Sujet Précédent Sujet Suivant

Virus

Flore -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonsoir,

Mon ordinateur est infesté de virus et je suis archi nulle. J'ai téléchargé hijackthis comme je l'ai lu sur votre forum et voici le comte rendu

Merci de m'aider

Flore

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:40, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\hpha2mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\utilisateur\local settings\application data\isyko.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\A360\av360.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\utilisateur\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\utilisateur\Bureau\HiJackThis.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
A voir également:

13 réponses

Réponse 1 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
le rapport est incomplet!

analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\Program Files\A360\av360.exe

_________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 13
kduc Messages postés 1537 Statut Membre 133
 
Salut

Il manque une grosse partie de ton rapport HijackThis !

-------
C:\Program Files\Adobe\Acrobat 7.0 <--

Plusieurs vulnérabilités ont été identifiées dans Adobe Reader et Acrobat, elles pourraient être exploitées par des attaquants afin de causer un déni de service, obtenir des privilèges élevés, manipuler certaines données ou compromettre un système vulnérable.

Produits Affectés :

Adobe Reader version 8.1.2 et inférieures
Adobe Acrobat Professional version 8.1.2 et inférieures
Adobe Acrobat 3D version 8.1.2 et inférieures
Adobe Acrobat Standard version 8.1.2 et inférieures

Solution :

Installer la version 8.1.3 ou 9
https://get2.adobe.com/reader/otherversions/

-----
Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
puis, lance un scan complet et poste le rapport.

PS : pour supprimer les infections, choisis l'option Supprimer la sélection.
0
Réponse 3 / 13
kduc Messages postés 1537 Statut Membre 133
 
....

A360\av360.exe <-- clone de Norton !
0
Réponse 4 / 13
Flore
 
Merci voici les raprts suite au RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2008-12-18 22:32:07
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 17 GB (15%) free of 114 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:35, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\hpha2mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\fxstaller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\utilisateur\local settings\application data\isyko.exe
C:\Program Files\A360\av360.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5A8DFDF7-C1E4-2ADF-714B-5A91ED84DA1E} - C:\DOCUME~1\UTILIS~1\APPLIC~1\NAMELO~1\GLUETRAY.exe (file missing)
O2 - BHO: (no name) - {69AD3779-EA11-59B2-D750-64550DA7786E} - C:\WINDOWS\System32\czfp.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayxwVMF.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {524cadde-dec9-3468-ac04-580bbc0af93b} - {b39fa0cb-b085-40ca-8643-9cededdac425} - C:\WINDOWS\system32\mpgsym.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {E0BAF80C-73FB-47AA-9ACE-C434AA8DFA1D} - C:\WINDOWS\system32\xxyxVNgH.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [win-xp] winis.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe
O4 - HKLM\..\Run: [chic hole copy part] C:\Documents and Settings\All Users\Application Data\deaf real chic hole\This Data.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [win-xp] winis.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BLUE SOFT] C:\DOCUME~1\UTILIS~1\APPLIC~1\OPENFO~1\mp3 about.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [isyko] "c:\documents and settings\utilisateur\local settings\application data\isyko.exe" isyko
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [01109454177606368297297935689520] C:\Program Files\A360\av360.exe
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19dd43d9c0f0eb72d820/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11984/CD/StarsDuPorn.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
O20 - Winlogon Notify: yayxwVMF - C:\WINDOWS\SYSTEM32\yayxwVMF.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 6 / 13
flore
 
Bonjour

J'ai effectué le combofix, par contre du coup l'antivirus 360 est installé sur mon bureau. Est ce normal ?
Voici le rapport :
ComboFix 08-12-18.01 - utilisateur 2008-12-19 0:42:30.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.481 [GMT 1:00]
Running from: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\UTILIS~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\utilisateur\Local Settings\Application Data\isyko.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\isyko.exe
c:\documents and settings\utilisateur\Local Settings\Application Data\isyko_nav.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\isyko_navps.dat
c:\program files\montorgueil
c:\program files\montorgueil\14.03888
c:\program files\montorgueil\StarsDuPorn\StarsDuPorn.ico
c:\program files\montorgueil\VideoSexe\VideoSexe.ico
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\fxstaller.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\aWOGWPjG.dll
c:\windows\system32\awttqpqR.dll
c:\windows\system32\awtuUmMF.dll
c:\windows\system32\byXRhIXN.dll
c:\windows\system32\ddcBSkIx.dll
c:\windows\system32\ddcyVmjg.dll
c:\windows\system32\dlzfua.dll
c:\windows\system32\efcBsPGw.dll
c:\windows\system32\efCstTmn.dll
c:\windows\system32\fccCstQH.dll
c:\windows\system32\fCrrOHwu.dll
c:\windows\system32\HgNVxyxx.ini
c:\windows\system32\HgNVxyxx.ini2
c:\windows\system32\hronfaak.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\iifcdCTk.dll
c:\windows\system32\iifeccYo.dll
c:\windows\system32\iiffDUop.dll
c:\windows\system32\ikhphccs.dll
c:\windows\system32\khFVnKaa.dll
c:\windows\system32\kidocwew.dll
c:\windows\system32\lgyjvfcb.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJcaYRH.dll
c:\windows\system32\mpgsym.dll
c:\windows\system32\nnnlklml.dll
c:\windows\system32\nnnnOGAQ.dll
c:\windows\system32\opNhGaax.dll
c:\windows\system32\opnolLef.dll
c:\windows\system32\paksmpjl.dll
c:\windows\system32\pmnligFY.dll
c:\windows\system32\qhsndihq.dll
c:\windows\system32\qjmgdb.dll
c:\windows\system32\qoMfGvvW.dll
c:\windows\system32\rbbodm.dll
c:\windows\system32\rQHWOHYO.dll
c:\windows\system32\rqRKBTJY.dll
c:\windows\system32\rqRLEVnm.dll
c:\windows\system32\tuVLFyYs.dll
c:\windows\system32\urqnOGyx.dll
c:\windows\system32\urqOFwwx.dll
c:\windows\system32\vtUlMeed.dll
c:\windows\system32\winsrc.dll
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\wintit.exe
c:\windows\system32\wvUOHXPi.dll
c:\windows\system32\xxyvsTnL.dll
c:\windows\system32\xxyxUomm.dll
c:\windows\system32\xxyxVNgH.dll
c:\windows\system32\xxyxWOHY.dll
c:\windows\system32\yayvSjIy.dll
c:\windows\system32\yayWQhhg.dll
c:\windows\system32\yayXOEXp.dll
c:\windows\system32\yayxwVMF.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-18 22:32 . 2008-12-18 22:34 <REP> d----c--- C:\rsit
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\Malwarebytes
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 22:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 22:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 20:18 . 2008-12-18 20:26 1,668,489 ---hs---- c:\windows\system32\bcfvjygl.ini
2008-12-17 19:51 . 2008-12-18 20:18 1,668,480 ---hs---- c:\windows\system32\mbvsbumj.ini
2008-12-17 19:15 . 2008-12-19 00:35 48,640 -----c--- C:\bluz.exe
2008-12-16 10:32 . 2008-12-18 20:30 <REP> d-------- c:\program files\Spyware Doctor
2008-12-16 10:32 . 2008-12-16 10:32 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\PC Tools
2008-12-16 10:32 . 2008-12-19 00:57 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 10:32 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-16 10:32 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-16 10:32 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-16 10:32 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-16 08:54 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\ljpmskap.ini
2008-12-15 19:01 . 2008-12-15 19:05 <REP> d-------- c:\program files\A360
2008-12-15 07:38 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\uaidhnle.ini
2008-12-15 07:31 . 2008-12-16 09:57 48,640 -----c--- C:\waxx.exe
2008-12-08 00:24 . 2008-12-08 00:24 <REP> d----c--- C:\ConvertTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 21:11 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-16 18:02 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-12 12:28 --------- d-----w c:\program files\Microsoft Money
2008-12-12 11:33 --------- dc----w c:\documents and settings\utilisateur\Application Data\AdobeUM
2008-11-27 21:21 --------- d-----w c:\program files\World of Warcraft
2008-11-17 19:29 --------- d-----w c:\program files\VideoLAN
2008-11-05 13:27 --------- d-----w c:\program files\Chevaliers&Camelots
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-03-09 14:13 47,344 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-05-31 20:35 1 -c--a-w c:\documents and settings\utilisateur\SI.bin
1998-09-29 11:56 10,000 -c--a-w c:\windows\inf\unregpn.exe
2002-08-30 12:00 94,864 -csh--w c:\windows\twain.dll
2004-08-19 23:09 50,688 --sh--w c:\windows\twain_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1997-11-13 35840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
"01109454177606368297297935689520"="c:\program files\A360\av360.exe" [2008-12-15 2027520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-08-12 335872]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPHA2MON"="c:\windows\System32\hpha2mon.exe" [2000-08-18 69632]
"hpfsched"="c:\windows\hpfsched.exe" [2000-08-18 36864]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-08-18 192512]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-19 180269]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll mpgsym.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\3DO\\Heroes3\\H3blade.icd"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-12 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-12 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-12 76040]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]
R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2004-04-25 18953]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\Fadpu16E.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{241090fc-bb09-11dc-8246-0007cb0000ff}]
\Shell\AutoRun\command - F:\AutoTransfer.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{5A8DFDF7-C1E4-2ADF-714B-5A91ED84DA1E} - c:\docume~1\UTILIS~1\APPLIC~1\NAMELO~1\GLUETRAY.exe
BHO-{69AD3779-EA11-59B2-D750-64550DA7786E} - c:\windows\System32\czfp.dll
BHO-{b39fa0cb-b085-40ca-8643-9cededdac425} - c:\windows\system32\mpgsym.dll
BHO-{C9362531-B21C-40D1-A756-88DA446ACD7B} - c:\windows\system32\xxyxVNgH.dll
HKCU-Run-BLUE SOFT - c:\docume~1\UTILIS~1\APPLIC~1\OPENFO~1\mp3 about.exe
HKCU-Run-isyko - c:\documents and settings\utilisateur\local settings\application data\isyko.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-win-xp - winis.exe
HKCU-RunServices-win-xp - winis.exe
HKLM-Run-chic hole copy part - c:\documents and settings\All Users\Application Data\deaf real chic hole\This Data.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKLM-Run-win-xp - winis.exe
HKLM-RunServices-win-xp - winis.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 00:55:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
c:\program files\Sony Corporation\Image Transfer\SonyTray.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\program files\Nikon\PictureProject\NkbMonitor.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-19 1:01:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 00:01:25

Pre-Run: 17ÿ611ÿ128ÿ832 octets libres
Post-Run: 18,831,249,408 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

266 --- E O F --- 2008-12-12 12:38:27

Merci

Flore
0
Réponse 7 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

______________

puis remets un rapport RSIT
0
Réponse 8 / 13
flore
 
Bonjour

Merci pour toutes ses manip

Voici le rapport usbfix

-------------- UsbFix V2.413.6 ---------------

* User : utilisateur - UTILISAT-8VQA60
* Outils mis a jours le 21/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 11:36:48 le 22/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur de CD-ROM

+- Contenu de l'autorun : D:\autorun.inf

[autorun]
open=RunGame.exe
Icon=LFP2005.ico
Name=LFP MANAGER 2005

[Special]
Disk=2

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[03/04/2004 17:48][--a--c---] C:\AUTOEXEC.BAT
[24/10/2004 20:02][-rahs----] C:\NTDETECT.COM
[24/05/2001 12:59][--a--c---] C:\UNWISE.EXE
[19/12/2008 00:40][-rahsc---] C:\boot.ini
[19/12/2008 01:01][--a--c---] C:\ComboFix.txt
[19/12/2008 01:01][--a--c---] C:\OCR_DOC.TXT
[19/12/2008 01:01][--a--c---] C:\UsbFix.txt
[19/12/2008 01:01][--a--c---] C:\xscan.txt
[03/04/2004 17:48][--a--c---] C:\CONFIG.SYS
[03/04/2004 17:48][--a--c---] C:\IO.SYS
[03/04/2004 17:48][--a--c---] C:\MSDOS.SYS
[03/04/2004 17:48][--a--c---] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM

+- Listing des fichiers présents :

[16/09/2004 11:19][-r-------] D:\LFP2005.EXE
[16/09/2004 11:19][-r-------] D:\RunGame.exe
[27/07/2004 09:20][-r-------] D:\ai.ini
[27/07/2004 09:20][-r-------] D:\common.ini
[27/07/2004 09:20][-r-------] D:\locale.ini
[27/07/2004 09:20][-r-------] D:\product.ini
[27/07/2004 09:20][-r-------] D:\sku.ini
[27/07/2004 09:20][-r-------] D:\stream.ini
[27/07/2004 09:20][-r-------] D:\user.ini
[16/09/2004 14:02][-r-------] D:\autorun.inf
[16/09/2004 14:06][-r-------] D:\SECDRV.SYS

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
01109454177606368297297935689520=C:\Program Files\A360\av360.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ATIModeChange=Ati2mdxx.exe
ATIPTA=C:\ATI-CPanel\atiptaxx.exe
NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
HPHA2MON=C:\WINDOWS\System32\hpha2mon.exe
HPDJ Taskbar Utility=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
YeppStudioAgent=C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{241090fc-bb09-11dc-8246-0007cb0000ff}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf
Echec de la supression !! - [06/07/2004 11:41] D:\msvcr71.dll
Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf
Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[03/04/2004 17:48][--a--c---] C:\AUTOEXEC.BAT
[24/10/2004 20:02][-rahs----] C:\NTDETECT.COM
[24/05/2001 12:59][--a--c---] C:\UNWISE.EXE
[19/12/2008 00:40][-rahsc---] C:\boot.ini
[16/09/2004 11:19][-r-------] D:\LFP2005.EXE
[16/09/2004 11:19][-r-------] D:\RunGame.exe
[27/07/2004 09:20][-r-------] D:\ai.ini
[27/07/2004 09:20][-r-------] D:\common.ini
[27/07/2004 09:20][-r-------] D:\locale.ini
[27/07/2004 09:20][-r-------] D:\product.ini
[27/07/2004 09:20][-r-------] D:\sku.ini
[27/07/2004 09:20][-r-------] D:\stream.ini
[27/07/2004 09:20][-r-------] D:\user.ini
[16/09/2004 14:02][-r-------] D:\autorun.inf

--------------- ! Fin du rapport ! ----------------

A plus

flore
0
Réponse 9 / 13
flore
 
Re bonjour

Voici le nouveau rapport RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2008-12-22 11:46:29
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 18 GB (16%) free of 114 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:46, on 22/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [01109454177606368297297935689520] C:\Program Files\A360\av360.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 10 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
dis moi c'est quoi le disque F????
_______________

analyse les 6 fichiers suivants et si infecté(ou si o sizes) tu les rajoutes dans la partie file: de la procedure suivante

https://www.virustotal.com/gui/

c:\windows\system32\bcfvjygl.ini
c:\windows\system32\mbvsbumj.ini
C:\bluz.exe
c:\windows\system32\ljpmskap.ini
c:\windows\system32\uaidhnle.ini
C:\waxx.exe

________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\program files\A360\av360.exe
c:\program files\A360

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"01109454177606368297297935689520"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis ou RSIt et dis tes soucis actuels

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

et comme je ne serai pas dispo ce jour:

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 11 / 13
flore
 
Bonjour

Voici le rapport combofix

ComboFix 08-12-18.01 - utilisateur 2008-12-22 19:22:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.626 [GMT 1:00]
Running from: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\utilisateur\Bureau\CFscript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\bluz.exe
c:\program files\A360
c:\program files\A360\av360exe
C:\waxx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\utilisateur\Bureau\Antivirus 360.lnk
c:\documents and settings\utilisateur\Menu D‚marrer\Antivirus 360
c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Antivirus 360.lnk
c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Help.lnk
c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Registration.lnk

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 11:01 . 2008-12-22 11:38 <REP> d-------- c:\program files\UsbFix
2008-12-18 22:32 . 2008-12-18 22:34 <REP> d----c--- C:\rsit
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\Malwarebytes
2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 22:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 22:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 20:18 . 2008-12-18 20:26 1,668,489 ---hs---- c:\windows\system32\bcfvjygl.ini
2008-12-17 19:51 . 2008-12-18 20:18 1,668,480 ---hs---- c:\windows\system32\mbvsbumj.ini
2008-12-16 10:32 . 2008-12-22 11:12 <REP> d-------- c:\program files\Spyware Doctor
2008-12-16 10:32 . 2008-12-16 10:32 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\PC Tools
2008-12-16 10:32 . 2008-12-22 18:59 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 10:32 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-16 10:32 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-16 10:32 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-16 10:32 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-16 08:54 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\ljpmskap.ini
2008-12-15 19:01 . 2008-12-20 11:54 <REP> d-------- c:\program files\A360
2008-12-15 07:38 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\uaidhnle.ini
2008-12-08 00:24 . 2008-12-08 00:24 <REP> d----c--- C:\ConvertTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 12:27 --------- d-----w c:\program files\Microsoft Money
2008-12-18 21:11 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-16 18:02 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-12 11:33 --------- dc----w c:\documents and settings\utilisateur\Application Data\AdobeUM
2008-11-27 21:21 --------- d-----w c:\program files\World of Warcraft
2008-11-17 19:29 --------- d-----w c:\program files\VideoLAN
2008-11-05 13:27 --------- d-----w c:\program files\Chevaliers&Camelots
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ------w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-09 14:13 47,344 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2007-05-31 20:35 1 -c--a-w c:\documents and settings\utilisateur\SI.bin
1998-09-29 11:56 10,000 -c--a-w c:\windows\inf\unregpn.exe
2002-08-30 12:00 94,864 -csh--w c:\windows\twain.dll
2004-08-19 23:09 50,688 --sh--w c:\windows\twain_32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_ 1.00.24.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 00:48:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1997-11-13 35840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-08-12 335872]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPHA2MON"="c:\windows\System32\hpha2mon.exe" [2000-08-18 69632]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-08-18 192512]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-19 180269]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll mpgsym.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\3DO\\Heroes3\\H3blade.icd"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-12 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-12 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-12 76040]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]
R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2004-04-25 18953]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\Fadpu16E.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-18 38496]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-01109454177606368297297935689520 - c:\program files\A360\av360.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 19:27:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-22 19:29:58
ComboFix-quarantined-files.txt 2008-12-22 18:29:02
ComboFix2.txt 2008-12-19 00:01:33

Pre-Run: 18ÿ902ÿ679ÿ552 octets libres
Post-Run: 18,921,545,728 octets libres

197 --- E O F --- 2008-12-19 11:51:56
0
Réponse 12 / 13
flore
 
Voici le rapport RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2008-12-22 19:36:16
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 18 GB (16%) free of 114 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:23, on 22/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\hpha2mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 13 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore des problèmes???
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses