
2008-10-27 00:02 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\XPSViewer
2008-10-27 00:02 . 2008-10-27 00:02 <REP> d-------- c:\program files\Reference Assemblies
2008-10-27 00:01 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-26 23:44 . 2008-10-26 23:44 <REP> d-------- C:\Logs
2008-10-26 21:30 . 2008-10-26 21:30 <REP> d-------- c:\program files\SiSoftware
2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Sonic Foundry
2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Pure Motion
2008-10-24 16:59 . 2008-10-24 16:59 <REP> d-------- c:\program files\DebugMode
2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\program files\Fichiers communs\HP
2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-24 10:45 . 2008-10-24 10:45 <REP> d-------- c:\program files\Hewlett-Packard
2008-10-24 10:44 . 2008-10-24 10:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-10-24 10:43 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-10-24 10:43 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-10-24 10:42 . 2004-12-14 17:06 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-10-24 10:34 . 2004-09-29 11:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-10-24 10:34 . 2004-09-29 11:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-10-24 10:34 . 2004-09-29 11:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-10-24 10:34 . 2004-09-29 11:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-10-24 10:34 . 2004-09-29 11:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-10-24 10:34 . 2004-09-29 11:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-10-24 10:33 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-24 10:30 . 2008-10-24 10:46 <REP> d-------- c:\program files\HP
2008-10-24 10:29 . 2008-10-24 10:53 70,990 --a------ c:\windows\hpoins05.dat
2008-10-24 10:29 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat
2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-10-16 17:34 . 2008-10-16 17:34 <REP> d-------- c:\documents and settings\yves\Application Data\Yahoo!
2008-10-15 16:14 . 2008-10-15 16:14 <REP> d-------- c:\documents and settings\yves\Application Data\Logitech
2008-10-15 16:12 . 2008-10-17 14:45 <REP> d-------- c:\program files\Yahoo!
2008-10-15 16:12 . 2008-10-15 16:12 <REP> d-------- c:\documents and settings\yves\Application Data\Leadertech
2008-10-15 16:12 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-10-15 16:10 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-10-15 16:09 . 2008-10-15 16:12 <REP> d-------- c:\program files\Fichiers communs\Logishrd
2008-10-15 16:09 . 2008-10-15 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-15 16:09 . 2007-11-15 09:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-10-15 16:09 . 2007-11-15 09:07 170,512 --a------ c:\windows\system32\kemutb.dll
2008-10-15 16:09 . 2007-11-15 09:07 141,840 --a------ c:\windows\system32\KemUtil.dll
2008-10-15 16:09 . 2007-11-15 09:07 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-10-15 16:09 . 2007-11-15 09:07 76,304 --a------ c:\windows\system32\KemXML.dll
2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-06 13:29 . 2008-11-23 18:51 <REP> d-------- c:\documents and settings\yves\Application Data\gtk-2.0
2008-10-06 13:29 . 2008-10-06 13:29 <REP> d-------- c:\documents and settings\yves\.thumbnails
2008-10-06 13:28 . 2008-11-23 18:58 <REP> d-------- c:\documents and settings\yves\.gimp-2.6
2008-10-06 13:28 . 2008-10-06 13:28 <REP> d-------- c:\documents and settings\yves\.gegl-0.0
2008-10-06 13:27 . 2008-10-06 13:27 <REP> d-------- c:\program files\Gimp-2.0
2008-10-01 20:38 . 2008-11-10 00:39 <REP> d-------- c:\documents and settings\yves\Application Data\Mumble
2008-10-01 20:37 . 2008-10-01 20:38 <REP> d-------- c:\program files\Mumble

