Virus

Flore -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonsoir,

Mon ordinateur est infesté de virus et je suis archi nulle. J'ai téléchargé hijackthis comme je l'ai lu sur votre forum et voici le comte rendu

Merci de m'aider

Flore

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:40, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\hpha2mon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\utilisateur\local settings\application data\isyko.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\A360\av360.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\utilisateur\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\utilisateur\Bureau\HiJackThis.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 2684 bytes
Configuration: Windows XP
Internet Explorer 7.0

13 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    le rapport est incomplet!

    analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

    C:\Program Files\A360\av360.exe

    _________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. kduc Messages postés 1537 Statut Membre 133
     
    Salut

    Il manque une grosse partie de ton rapport HijackThis !

    -------
    C:\Program Files\Adobe\Acrobat 7.0 <--

    Plusieurs vulnérabilités ont été identifiées dans Adobe Reader et Acrobat, elles pourraient être exploitées par des attaquants afin de causer un déni de service, obtenir des privilèges élevés, manipuler certaines données ou compromettre un système vulnérable.

    Produits Affectés :

    Adobe Reader version 8.1.2 et inférieures
    Adobe Acrobat Professional version 8.1.2 et inférieures
    Adobe Acrobat 3D version 8.1.2 et inférieures
    Adobe Acrobat Standard version 8.1.2 et inférieures

    Solution :

    Installer la version 8.1.3 ou 9
    https://get2.adobe.com/reader/otherversions/

    -----
    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
    puis, lance un scan complet et poste le rapport.

    PS : pour supprimer les infections, choisis l'option Supprimer la sélection.
    0
  3. kduc Messages postés 1537 Statut Membre 133
     
    ....

    A360\av360.exe <-- clone de Norton !
    0
  4. Flore
     
    Merci voici les raprts suite au RSIT

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by utilisateur at 2008-12-18 22:32:07
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 17 GB (15%) free of 114 GB
    Total RAM: 1023 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:34:35, on 18/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\System32\hpha2mon.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\fxstaller.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\documents and settings\utilisateur\local settings\application data\isyko.exe
    C:\Program Files\A360\av360.exe
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5A8DFDF7-C1E4-2ADF-714B-5A91ED84DA1E} - C:\DOCUME~1\UTILIS~1\APPLIC~1\NAMELO~1\GLUETRAY.exe (file missing)
    O2 - BHO: (no name) - {69AD3779-EA11-59B2-D750-64550DA7786E} - C:\WINDOWS\System32\czfp.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayxwVMF.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: {524cadde-dec9-3468-ac04-580bbc0af93b} - {b39fa0cb-b085-40ca-8643-9cededdac425} - C:\WINDOWS\system32\mpgsym.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: (no name) - {E0BAF80C-73FB-47AA-9ACE-C434AA8DFA1D} - C:\WINDOWS\system32\xxyxVNgH.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win-xp] winis.exe
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe
    O4 - HKLM\..\Run: [chic hole copy part] C:\Documents and Settings\All Users\Application Data\deaf real chic hole\This Data.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [win-xp] winis.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [win-xp] winis.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [BLUE SOFT] C:\DOCUME~1\UTILIS~1\APPLIC~1\OPENFO~1\mp3 about.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [isyko] "c:\documents and settings\utilisateur\local settings\application data\isyko.exe" isyko
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [01109454177606368297297935689520] C:\Program Files\A360\av360.exe
    O4 - HKCU\..\RunServices: [win-xp] winis.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19dd43d9c0f0eb72d820/netzip/RdxIE601_fr.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11984/CD/StarsDuPorn.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
    O20 - Winlogon Notify: yayxwVMF - C:\WINDOWS\SYSTEM32\yayxwVMF.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  7. flore
     
    Bonjour

    J'ai effectué le combofix, par contre du coup l'antivirus 360 est installé sur mon bureau. Est ce normal ?
    Voici le rapport :
    ComboFix 08-12-18.01 - utilisateur 2008-12-19 0:42:30.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.481 [GMT 1:00]
    Running from: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\UTILIS~1\LOCALS~1\Temp\tmp2.tmp
    c:\documents and settings\utilisateur\Local Settings\Application Data\isyko.dat
    c:\documents and settings\utilisateur\Local Settings\Application Data\isyko.exe
    c:\documents and settings\utilisateur\Local Settings\Application Data\isyko_nav.dat
    c:\documents and settings\utilisateur\Local Settings\Application Data\isyko_navps.dat
    c:\program files\montorgueil
    c:\program files\montorgueil\14.03888
    c:\program files\montorgueil\StarsDuPorn\StarsDuPorn.ico
    c:\program files\montorgueil\VideoSexe\VideoSexe.ico
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
    c:\windows\fxstaller.exe
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\aWOGWPjG.dll
    c:\windows\system32\awttqpqR.dll
    c:\windows\system32\awtuUmMF.dll
    c:\windows\system32\byXRhIXN.dll
    c:\windows\system32\ddcBSkIx.dll
    c:\windows\system32\ddcyVmjg.dll
    c:\windows\system32\dlzfua.dll
    c:\windows\system32\efcBsPGw.dll
    c:\windows\system32\efCstTmn.dll
    c:\windows\system32\fccCstQH.dll
    c:\windows\system32\fCrrOHwu.dll
    c:\windows\system32\HgNVxyxx.ini
    c:\windows\system32\HgNVxyxx.ini2
    c:\windows\system32\hronfaak.dll
    c:\windows\system32\ieupdates.exe
    c:\windows\system32\ieupdates.exe.tmp
    c:\windows\system32\iifcdCTk.dll
    c:\windows\system32\iifeccYo.dll
    c:\windows\system32\iiffDUop.dll
    c:\windows\system32\ikhphccs.dll
    c:\windows\system32\khFVnKaa.dll
    c:\windows\system32\kidocwew.dll
    c:\windows\system32\lgyjvfcb.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mlJcaYRH.dll
    c:\windows\system32\mpgsym.dll
    c:\windows\system32\nnnlklml.dll
    c:\windows\system32\nnnnOGAQ.dll
    c:\windows\system32\opNhGaax.dll
    c:\windows\system32\opnolLef.dll
    c:\windows\system32\paksmpjl.dll
    c:\windows\system32\pmnligFY.dll
    c:\windows\system32\qhsndihq.dll
    c:\windows\system32\qjmgdb.dll
    c:\windows\system32\qoMfGvvW.dll
    c:\windows\system32\rbbodm.dll
    c:\windows\system32\rQHWOHYO.dll
    c:\windows\system32\rqRKBTJY.dll
    c:\windows\system32\rqRLEVnm.dll
    c:\windows\system32\tuVLFyYs.dll
    c:\windows\system32\urqnOGyx.dll
    c:\windows\system32\urqOFwwx.dll
    c:\windows\system32\vtUlMeed.dll
    c:\windows\system32\winsrc.dll
    c:\windows\system32\winsrc.dll.tmp
    c:\windows\system32\wintit.exe
    c:\windows\system32\wvUOHXPi.dll
    c:\windows\system32\xxyvsTnL.dll
    c:\windows\system32\xxyxUomm.dll
    c:\windows\system32\xxyxVNgH.dll
    c:\windows\system32\xxyxWOHY.dll
    c:\windows\system32\yayvSjIy.dll
    c:\windows\system32\yayWQhhg.dll
    c:\windows\system32\yayXOEXp.dll
    c:\windows\system32\yayxwVMF.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
    .

    2008-12-18 22:32 . 2008-12-18 22:34 <REP> d----c--- C:\rsit
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\Malwarebytes
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-18 22:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-18 22:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-18 20:18 . 2008-12-18 20:26 1,668,489 ---hs---- c:\windows\system32\bcfvjygl.ini
    2008-12-17 19:51 . 2008-12-18 20:18 1,668,480 ---hs---- c:\windows\system32\mbvsbumj.ini
    2008-12-17 19:15 . 2008-12-19 00:35 48,640 -----c--- C:\bluz.exe
    2008-12-16 10:32 . 2008-12-18 20:30 <REP> d-------- c:\program files\Spyware Doctor
    2008-12-16 10:32 . 2008-12-16 10:32 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\PC Tools
    2008-12-16 10:32 . 2008-12-19 00:57 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
    2008-12-16 10:32 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
    2008-12-16 10:32 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
    2008-12-16 10:32 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
    2008-12-16 10:32 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
    2008-12-16 08:54 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\ljpmskap.ini
    2008-12-15 19:01 . 2008-12-15 19:05 <REP> d-------- c:\program files\A360
    2008-12-15 07:38 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\uaidhnle.ini
    2008-12-15 07:31 . 2008-12-16 09:57 48,640 -----c--- C:\waxx.exe
    2008-12-08 00:24 . 2008-12-08 00:24 <REP> d----c--- C:\ConvertTemp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-18 21:11 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-16 18:02 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
    2008-12-12 12:28 --------- d-----w c:\program files\Microsoft Money
    2008-12-12 11:33 --------- dc----w c:\documents and settings\utilisateur\Application Data\AdobeUM
    2008-11-27 21:21 --------- d-----w c:\program files\World of Warcraft
    2008-11-17 19:29 --------- d-----w c:\program files\VideoLAN
    2008-11-05 13:27 --------- d-----w c:\program files\Chevaliers&Camelots
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-03-09 14:13 47,344 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-31 20:35 1 -c--a-w c:\documents and settings\utilisateur\SI.bin
    1998-09-29 11:56 10,000 -c--a-w c:\windows\inf\unregpn.exe
    2002-08-30 12:00 94,864 -csh--w c:\windows\twain.dll
    2004-08-19 23:09 50,688 --sh--w c:\windows\twain_32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1997-11-13 35840]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
    "01109454177606368297297935689520"="c:\program files\A360\av360.exe" [2008-12-15 2027520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-08-12 335872]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "HPHA2MON"="c:\windows\System32\hpha2mon.exe" [2000-08-18 69632]
    "hpfsched"="c:\windows\hpfsched.exe" [2000-08-18 36864]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-08-18 192512]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-19 180269]
    "YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 40960]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 282624]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll mpgsym.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.IV41"= ir41_32.dll
    "MSACM.MSNAUDIO"= msnaudio.acm
    "VIDC.VDOM"= vdowave.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\NeverwinterNights\\NWN\\nwmain.exe"=
    "c:\\Program Files\\3DO\\Heroes3\\H3blade.icd"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-12 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-12 875288]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-12 76040]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]
    R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2004-04-25 18953]
    S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\Fadpu16E.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{241090fc-bb09-11dc-8246-0007cb0000ff}]
    \Shell\AutoRun\command - F:\AutoTransfer.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{5A8DFDF7-C1E4-2ADF-714B-5A91ED84DA1E} - c:\docume~1\UTILIS~1\APPLIC~1\NAMELO~1\GLUETRAY.exe
    BHO-{69AD3779-EA11-59B2-D750-64550DA7786E} - c:\windows\System32\czfp.dll
    BHO-{b39fa0cb-b085-40ca-8643-9cededdac425} - c:\windows\system32\mpgsym.dll
    BHO-{C9362531-B21C-40D1-A756-88DA446ACD7B} - c:\windows\system32\xxyxVNgH.dll
    HKCU-Run-BLUE SOFT - c:\docume~1\UTILIS~1\APPLIC~1\OPENFO~1\mp3 about.exe
    HKCU-Run-isyko - c:\documents and settings\utilisateur\local settings\application data\isyko.exe
    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKCU-Run-win-xp - winis.exe
    HKCU-RunServices-win-xp - winis.exe
    HKLM-Run-chic hole copy part - c:\documents and settings\All Users\Application Data\deaf real chic hole\This Data.exe
    HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    HKLM-Run-win-xp - winis.exe
    HKLM-RunServices-win-xp - winis.exe

    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-19 00:55:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\drivers\CDANTSRV.EXE
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    c:\program files\Sony Corporation\Image Transfer\SonyTray.exe
    c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
    c:\program files\Nikon\PictureProject\NkbMonitor.exe
    c:\program files\IncrediMail\bin\IMApp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-19 1:01:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-19 00:01:25

    Pre-Run: 17ÿ611ÿ128ÿ832 octets libres
    Post-Run: 18,831,249,408 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    266 --- E O F --- 2008-12-12 12:38:27

    Merci

    Flore
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Nettoyage).

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

    ______________

    puis remets un rapport RSIT
    0
  9. flore
     
    Bonjour

    Merci pour toutes ses manip

    Voici le rapport usbfix

    -------------- UsbFix V2.413.6 ---------------

    * User : utilisateur - UTILISAT-8VQA60
    * Outils mis a jours le 21/12/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 11:36:48 le 22/12/2008
    * Windows Xp - Internet Explorer 7.0.5730.11

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\1.tmp\b2e.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur de CD-ROM

    +- Contenu de l'autorun : D:\autorun.inf

    [autorun]
    open=RunGame.exe
    Icon=LFP2005.ico
    Name=LFP MANAGER 2005

    [Special]
    Disk=2

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [03/04/2004 17:48][--a--c---] C:\AUTOEXEC.BAT
    [24/10/2004 20:02][-rahs----] C:\NTDETECT.COM
    [24/05/2001 12:59][--a--c---] C:\UNWISE.EXE
    [19/12/2008 00:40][-rahsc---] C:\boot.ini
    [19/12/2008 01:01][--a--c---] C:\ComboFix.txt
    [19/12/2008 01:01][--a--c---] C:\OCR_DOC.TXT
    [19/12/2008 01:01][--a--c---] C:\UsbFix.txt
    [19/12/2008 01:01][--a--c---] C:\xscan.txt
    [03/04/2004 17:48][--a--c---] C:\CONFIG.SYS
    [03/04/2004 17:48][--a--c---] C:\IO.SYS
    [03/04/2004 17:48][--a--c---] C:\MSDOS.SYS
    [03/04/2004 17:48][--a--c---] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur de CD-ROM

    +- Listing des fichiers présents :

    [16/09/2004 11:19][-r-------] D:\LFP2005.EXE
    [16/09/2004 11:19][-r-------] D:\RunGame.exe
    [27/07/2004 09:20][-r-------] D:\ai.ini
    [27/07/2004 09:20][-r-------] D:\common.ini
    [27/07/2004 09:20][-r-------] D:\locale.ini
    [27/07/2004 09:20][-r-------] D:\product.ini
    [27/07/2004 09:20][-r-------] D:\sku.ini
    [27/07/2004 09:20][-r-------] D:\stream.ini
    [27/07/2004 09:20][-r-------] D:\user.ini
    [16/09/2004 14:02][-r-------] D:\autorun.inf
    [16/09/2004 14:06][-r-------] D:\SECDRV.SYS

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
    IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
    Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    01109454177606368297297935689520=C:\Program Files\A360\av360.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ATIModeChange=Ati2mdxx.exe
    ATIPTA=C:\ATI-CPanel\atiptaxx.exe
    NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
    HPHA2MON=C:\WINDOWS\System32\hpha2mon.exe
    HPDJ Taskbar Utility=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    YeppStudioAgent=C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
    ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    Installed=1
    NoChange=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{241090fc-bb09-11dc-8246-0007cb0000ff}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf
    Echec de la supression !! - [06/07/2004 11:41] D:\msvcr71.dll
    Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf
    Echec de la supression !! - [16/09/2004 14:02] D:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre interprété par un spécialiste /!\

    [03/04/2004 17:48][--a--c---] C:\AUTOEXEC.BAT
    [24/10/2004 20:02][-rahs----] C:\NTDETECT.COM
    [24/05/2001 12:59][--a--c---] C:\UNWISE.EXE
    [19/12/2008 00:40][-rahsc---] C:\boot.ini
    [16/09/2004 11:19][-r-------] D:\LFP2005.EXE
    [16/09/2004 11:19][-r-------] D:\RunGame.exe
    [27/07/2004 09:20][-r-------] D:\ai.ini
    [27/07/2004 09:20][-r-------] D:\common.ini
    [27/07/2004 09:20][-r-------] D:\locale.ini
    [27/07/2004 09:20][-r-------] D:\product.ini
    [27/07/2004 09:20][-r-------] D:\sku.ini
    [27/07/2004 09:20][-r-------] D:\stream.ini
    [27/07/2004 09:20][-r-------] D:\user.ini
    [16/09/2004 14:02][-r-------] D:\autorun.inf

    --------------- ! Fin du rapport ! ----------------

    A plus

    flore
    0
  10. flore
     
    Re bonjour

    Voici le nouveau rapport RSIT

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by utilisateur at 2008-12-22 11:46:29
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 18 GB (16%) free of 114 GB
    Total RAM: 1023 MB (58% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:46:46, on 22/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [01109454177606368297297935689520] C:\Program Files\A360\av360.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    dis moi c'est quoi le disque F????
    _______________

    analyse les 6 fichiers suivants et si infecté(ou si o sizes) tu les rajoutes dans la partie file: de la procedure suivante

    https://www.virustotal.com/gui/

    c:\windows\system32\bcfvjygl.ini
    c:\windows\system32\mbvsbumj.ini
    C:\bluz.exe
    c:\windows\system32\ljpmskap.ini
    c:\windows\system32\uaidhnle.ini
    C:\waxx.exe

    ________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    c:\program files\A360\av360.exe
    c:\program files\A360

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "01109454177606368297297935689520"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis ou RSIt et dis tes soucis actuels

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    et comme je ne serai pas dispo ce jour:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  12. flore
     
    Bonjour

    Voici le rapport combofix

    ComboFix 08-12-18.01 - utilisateur 2008-12-22 19:22:52.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.626 [GMT 1:00]
    Running from: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\utilisateur\Bureau\CFscript.txt
    * Created a new restore point
    * Resident AV is active

    FILE ::
    C:\bluz.exe
    c:\program files\A360
    c:\program files\A360\av360exe
    C:\waxx.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\utilisateur\Bureau\Antivirus 360.lnk
    c:\documents and settings\utilisateur\Menu D‚marrer\Antivirus 360
    c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Antivirus 360.lnk
    c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Help.lnk
    c:\documents and settings\utilisateur\Menu Démarrer\Antivirus 360\Registration.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
    .

    2008-12-22 11:01 . 2008-12-22 11:38 <REP> d-------- c:\program files\UsbFix
    2008-12-18 22:32 . 2008-12-18 22:34 <REP> d----c--- C:\rsit
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\Malwarebytes
    2008-12-18 22:02 . 2008-12-18 22:02 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-18 22:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-18 22:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-18 20:18 . 2008-12-18 20:26 1,668,489 ---hs---- c:\windows\system32\bcfvjygl.ini
    2008-12-17 19:51 . 2008-12-18 20:18 1,668,480 ---hs---- c:\windows\system32\mbvsbumj.ini
    2008-12-16 10:32 . 2008-12-22 11:12 <REP> d-------- c:\program files\Spyware Doctor
    2008-12-16 10:32 . 2008-12-16 10:32 <REP> d----c--- c:\documents and settings\utilisateur\Application Data\PC Tools
    2008-12-16 10:32 . 2008-12-22 18:59 <REP> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
    2008-12-16 10:32 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
    2008-12-16 10:32 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
    2008-12-16 10:32 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
    2008-12-16 10:32 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
    2008-12-16 08:54 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\ljpmskap.ini
    2008-12-15 19:01 . 2008-12-20 11:54 <REP> d-------- c:\program files\A360
    2008-12-15 07:38 . 2008-12-16 08:54 1,650,115 ---hs---- c:\windows\system32\uaidhnle.ini
    2008-12-08 00:24 . 2008-12-08 00:24 <REP> d----c--- C:\ConvertTemp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 12:27 --------- d-----w c:\program files\Microsoft Money
    2008-12-18 21:11 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-16 18:02 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
    2008-12-12 11:33 --------- dc----w c:\documents and settings\utilisateur\Application Data\AdobeUM
    2008-11-27 21:21 --------- d-----w c:\program files\World of Warcraft
    2008-11-17 19:29 --------- d-----w c:\program files\VideoLAN
    2008-11-05 13:27 --------- d-----w c:\program files\Chevaliers&Camelots
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:17 247,326 ------w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-03-09 14:13 47,344 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-31 20:35 1 -c--a-w c:\documents and settings\utilisateur\SI.bin
    1998-09-29 11:56 10,000 -c--a-w c:\windows\inf\unregpn.exe
    2002-08-30 12:00 94,864 -csh--w c:\windows\twain.dll
    2004-08-19 23:09 50,688 --sh--w c:\windows\twain_32.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-19_ 1.00.24.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
    - 2008-10-17 00:48:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    + 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    - 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
    + 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1997-11-13 35840]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-08-12 335872]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "HPHA2MON"="c:\windows\System32\hpha2mon.exe" [2000-08-18 69632]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-08-18 192512]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-11-19 180269]
    "YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 40960]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 282624]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll mpgsym.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.IV41"= ir41_32.dll
    "MSACM.MSNAUDIO"= msnaudio.acm
    "VIDC.VDOM"= vdowave.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\NeverwinterNights\\NWN\\nwmain.exe"=
    "c:\\Program Files\\3DO\\Heroes3\\H3blade.icd"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-12 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-12 875288]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-12 76040]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]
    R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2004-04-25 18953]
    S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\Fadpu16E.sys []
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-18 38496]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-01109454177606368297297935689520 - c:\program files\A360\av360.exe

    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-22 19:27:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\avgrsstx.dll

    - - - - - - - > 'lsass.exe'(816)
    c:\windows\system32\avgrsstx.dll
    .
    Completion time: 2008-12-22 19:29:58
    ComboFix-quarantined-files.txt 2008-12-22 18:29:02
    ComboFix2.txt 2008-12-19 00:01:33

    Pre-Run: 18ÿ902ÿ679ÿ552 octets libres
    Post-Run: 18,921,545,728 octets libres

    197 --- E O F --- 2008-12-19 11:51:56
    0
  13. flore
     
    Voici le rapport RSIT

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by utilisateur at 2008-12-22 19:36:16
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 18 GB (16%) free of 114 GB
    Total RAM: 1023 MB (57% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:36:23, on 22/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\System32\hpha2mon.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\utilisateur\Bureau\utilisateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll mpgsym.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    encore des problèmes???
    0