Virus msn nouvo ?

aToto -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
donc voila j'ai recut un message d'un de mes contact de msn je ne sais plus exactement la phrase extacte si cela reviens je l'a posterais dans mes souvenirs c'était une adress http:/myspc. je ne sais plus quoi et apres photo= mon adresse msn. j'ai cliqué betement dessu et iil m'a enmener sur un site vierge et jai telecharger le truc :s et depuis il envoit se message avec l'adresse du contact qui le recoit donc voila. quand j'avais finis de telecharger bitdefender dit que j'ai eu un trojan mais que mon ordinateur n'a pas été infecter pourtant a se jour j'ai fait une analyse de mon antivirus et quand je vais dans mon disk c il m'affiche c:\ous.exe trojan ..donc.
Je suis allé voir et je ne peut pas le suprimmer il me dit impossible de le lire à partir du fichier ou de la disquette source ... comment faire ? et comment savoir si il n'a en avait pas plusieurs de trojan dans le truc que j'ai telecharger ?
Configuration: Windows XP
Firefox 3.0.4

45 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par trojan est suspectée après avoir cliqué sur un lien reçu via la messagerie, conduisant au téléchargement et à l’apparition d’un fichier c:\ous.exe ainsi qu’à des envois non autorisés. Plusieurs intervenants recommandent d’éviter les scripts et d’utiliser des outils sûrs comme Malwarebytes, SDFix et HijackThis pour nettoyer, en restant prudent sur Combofix qui peut être dangereux. Des conseils évoquent aussi le changement du mot de passe principal et des méthodes de suppression manuelle via OTMoveIt ou la lecture des rapports pour confirmer l’élimination des menaces. En complément, des rapports HijackThis et ComboFix montrent une liste de processus et de fichiers rendus suspects, ce qui souligne l’importance de vérifier les répertoires temporaires et les éléments au démarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    @ Drhouse1998 :

    Tu es fort pour copier/coller des canned speech, mais est-ce que tu sais lire le rapport de Combofix ?

    Le script que tu demandes de faire sert à effacer ce fichier :
    c:\documents and settings\yves\local settings\temporary internet files\ijjistarter_verinfo.dat

    Or, si tu regardes le rapport Combofix, tu verras qu'il l'a déjà supprimé (il est dans la partie "autre suppression")...

    De plus, Combofix est dangereux, et les scripts le sont encore plus, une petite erreur peut créer de gros problèmes...
    Il y a des moyens plus simples pour supprimer un fichier !

    Plutôt que de demander un scan avec Combofix alors que tu ne le maitrises pas, utilise d'autres programmes (SDFix comme tu l'as dit, ou MalwareBytes)... Et si un fichier apparait encore sur un rapport : suppression manuelle avec OTMoveIt + fixer la ligne avec hijackthis

    2
    1. Mmsl35_ Messages postés 1865 Statut Membre 243
       
      ce qui me semblait il avait l'air d'etre supprimé!
      0
  2. Mmsl35_ Messages postés 1865 Statut Membre 243
     
    la solution pour ne plus recevoir des messages de ton genre est de changer ton mot de passe principal!utilisé pour window live messenger.

    >>>>>>Envoie un log hijackthis -- stp

    F - Hijackthis - Outil de diagnostic et réparation
    télécharge HijackThis ici:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
    https://kerio.probb.fr/
    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    1
  3. Utilisateur anonyme
     
    Hi,

    Cela ne le supprimera pas le trojan en la fixant...............

    Alut.
    1
    1. Mmsl35_ Messages postés 1865 Statut Membre 243
       
      ça evite juste qu'il s'éxécute? ça le supprime de la liste c'est tout ? je me trompe?
      0
      1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > Mmsl35_ Messages postés 1865 Statut Membre
         
        "ça evite juste qu'il s'éxécute?"