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 02:20 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-29 23:19 --------- d-----w c:\program files\World of Warcraft
2008-11-29 22:28 --------- d-----w c:\program files\Steam
2008-11-28 15:55 --------- d-----w c:\documents and settings\yves\Application Data\LimeWire
2008-11-28 05:44 --------- d-----w c:\documents and settings\yves\Application Data\uTorrent
2008-11-26 12:04 --------- d-----w c:\program files\Java
2008-11-25 19:38 --------- d-----w c:\documents and settings\yves\Application Data\Skype
2008-11-25 18:08 --------- d-----w c:\documents and settings\yves\Application Data\skypePM
2008-11-10 14:09 --------- d-----w c:\program files\Gravity
2008-11-08 00:01 --------- d--h--w c:\documents and settings\yves\Application Data\ijjigame
2008-11-01 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-01 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:38 --------- d-----w c:\program files\particleIllusion 3.0 demo
2008-10-30 20:33 --------- d-----w c:\program files\LRose
2008-10-28 21:25 --------- d-----w c:\documents and settings\yves\Application Data\teamspeak2
2008-10-15 15:12 --------- d-----w c:\program files\Common Files
2008-10-15 15:09 --------- d-----w c:\program files\Logitech
2008-08-18 10:55 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-08-18 10:55 2,272 ----a-w c:\windows\system32\w95inf16.dll
2006-06-15 18:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 543232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"BDMCon"="c:\program files\Softwin\BitDefender9\bdmcon.exe" [2008-06-09 372736]
"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
"BDNewsAgent"="c:\program files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 9728]
"BDSwitchAgent"="c:\program files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 33280]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-04-05 32768]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Enregistrement de produit Logitech.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\yves\\Bureau\\CabalTemp\\ESTSetupLoader.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\source sdk base\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-07-09 142656]
R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-07-09 94976]
R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-07-09 273152]
R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-07-09 7168]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-06-14 576680]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-10-26 98488]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d:\ctrun\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158c02ba-b5a0-11dd-aacd-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a941771-b3f3-11dd-aac6-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9d93a0-571f-11dd-aa07-000e2e90506a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lancer_L'ANIMATION.HTM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbdda7fc-bab5-11dd-aad4-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-11-29 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]

2008-11-28 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-04 19:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-StandardInstall - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
FF -: plugin - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 03:22:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2008-11-30 3:23:09
ComboFix-quarantined-files.txt 2008-11-30 02:23:07

Avant-CF: 223 100 600 320 octets libres
Après-CF: 223,982,174,208 octets libres

280
0
Réponse 15 / 45
Mmsl35_ Messages postés 1865 Statut Membre 242
 
ok donc après quand ça sera fait !!tu demanderas un nouveu rapport hitjackis pour controler! puis corriger les lignes de registre inutile , tu utiliseras un logiciel du genre regcleaner ou cclenaer avec en plus le nettoyage des fichiers temporaire....
0
Réponse 16 / 45
Utilisateur anonyme
 
Hi,

oui certainement.

Alut.
0
Réponse 17 / 45
aToto Messages postés 18 Statut Membre
 
mon nouvo rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:23, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\yves\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 18 / 45
Utilisateur anonyme
 
Hi,

et mon rapport de combofix?

Alut.
0
Réponse 19 / 45
aToto Messages postés 18 Statut Membre
 
voila je l'avais poster juste avant ; )
ComboFix 08-11-29.03 - yves 2008-11-30 3:17:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1482 [GMT 1:00]
Lancé depuis: c:\documents and settings\yves\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\yves\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\InfoSat.txt
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.