        Oui mais ça ne fonctionne pas toujours... Et même si c'est le cas, le fichier est toujours la.
        Par contre, ça gêne la désinfection parce que ça empêche ensuite de voir si les autres outils de désinfection utilisés ont été efficaces (puisque la ligne n'apparait plus)


        0
  4. aToto
     
    est ce grave si il se met direct sur mon bureau hijackthis ? si ui je ne sais pas comment faire pour le mettre directement sur mon disk c: il arrive sans etre comprésser .. alors que jai winrar autrement si sais nn mon rappport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:33:43, on 30/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\V0380Mon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\yves\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. twister2 Messages postés 223 Statut Membre 44
     
    salu atoto

    tu a un trojan ;
    O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
    suprime cette ligne avec hijack .@t2
    0
  7. aToto
     
    que doit je faire alors ? :s
    pour info je ne sais pas comment on fait pour enlever la ligne avec hijack :s
    0
  8. Utilisateur anonyme
     
    Hi,

    ==>Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ==>Double clique sur RSIT.exe pour lancer l'outil.

    ==>Clique sur ' continue ' à l'écran Disclaimer.

    ==>Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  9. aToto
     
    rapport info :

    info.txt logfile of random's system information tool 1.04 2008-11-30 02:52:34

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove
    Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
    aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
    Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Archlord Episode 3-->"C:\Program Files\Codemasters\Archlord\unins000.exe"
    BitDefender 9 Professional Plus-->MsiExec.exe /I{0F7F74EE-0EB4-4133-A9C4-C242C6EFD087}
    Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    CABAL Online v3.3-->"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\unins000.exe"
    Calendrier de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c /remove
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Club Internet Agent Wi-Fi V2.1-->C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\uninstall.exe
    Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
    Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
    Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove
    Creative Live! Cam Doodling-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x40c /remove
    Creative Live! Cam FX Creator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x40c /remove
    Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove
    Creative Live! Cam Optia Pro Driver (1.00.06.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0380.uns -plugin V0380Pin.dll -pluginres CtCamPin.crl
    Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    DebugMode Wax 2.0-->"C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
    Decal Converter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe"
    Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe
    erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
    FLV Player-->C:\Program Files\FLV Player\uninstall.exe
    Folder Security Guard-->"C:\Program Files\FolderSecurityGuard\unins000.exe"
    Football Manager 2009 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10570
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    Gestionnaire de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
    Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
    Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
    Gravity Ragnarok-->"C:\Program Files\Gravity\Ragnarok_france\uninstall.exe"
    Guide de l'utilisateur Creative Live! Cam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c /remove
    Gunbound-->"C:\Program Files\GOA\unins000.exe"
    Half-Life-->C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG
    HijackThis 2.0.2-->"C:\Documents and Settings\yves\Bureau\HijackThis.exe" /uninstall
    HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
    ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
    ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
    iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
    Ivalice Launcher Version 11-->"C:\Program Files\World of Warcraft\unins000.exe"
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    JkDefrag 3.36-->"C:\Program Files\JkDefrag\unins000.exe"
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    LRose_775_775-->"C:\Program Files\LRose\unins000.exe"
    LRose_776_776-->"C:\Program Files\LRose\unins001.exe"
    Ma-Config.com-->MsiExec.exe /X{B312D12A-0320-4462-B6F7-C9B69EB3DB5C}
    MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MP Manager-->MsiExec.exe /X{7DE4B31F-651E-4773-8DD4-399E7E58477E}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    muveeNow 2.0 - Creative-->C:\Program Files\InstallShield Installation Information\{B0F64C44-DC77-497D-9A27-C0F5BAB12493}\setup.exe -runfromtemp -l0x040c -removeonly
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe"
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Programme d'installation Atheros Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.EXE" -l0x40c -removeonly
    QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    Rappelz-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A8838A-9469-425F-A5FB-FC14D4CF93B9}\setup.exe" -l0x40c -removeonly
    SiSoftware Sandra Lite 2009-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\unins000.exe"
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SMPlayer 0.6.0final-->"C:\Program Files\SMPlayer\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam(TM)-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
    SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    Talk to Me-->"C:\TALK TO ME 5.0\BIN\unsetup.exe" -file "C:\TALK TO ME 5.0\unsetup.aui"
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
    Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

    ======Hosts File======

    127.0.0.1 localhost
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 a9rhiwa.cn #[Google.Warning]
    127.0.0.1 www.a9rhiwa.cn
    127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
    127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
    127.0.0.1 phpadsnew.abac.com
    127.0.0.1 a.abnad.net
    127.0.0.1 b.abnad.net

    ======Security center information======

    AV: BitDefender 9 Professional Plus
    FW: BitDefender 9 Professional Plus

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=6b02
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009

    -----------------EOF-----------------
    0
  10. aToto
     
    rapport log :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by yves at 2008-11-30 02:52:31
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 213 GB (70%) free of 305 GB
    Total RAM: 2047 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:52:33, on 30/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\V0380Mon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\yves\Bureau\HiJackThis.exe
    C:\Documents and Settings\yves\Bureau\RSIT.exe
    C:\Documents and Settings\yves\Bureau\yves.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
    1. Mmsl35_ Messages postés 1865 Statut Membre 243
       
      O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
      le trojan est toujours la!
      0
  11. Utilisateur anonyme
     
    Hi,

    passe ceci:

    Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

    Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici : TUTO
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
    0
  12. Utilisateur anonyme
     
    Hi,

    RSIT et un outil de diagnostic.

    Alut.
    0
  13. Utilisateur anonyme
     
    Hi,

    tu ne supprime que la clé pas le dossier.

    Alut.
    0
    1. Mmsl35_ Messages postés 1865 Statut Membre 243
       
      oui on n'enleve la clé du registre, il ne sera plus executé c'est de ça!

      donc combofix est a la suite de RSIT, il supprime le trojan?

      et aussi supprimer ça!O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      0
  14. Utilisateur anonyme
     
    Hi,

    Non rsit et un "complement" si je puis dire il vas plus en profondeur.

    Ensuite combofix et très dangereux dans son utlisation mais avec lui on est a peu prés sur que rien n'est présent sur le pc.

    Aussi j'aurait put passer SDFIX .

    Alut.
    0
  15. aToto
     
    alors voila ^^

    ComboFix 08-11-29.03 - yves 2008-11-30 3:17:17.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1482 [GMT 1:00]
    Lancé depuis: c:\documents and settings\yves\Bureau\C-Fix.exe
    * Un nouveau point de restauration a été créé
    * Resident AV is active

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\yves\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
    C:\InfoSat.txt
    c:\program files\INSTALL.LOG
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-30 02:52 . 2008-11-30 02:52 <REP> d-------- C:\rsit
    2008-11-30 00:43 . 2008-11-30 00:43 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-11-30 00:16 . 2008-11-25 20:44 48,690 --a------ c:\windows\fxstaller.MSNFix
    2008-11-30 00:16 . 2008-11-30 00:16 26,162 --a------ C:\ous.exe
    2008-11-26 13:04 . 2008-11-26 13:04 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-24 19:06 . 2008-11-27 22:54 <REP> d-------- c:\program files\JkDefrag
    2008-11-24 19:06 . 2008-09-02 15:49 253,952 --a------ c:\windows\system32\JkDefragScreenSaver.exe
    2008-11-24 19:06 . 2008-09-02 15:49 106,496 --a------ c:\windows\system32\JkDefragScreenSaver.scr
    2008-11-23 12:40 . 2008-11-23 18:39 <REP> d-------- c:\program files\PhotoFiltre Studio
    2008-11-23 12:40 . 2008-11-23 12:40 45 ---h----- c:\windows\dsez3205.dat
    2008-11-20 22:05 . 2008-11-20 22:20 <REP> d-------- c:\program files\MediaCoder
    2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\eRightSoft
    2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\AviSynth 2.5
    2008-11-20 21:04 . 2008-11-20 21:04 <REP> d-------- c:\program files\YouTUBE (TM) movie downloader
    2008-11-20 20:54 . 2008-11-20 20:54 <REP> d-------- c:\program files\FLV Player
    2008-11-16 16:30 . 2008-11-16 21:54 <REP> d-------- c:\documents and settings\yves\Application Data\MP-Manager
    2008-11-16 16:29 . 2008-11-16 16:29 <REP> d-------- c:\program files\MPMAN
    2008-11-15 11:37 . 2008-11-15 11:37 <REP> d-------- c:\program files\Codemasters
    2008-11-14 20:18 . 2008-11-14 20:19 <REP> d-------- c:\documents and settings\yves\Application Data\Sports Interactive
    2008-11-14 20:18 . 2008-11-14 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
    2008-11-14 20:18 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
    2008-11-14 20:17 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
    2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\windows\Logs
    2008-11-14 10:54 . 2008-11-29 23:59 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
    2008-11-12 14:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
    2008-11-12 14:31 . 2008-11-12 14:33 <REP> d-------- c:\program files\TmNationsForever
    2008-11-08 23:29 . 2008-11-10 23:33 <REP> d-------- c:\program files\mIRC
    2008-11-08 23:29 . 2008-11-10 23:39 <REP> d-------- c:\documents and settings\yves\Application Data\mIRC
    2008-11-07 23:29 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
    2008-11-06 20:47 . 2008-11-06 20:47 <REP> d-------- c:\documents and settings\jessica\Application Data\Logitech
    2008-11-01 14:04 . 2008-11-01 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2008-11-01 13:43 . 2008-11-01 13:43 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2008-11-01 12:58 . 2001-10-26 23:16 16,384 --a------ c:\windows\system32\FileOps.exe
    2008-11-01 12:56 . 2008-11-01 12:56 <REP> d-------- c:\windows\Adobe Illustrator CS
    2008-10-28 22:37 . 2008-10-28 22:37 <REP> d-------- c:\program files\aMSN
    2008-10-28 22:37 . 2008-11-26 19:34 <REP> d-------- c:\documents and settings\yves\amsn
    2008-10-27 00:10 . 2008-10-27 07:05 <REP> d-------- c:\windows\SxsCaPendDel
    2008-10-27 00:08 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\fr-FR
    2008-10-27 00:05 . 2008-10-27 00:05 <REP> d-------- c:\program files\MSBuild
    2008-10-27 00:02 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\XPSViewer
    2008-10-27 00:02 . 2008-10-27 00:02 <REP> d-------- c:\program files\Reference Assemblies
    2008-10-27 00:01 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2008-10-26 23:44 . 2008-10-26 23:44 <REP> d-------- C:\Logs
    2008-10-26 21:30 . 2008-10-26 21:30 <REP> d-------- c:\program files\SiSoftware
    2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Sonic Foundry
    2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Pure Motion
    2008-10-24 16:59 . 2008-10-24 16:59 <REP> d-------- c:\program files\DebugMode
    2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\program files\Fichiers communs\HP
    2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
    2008-10-24 10:45 . 2008-10-24 10:45 <REP> d-------- c:\program files\Hewlett-Packard
    2008-10-24 10:44 . 2008-10-24 10:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
    2008-10-24 10:43 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
    2008-10-24 10:43 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
    2008-10-24 10:42 . 2004-12-14 17:06 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
    2008-10-24 10:34 . 2004-09-29 11:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
    2008-10-24 10:34 . 2004-09-29 11:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
    2008-10-24 10:34 . 2004-09-29 11:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
    2008-10-24 10:34 . 2004-09-29 11:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
    2008-10-24 10:34 . 2004-09-29 11:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
    2008-10-24 10:34 . 2004-09-29 11:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
    2008-10-24 10:33 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
    2008-10-24 10:30 . 2008-10-24 10:46 <REP> d-------- c:\program files\HP
    2008-10-24 10:29 . 2008-10-24 10:53 70,990 --a------ c:\windows\hpoins05.dat
    2008-10-24 10:29 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat
    2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2008-10-16 17:34 . 2008-10-16 17:34 <REP> d-------- c:\documents and settings\yves\Application Data\Yahoo!
    2008-10-15 16:14 . 2008-10-15 16:14 <REP> d-------- c:\documents and settings\yves\Application Data\Logitech
    2008-10-15 16:12 . 2008-10-17 14:45 <REP> d-------- c:\program files\Yahoo!
    2008-10-15 16:12 . 2008-10-15 16:12 <REP> d-------- c:\documents and settings\yves\Application Data\Leadertech
    2008-10-15 16:12 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-10-15 16:10 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
    2008-10-15 16:09 . 2008-10-15 16:12 <REP> d-------- c:\program files\Fichiers communs\Logishrd
    2008-10-15 16:09 . 2008-10-15 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
    2008-10-15 16:09 . 2007-11-15 09:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll
    2008-10-15 16:09 . 2007-11-15 09:07 170,512 --a------ c:\windows\system32\kemutb.dll
    2008-10-15 16:09 . 2007-11-15 09:07 141,840 --a------ c:\windows\system32\KemUtil.dll
    2008-10-15 16:09 . 2007-11-15 09:07 117,264 --a------ c:\windows\system32\KemWnd.dll
    2008-10-15 16:09 . 2007-11-15 09:07 76,304 --a------ c:\windows\system32\KemXML.dll
    2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
    2008-10-06 13:29 . 2008-11-23 18:51 <REP> d-------- c:\documents and settings\yves\Application Data\gtk-2.0
    2008-10-06 13:29 . 2008-10-06 13:29 <REP> d-------- c:\documents and settings\yves\.thumbnails
    2008-10-06 13:28 . 2008-11-23 18:58 <REP> d-------- c:\documents and settings\yves\.gimp-2.6
    2008-10-06 13:28 . 2008-10-06 13:28 <REP> d-------- c:\documents and settings\yves\.gegl-0.0
    2008-10-06 13:27 . 2008-10-06 13:27 <REP> d-------- c:\program files\Gimp-2.0
    2008-10-01 20:38 . 2008-11-10 00:39 <REP> d-------- c:\documents and settings\yves\Application Data\Mumble
    2008-10-01 20:37 . 2008-10-01 20:38 <REP> d-------- c:\program files\Mumble

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 02:20 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-11-29 23:19 --------- d-----w c:\program files\World of Warcraft
    2008-11-29 22:28 --------- d-----w c:\program files\Steam
    2008-11-28 15:55 --------- d-----w c:\documents and settings\yves\Application Data\LimeWire
    2008-11-28 05:44 --------- d-----w c:\documents and settings\yves\Application Data\uTorrent
    2008-11-26 12:04 --------- d-----w c:\program files\Java
    2008-11-25 19:38 --------- d-----w c:\documents and settings\yves\Application Data\Skype
    2008-11-25 18:08 --------- d-----w c:\documents and settings\yves\Application Data\skypePM
    2008-11-10 14:09 --------- d-----w c:\program files\Gravity
    2008-11-08 00:01 --------- d--h--w c:\documents and settings\yves\Application Data\ijjigame
    2008-11-01 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-01 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-31 10:38 --------- d-----w c:\program files\particleIllusion 3.0 demo
    2008-10-30 20:33 --------- d-----w c:\program files\LRose
    2008-10-28 21:25 --------- d-----w c:\documents and settings\yves\Application Data\teamspeak2
    2008-10-15 15:12 --------- d-----w c:\program files\Common Files
    2008-10-15 15:09 --------- d-----w c:\program files\Logitech
    2008-08-18 10:55 4,608 ----a-w c:\windows\system32\w95inf32.dll
    2008-08-18 10:55 2,272 ----a-w c:\windows\system32\w95inf16.dll
    2006-06-15 18:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 16:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 11:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
    "CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
    "ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
    "Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 543232]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
    "BDMCon"="c:\program files\Softwin\BitDefender9\bdmcon.exe" [2008-06-09 372736]
    "BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
    "BDNewsAgent"="c:\program files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 9728]
    "BDSwitchAgent"="c:\program files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 33280]
    "V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-04-05 32768]
    "nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\yves\Menu D‚marrer\Programmes\D‚marrage\
    Enregistrement de produit Logitech.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-15 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike\\hl.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\yves\\Bureau\\CabalTemp\\ESTSetupLoader.exe"=
    "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\condition zero\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\ijji\\ENGLISH\\u_gunz.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\day of defeat source\\hl2.exe"=
    "c:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=
    "c:\\Sierra\\Half-Life\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\source sdk base\\hl2.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\insurgency\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\aMSN\\bin\\wish.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-07-09 142656]
    R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-07-09 94976]
    R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-07-09 273152]
    R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-07-09 7168]
    S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-06-14 576680]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-10-26 98488]
    S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - d:\ctrun\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158c02ba-b5a0-11dd-aacd-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a941771-b3f3-11dd-aac6-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9d93a0-571f-11dd-aa07-000e2e90506a}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lancer_L'ANIMATION.HTM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbdda7fc-bab5-11dd-aad4-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2008-11-29 c:\windows\Tasks\HPpromotions journeysoftware.job
    - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]

    2008-11-28 c:\windows\Tasks\WebReg psc 2350 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-04 19:12]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    HKLM-Run-StandardInstall - (no file)

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
    FF -: plugin - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 03:22:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(532)
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
    .
    Heure de fin: 2008-11-30 3:23:09
    ComboFix-quarantined-files.txt 2008-11-30 02:23:07

    Avant-CF: 223 100 600 320 octets libres
    Après-CF: 223,982,174,208 octets libres

    280
    0
  16. Mmsl35_ Messages postés 1865 Statut Membre 243
     
    ok donc après quand ça sera fait !!tu demanderas un nouveu rapport hitjackis pour controler! puis corriger les lignes de registre inutile , tu utiliseras un logiciel du genre regcleaner ou cclenaer avec en plus le nettoyage des fichiers temporaire....
    0
  17. aToto
     
    mon nouvo rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:28:23, on 30/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\V0380Mon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\yves\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  18. Utilisateur anonyme
     
    Hi,

    et mon rapport de combofix?

    Alut.
    0
  19. aToto
     
    voila je l'avais poster juste avant ; )
    ComboFix 08-11-29.03 - yves 2008-11-30 3:17:17.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1482 [GMT 1:00]
    Lancé depuis: c:\documents and settings\yves\Bureau\C-Fix.exe
    * Un nouveau point de restauration a été créé
    * Resident AV is active

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\yves\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
    C:\InfoSat.txt
    c:\program files\INSTALL.LOG
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-30 02:52 . 2008-11-30 02:52 <REP> d-------- C:\rsit
    2008-11-30 00:43 . 2008-11-30 00:43 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2008-11-30 00:16 . 2008-11-25 20:44 48,690 --a------ c:\windows\fxstaller.MSNFix
    2008-11-30 00:16 . 2008-11-30 00:16 26,162 --a------ C:\ous.exe
    2008-11-26 13:04 . 2008-11-26 13:04 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-24 19:06 . 2008-11-27 22:54 <REP> d-------- c:\program files\JkDefrag
    2008-11-24 19:06 . 2008-09-02 15:49 253,952 --a------ c:\windows\system32\JkDefragScreenSaver.exe
    2008-11-24 19:06 . 2008-09-02 15:49 106,496 --a------ c:\windows\system32\JkDefragScreenSaver.scr
    2008-11-23 12:40 . 2008-11-23 18:39 <REP> d-------- c:\program files\PhotoFiltre Studio
    2008-11-23 12:40 . 2008-11-23 12:40 45 ---h----- c:\windows\dsez3205.dat
    2008-11-20 22:05 . 2008-11-20 22:20 <REP> d-------- c:\program files\MediaCoder
    2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\eRightSoft
    2008-11-20 21:10 . 2008-11-20 21:10 <REP> d-------- c:\program files\AviSynth 2.5
    2008-11-20 21:04 . 2008-11-20 21:04 <REP> d-------- c:\program files\YouTUBE (TM) movie downloader
    2008-11-20 20:54 . 2008-11-20 20:54 <REP> d-------- c:\program files\FLV Player
    2008-11-16 16:30 . 2008-11-16 21:54 <REP> d-------- c:\documents and settings\yves\Application Data\MP-Manager
    2008-11-16 16:29 . 2008-11-16 16:29 <REP> d-------- c:\program files\MPMAN
    2008-11-15 11:37 . 2008-11-15 11:37 <REP> d-------- c:\program files\Codemasters
    2008-11-14 20:18 . 2008-11-14 20:19 <REP> d-------- c:\documents and settings\yves\Application Data\Sports Interactive
    2008-11-14 20:18 . 2008-11-14 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
    2008-11-14 20:18 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
    2008-11-14 20:17 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
    2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\windows\Logs
    2008-11-14 10:54 . 2008-11-29 23:59 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
    2008-11-12 14:33 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
    2008-11-12 14:31 . 2008-11-12 14:33 <REP> d-------- c:\program files\TmNationsForever
    2008-11-08 23:29 . 2008-11-10 23:33 <REP> d-------- c:\program files\mIRC
    2008-11-08 23:29 . 2008-11-10 23:39 <REP> d-------- c:\documents and settings\yves\Application Data\mIRC
    2008-11-07 23:29 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
    2008-11-06 20:47 . 2008-11-06 20:47 <REP> d-------- c:\documents and settings\jessica\Application Data\Logitech
    2008-11-01 14:04 . 2008-11-01 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2008-11-01 13:43 . 2008-11-01 13:43 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2008-11-01 12:58 . 2001-10-26 23:16 16,384 --a------ c:\windows\system32\FileOps.exe
    2008-11-01 12:56 . 2008-11-01 12:56 <REP> d-------- c:\windows\Adobe Illustrator CS
    2008-10-28 22:37 . 2008-10-28 22:37 <REP> d-------- c:\program files\aMSN
    2008-10-28 22:37 . 2008-11-26 19:34 <REP> d-------- c:\documents and settings\yves\amsn
    2008-10-27 00:10 . 2008-10-27 07:05 <REP> d-------- c:\windows\SxsCaPendDel
    2008-10-27 00:08 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\fr-FR
    2008-10-27 00:05 . 2008-10-27 00:05 <REP> d-------- c:\program files\MSBuild
    2008-10-27 00:02 . 2008-10-27 00:08 <REP> d-------- c:\windows\system32\XPSViewer
    2008-10-27 00:02 . 2008-10-27 00:02 <REP> d-------- c:\program files\Reference Assemblies
    2008-10-27 00:01 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2008-10-26 23:44 . 2008-10-26 23:44 <REP> d-------- C:\Logs
    2008-10-26 21:30 . 2008-10-26 21:30 <REP> d-------- c:\program files\SiSoftware
    2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Sonic Foundry
    2008-10-24 17:00 . 2008-10-24 17:00 <REP> d-------- c:\program files\Pure Motion
    2008-10-24 16:59 . 2008-10-24 16:59 <REP> d-------- c:\program files\DebugMode
    2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\program files\Fichiers communs\HP
    2008-10-24 10:46 . 2008-10-24 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
    2008-10-24 10:45 . 2008-10-24 10:45 <REP> d-------- c:\program files\Hewlett-Packard
    2008-10-24 10:44 . 2008-10-24 10:44 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
    2008-10-24 10:43 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
    2008-10-24 10:43 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
    2008-10-24 10:42 . 2004-12-14 17:06 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
    2008-10-24 10:34 . 2004-09-29 11:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
    2008-10-24 10:34 . 2004-09-29 11:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
    2008-10-24 10:34 . 2004-09-29 11:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
    2008-10-24 10:34 . 2004-09-29 11:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
    2008-10-24 10:34 . 2004-09-29 11:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
    2008-10-24 10:34 . 2004-09-29 11:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
    2008-10-24 10:33 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
    2008-10-24 10:30 . 2008-10-24 10:46 <REP> d-------- c:\program files\HP
    2008-10-24 10:29 . 2008-10-24 10:53 70,990 --a------ c:\windows\hpoins05.dat
    2008-10-24 10:29 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat
    2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2008-10-24 10:21 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2008-10-16 17:34 . 2008-10-16 17:34 <REP> d-------- c:\documents and settings\yves\Application Data\Yahoo!
    2008-10-15 16:14 . 2008-10-15 16:14 <REP> d-------- c:\documents and settings\yves\Application Data\Logitech
    2008-10-15 16:12 . 2008-10-17 14:45 <REP> d-------- c:\program files\Yahoo!
    2008-10-15 16:12 . 2008-10-15 16:12 <REP> d-------- c:\documents and settings\yves\Application Data\Leadertech
    2008-10-15 16:12 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-10-15 16:11 . 2008-10-15 16:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-10-15 16:10 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
    2008-10-15 16:09 . 2008-10-15 16:12 <REP> d-------- c:\program files\Fichiers communs\Logishrd
    2008-10-15 16:09 . 2008-10-15 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
    2008-10-15 16:09 . 2007-11-15 09:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll
    2008-10-15 16:09 . 2007-11-15 09:07 170,512 --a------ c:\windows\system32\kemutb.dll
    2008-10-15 16:09 . 2007-11-15 09:07 141,840 --a------ c:\windows\system32\KemUtil.dll
    2008-10-15 16:09 . 2007-11-15 09:07 117,264 --a------ c:\windows\system32\KemWnd.dll
    2008-10-15 16:09 . 2007-11-15 09:07 76,304 --a------ c:\windows\system32\KemXML.dll
    2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
    2008-10-06 13:29 . 2008-11-23 18:51 <REP> d-------- c:\documents and settings\yves\Application Data\gtk-2.0
    2008-10-06 13:29 . 2008-10-06 13:29 <REP> d-------- c:\documents and settings\yves\.thumbnails
    2008-10-06 13:28 . 2008-11-23 18:58 <REP> d-------- c:\documents and settings\yves\.gimp-2.6
    2008-10-06 13:28 . 2008-10-06 13:28 <REP> d-------- c:\documents and settings\yves\.gegl-0.0
    2008-10-06 13:27 . 2008-10-06 13:27 <REP> d-------- c:\program files\Gimp-2.0
    2008-10-01 20:38 . 2008-11-10 00:39 <REP> d-------- c:\documents and settings\yves\Application Data\Mumble
    2008-10-01 20:37 . 2008-10-01 20:38 <REP> d-------- c:\program files\Mumble

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 02:20 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-11-29 23:19 --------- d-----w c:\program files\World of Warcraft
    2008-11-29 22:28 --------- d-----w c:\program files\Steam
    2008-11-28 15:55 --------- d-----w c:\documents and settings\yves\Application Data\LimeWire
    2008-11-28 05:44 --------- d-----w c:\documents and settings\yves\Application Data\uTorrent
    2008-11-26 12:04 --------- d-----w c:\program files\Java
    2008-11-25 19:38 --------- d-----w c:\documents and settings\yves\Application Data\Skype
    2008-11-25 18:08 --------- d-----w c:\documents and settings\yves\Application Data\skypePM
    2008-11-10 14:09 --------- d-----w c:\program files\Gravity
    2008-11-08 00:01 --------- d--h--w c:\documents and settings\yves\Application Data\ijjigame
    2008-11-01 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-01 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-31 10:38 --------- d-----w c:\program files\particleIllusion 3.0 demo
    2008-10-30 20:33 --------- d-----w c:\program files\LRose
    2008-10-28 21:25 --------- d-----w c:\documents and settings\yves\Application Data\teamspeak2
    2008-10-15 15:12 --------- d-----w c:\program files\Common Files
    2008-10-15 15:09 --------- d-----w c:\program files\Logitech
    2008-08-18 10:55 4,608 ----a-w c:\windows\system32\w95inf32.dll
    2008-08-18 10:55 2,272 ----a-w c:\windows\system32\w95inf16.dll
    2006-06-15 18:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 16:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 11:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
    "CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
    "ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
    "Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 543232]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
    "BDMCon"="c:\program files\Softwin\BitDefender9\bdmcon.exe" [2008-06-09 372736]
    "BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
    "BDNewsAgent"="c:\program files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 9728]
    "BDSwitchAgent"="c:\program files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 33280]
    "V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-04-05 32768]
    "nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\yves\Menu D‚marrer\Programmes\D‚marrage\
    Enregistrement de produit Logitech.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-15 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\counter-strike\\hl.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\yves\\Bureau\\CabalTemp\\ESTSetupLoader.exe"=
    "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\condition zero\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\ijji\\ENGLISH\\u_gunz.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\day of defeat source\\hl2.exe"=
    "c:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=
    "c:\\Sierra\\Half-Life\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\source sdk base\\hl2.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\insurgency\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\trackdofus\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\aMSN\\bin\\wish.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-07-09 142656]
    R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-07-09 94976]
    R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-07-09 273152]
    R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-07-09 7168]
    S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-06-14 576680]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-10-26 98488]
    S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - d:\ctrun\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158c02ba-b5a0-11dd-aacd-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a941771-b3f3-11dd-aac6-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9d93a0-571f-11dd-aa07-000e2e90506a}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lancer_L'ANIMATION.HTM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbdda7fc-bab5-11dd-aad4-000e2e90506a}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2008-11-29 c:\windows\Tasks\HPpromotions journeysoftware.job
    - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]

    2008-11-28 c:\windows\Tasks\WebReg psc 2350 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-04 19:12]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    HKLM-Run-StandardInstall - (no file)

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
    FF -: plugin - c:\documents and settings\yves\Application Data\Mozilla\Firefox\Profiles\td86y5qc.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 03:22:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(532)
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
    .
    Heure de fin: 2008-11-30 3:23:09
    ComboFix-quarantined-files.txt 2008-11-30 02:23:07

    Avant-CF: 223 100 600 320 octets libres
    Après-CF: 223,982,174,208 octets libres

    280
    0
  20. Mmsl35_ Messages postés 1865 Statut Membre 243
     
    ah oui efficace, il en reste O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe c'est resté donc un coup de MAB va supprimer ce trojan?
    0
  • 1
  • 2
  • 3