2008-11-30 02:52 . 2008-11-30 02:52 <REP> d-------- C:\rsit
2008-11-30 00:43 . 2008-11-30 00:43 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 00:16 . 2008-11-25 20:44 48,690 --a------ c:\windows\fxstaller.MSNFix
2008-11-30 00:16 . 2008-11-30 00:16 26,162 --a------ C:\ous.exe
2008-11-26 13:04 . 2008-11-26 13:04 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-24 19:06 . 2008-11-27 22:54 <REP> d-------- c:\program files\JkDefrag
2008-11-24 19:06 . 2008-09-02 15:49 253,952 --a------ c:\windows\system32\JkDefragScreenSaver.exe
2008-11-24 19:06 . 2008-09-02 15:49 106,496 --a------ c:\windows\system32\JkDefragScreenSaver.scr
2008-11-23 12:40 . 2008-11-23 18:39 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-23 12:40 . 2008-11-23 12:40 45 ---h----- c:\windows\dsez3205.dat
2008-11-20 22:05 . 2008-11-20 22:20 <REP> d-------- c:\program files\MediaCoder
2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\eRightSoft
2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\AviSynth 2.5
2008-11-20 21:04 . 2008-11-20 21:04 <REP> d-------- c:\program files\YouTUBE (TM) movie downloader
2008-11-20 20:54 . 2008-11-20 20:54 <REP> d-------- c:\program files\FLV Player
2008-11-16 16:30 . 2008-11-16 21:54 <REP> d-------- c:\documents and settings\yves\Application Data\MP-Manager
2008-11-16 16:29 . 2008-11-16 16:29 <REP> d-------- c:\program files\MPMAN
2008-11-15 11:37 . 2008-11-15 11:37 <REP> d-------- c:\program files\Codemasters
2008-11-14 20:18 . 2008-11-14 20:19 <REP> d-------- c:\documents and settings\yves\Application Data\Sports Interactive
2008-11-14 20:18 . 2008-11-14 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-14 20:18 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-14 20:17 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\windows\Logs
2008-11-14 10:54 . 2008-11-29 23:59 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-11-12 14:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-11-12 14:31 . 2008-11-12 14:33 <REP> d-------- c:\program files\TmNationsForever
2008-11-08 23:29 . 2008-11-10 23:33 <REP> d-------- c:\program files\mIRC
2008-11-08 23:29 . 2008-11-10 23:39 <REP> d-------- c:\documents and settings\yves\Application Data\mIRC
2008-11-07 23:29 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-11-06 20:47 . 2008-11-06 20:47 <REP> d-------- c:\documents and settings\jessica\Application Data\Logitech
2008-11-01 14:04 . 2008-11-01 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-01 13:43 . 2008-11-01 13:43 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-11-01 12:58 . 2001-10-26 23:16 16,384 --a------ c:\windows\system32\FileOps.exe
2008-11-01 12:56 . 2008-11-01 12:56 <REP> d-------- c:\windows\Adobe Illustrator CS
2008-10-28 22:37 . 2008-10-28 22:37 <REP> d-------- c:\program files\aMSN
2008-10-28 22:37 . 2008-11-26 19:34 <REP> d-------- c:\documents and settings\yves\amsn
2008-10-27 00:10 . 2008-10-27 07:05 <REP> d-------- c:\windows\SxsCaPendDel
2008-10-27 00:08 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\fr-FR
2008-10-27 00:05 . 2008-10-27 00:05 <REP> d-------- c:\program files\MSBuild
2008-10-27 00:02 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\XPSViewer
2008-10-27 00:02 . 2008-10-27 00:02 <REP> d-------- c:\program files\Reference Assemblies
2008-10-27 00:01 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-26 23:44 . 2008-10-26 23:44 <REP> d-------- C:\Logs
2008-10-26 21:30 . 2008-10-26 21:30 <REP> d-------- c:\program files\SiSoftware
2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Sonic Foundry
2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Pure Motion
2008-10-24 16:59 . 2008-10-24 16:59 <REP> d-------- c:\program files\DebugMode
2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\program files\Fichiers communs\HP
2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-24 10:45 . 2008-10-24 10:45 <REP> d-------- c:\program files\Hewlett-Packard
2008-10-24 10:44 . 2008-10-24 10:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-10-24 10:43 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-10-24 10:43 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-10-24 10:42 . 2004-12-14 17:06 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-10-24 10:34 . 2004-09-29 11:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-10-24 10:34 . 2004-09-29 11:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-10-24 10:34 . 2004-09-29 11:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-10-24 10:34 . 2004-09-29 11:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-10-24 10:34 . 2004-09-29 11:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-10-24 10:34 . 2004-09-29 11:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-10-24 10:33 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-24 10:30 . 2008-10-24 10:46 <REP> d-------- c:\program files\HP
2008-10-24 10:29 . 2008-10-24 10:53 70,990 --a------ c:\windows\hpoins05.dat
2008-10-24 10:29 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat
2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-10-16 17:34 . 2008-10-16 17:34 <REP> d-------- c:\documents and settings\yves\Application Data\Yahoo!
2008-10-15 16:14 . 2008-10-15 16:14 <REP> d-------- c:\documents and settings\yves\Application Data\Logitech
2008-10-15 16:12 . 2008-10-17 14:45 <REP> d-------- c:\program files\Yahoo!
2008-10-15 16:12 . 2008-10-15 16:12 <REP> d-------- c:\documents and settings\yves\Application Data\Leadertech
2008-10-15 16:12 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-10-15 16:10 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-10-15 16:09 . 2008-10-15 16:12 <REP> d-------- c:\program files\Fichiers communs\Logishrd
2008-10-15 16:09 . 2008-10-15 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-15 16:09 . 2007-11-15 09:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-10-15 16:09 . 2007-11-15 09:07 170,512 --a------ c:\windows\system32\kemutb.dll
2008-10-15 16:09 . 2007-11-15 09:07 141,840 --a------ c:\windows\system32\KemUtil.dll
2008-10-15 16:09 . 2007-11-15 09:07 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-10-15 16:09 . 2007-11-15 09:07 76,304 --a------ c:\windows\system32\KemXML.dll
2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-06 13:29 . 2008-11-23 18:51 <REP> d-------- c:\documents and settings\yves\Application Data\gtk-2.0
2008-10-06 13:29 . 2008-10-06 13:29 <REP> d-------- c:\documents and settings\yves\.thumbnails
2008-10-06 13:28 . 2008-11-23 18:58 <REP> d-------- c:\documents and settings\yves\.gimp-2.6
2008-10-06 13:28 . 2008-10-06 13:28 <REP> d-------- c:\documents and settings\yves\.gegl-0.0
2008-10-06 13:27 . 2008-10-06 13:27 <REP> d-------- c:\program files\Gimp-2.0
2008-10-01 20:38 . 2008-11-10 00:39 <REP> d-------- c:\documents and settings\yves\Application Data\Mumble
2008-10-01 20:37 . 2008-10-01 20:38 <REP> d-------- c:\program files\Mumble

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 02:20 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-29 23:19 --------- d-----w c:\program files\World of Warcraft
2008-11-29 22:28 --------- d-----w c:\program files\Steam
2008-11-28 15:55 --------- d-----w c:\documents and settings\yves\Application Data\LimeWire
2008-11-28 05:44 --------- d-----w c:\documents and settings\yves\Application Data\uTorrent
2008-11-26 12:04 --------- d-----w c:\program files\Java
2008-11-25 19:38 --------- d-----w c:\documents and settings\yves\Application Data\Skype
2008-11-25 18:08 --------- d-----w c:\documents and settings\yves\Application Data\skypePM
2008-11-10 14:09 --------- d-----w c:\program files\Gravity
2008-11-08 00:01 --------- d--h--w c:\documents and settings\yves\Application Data\ijjigame
2008-11-01 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-01 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:38 --------- d-----w c:\program files\particleIllusion 3.0 demo
2008-10-30 20:33 --------- d-----w c:\program files\LRose
2008-10-28 21:25 --------- d-----w c:\documents and settings\yves\Application Data\teamspeak2
2008-10-15 15:12 --------- d-----w c:\program files\Common Files
2008-10-15 15:09 --------- d-----w c:\program files\Logitech
2008-08-18 10:55 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-08-18 10:55 2,272 ----a-w c:\windows\system32\w95inf16.dll
2006-06-15 18:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 543232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"BDMCon"="c:\program files\Softwin\BitDefender9\bdmcon.exe" [2008-06-09 372736]
"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
"BDNewsAgent"="c:\program files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 9728]
"BDSwitchAgent"="c:\program files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 33280]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-04-05 32768]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Enregistrement de produit Logitech.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\yves\\Bureau\\CabalTemp\\ESTSetupLoader.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\source sdk base\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\trackdofus\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-07-09 142656]
R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-07-09 94976]
R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-07-09 273152]
R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-07-09 7168]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-06-14 576680]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-10-26 98488]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d:\ctrun\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158c02ba-b5a0-11dd-aacd-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a941771-b3f3-11dd-aac6-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9d93a0-571f-11dd-aa07-000e2e90506a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lancer_L'ANIMATION.HTM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbdda7fc-bab5-11dd-aad4-000e2e90506a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-11-29 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]

2008-11-28 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-04 19:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-StandardInstall - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
FF -: plugin - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 03:22:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2008-11-30 3:23:09
ComboFix-quarantined-files.txt 2008-11-30 02:23:07

Avant-CF: 223 100 600 320 octets libres
Après-CF: 223,982,174,208 octets libres

280
0
Réponse 20 / 45
Mmsl35_ Messages postés 1865 Statut Membre 242
 
ah oui efficace, il en reste O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe c'est resté donc un coup de MAB va supprimer ce trojan?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses