aidez moi please
Forum Sécurité - Virus : aidez moi please
Bonjour à tous,
bon là je commence à vraiment péter un cable avec mon ordi, il va finir par m'avoir.
Bon je vais usr le net avec internet explorer et malgré le fait d'avoir ad aware et spybot, et zone alarm, je n'arrete pas d'avoir des pubs qui s'affichent et désormais j'ai une fenetre microsoft java c+ qui apparait avec le message d'erreur buffer overrun detected.
bon je ne sais quoi faire. j'ai essayé de voir avec hijackthis.
voici le rapport qu'il ma sorti et si quelqu'un pouvait venir à mon aide, je le remercierai volontier. de plus peux t'on avoir des explications sur hijack?
merci
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:11:39, on 30/04/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\directxs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\winmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {20D8DE1F-32CB-4A7E-82A2-9CDA39B4AB1F} - C:\WINDOWS\inf\ilbw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [Dispatcher] C:\WINDOWS\dispatcher.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\crotiyio.dll",realset
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Policies\Explorer\Run: [{805398B0-0A6A-1036-0923-031007020021}] "C:\Program Files\Fichiers communs\{805398B0-0A6A-1036-0923-031007020021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/instal [...] art_fr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14e8d6 [...] 601_fr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/re [...] ase969.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geomapguide.com/aixenpr [...] axctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1359053430
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/0 [...] 101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B611D17-6688-402E-A667-6525F8C17465}: NameServer = 86.64.145.143 84.103.237.143
O20 - Winlogon Notify: ilbw - C:\WINDOWS\inf\ilbw.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://www.forum-prison-break.net/ [...] 24x768.jpg
--
End of file - 12532 bytes
Bonjour,
Il y a du Vundo !!
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Pour Vundo, j'ai fait ce que tu m'as dit et voici le rapport.
VundoFix V6.3.21
Checking Java version...
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
Scan started at 00:48:12 08/05/2007
Listing files found while scanning....
C:\Program Files\Fichiers communs\{805398B0-0A6A-1036-0923-031007020021}\services.dll
C:\WINDOWS\security\bkrul.dll
C:\WINDOWS\security\lurkb.bak1
C:\WINDOWS\security\lurkb.bak2
C:\WINDOWS\security\lurkb.ini
C:\WINDOWS\security\lurkb.ini2
C:\WINDOWS\security\lurkb.tmp
C:\WINDOWS\system32\aolfvtat.ini
C:\WINDOWS\system32\bbpqjosa.dll
C:\WINDOWS\system32\bdupflwk.dll
C:\WINDOWS\system32\ckrgmlme.dll
C:\WINDOWS\system32\cugkjoew.dll
C:\WINDOWS\system32\cvhudkpr.dll
C:\WINDOWS\system32\dfpwqbre.exe
C:\WINDOWS\system32\dgcnckjm.dll
C:\WINDOWS\system32\doatrvvs.dll
C:\WINDOWS\system32\dopmndqc.dll
C:\WINDOWS\System32\dyxkrilx.dll
C:\WINDOWS\system32\eboshsvl.dll
C:\WINDOWS\system32\ekgpuktl.dll
C:\WINDOWS\system32\epgdgehe.dll
C:\WINDOWS\system32\erjkvhhr.dll
C:\WINDOWS\system32\fjcxcatg.dll
C:\WINDOWS\system32\foommfcy.dll
C:\WINDOWS\system32\fskgewcw.dll
C:\WINDOWS\system32\gadetugi.dll
C:\WINDOWS\system32\gfhvddto.dll
C:\WINDOWS\system32\ghpaclyl.dll
C:\WINDOWS\system32\ghyhyfbl.dll
C:\WINDOWS\system32\gnfoqsmy.dll
C:\WINDOWS\system32\gupabuxr.dll
C:\WINDOWS\system32\hoimwfwm.dll
C:\WINDOWS\system32\hsalnllt.dll
C:\WINDOWS\system32\hsughpyt.dll
C:\WINDOWS\system32\jwgwaeib.dll
C:\WINDOWS\System32\kjdypnpc.dll
C:\WINDOWS\system32\lggeudny.dll
C:\WINDOWS\system32\mamsljpr.dll
C:\WINDOWS\system32\niycsvwa.dll
C:\WINDOWS\system32\nkjirwyi.exe
C:\WINDOWS\system32\nlljijnu.dll
C:\WINDOWS\system32\npffekvs.dll
C:\WINDOWS\system32\oiloyqff.dll
C:\WINDOWS\system32\pdgdufdo.dll
C:\WINDOWS\system32\phbenwla.dll
C:\WINDOWS\system32\pjtnpioc.dll
C:\WINDOWS\system32\psdlfbjb.dll
C:\WINDOWS\system32\qgqbqmnd.dll
C:\WINDOWS\system32\qolwfbdf.dll
C:\WINDOWS\system32\qsgcxema.dll
C:\WINDOWS\system32\qygiitvy.dll
C:\WINDOWS\system32\rdahukjt.dll
C:\WINDOWS\system32\sjkieach.dll
C:\WINDOWS\system32\sqwrcvyr.dll
C:\WINDOWS\System32\svqxlewq.dll
C:\WINDOWS\system32\tatvfloa.dll
C:\WINDOWS\system32\trkrtuhy.dll
C:\WINDOWS\system32\unfqjusg.dll
C:\WINDOWS\system32\uqtvpgld.dll
C:\WINDOWS\system32\urfxcoqg.dll
C:\WINDOWS\system32\uvwflpth.dll
C:\WINDOWS\system32\uwgoxyoj.dll
C:\WINDOWS\system32\vbnyhtyn.dll
C:\WINDOWS\system32\vfiufqvh.dll
C:\WINDOWS\system32\xfauugul.dll
C:\WINDOWS\system32\xpvqxhua.dll
C:\WINDOWS\system32\xssfrwah.dll
C:\WINDOWS\system32\yjppevyl.dll
C:\WINDOWS\system32\yqcldmpp.dll
Beginning removal...
Attempting to delete C:\Program Files\Fichiers communs\{805398B0-0A6A-1036-0923-031007020021}\services.dll
C:\Program Files\Fichiers communs\{805398B0-0A6A-1036-0923-031007020021}\services.dll Has been deleted!
Attempting to delete C:\WINDOWS\security\bkrul.dll
C:\WINDOWS\security\bkrul.dll Has been deleted!
Attempting to delete C:\WINDOWS\security\lurkb.bak1
C:\WINDOWS\security\lurkb.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\security\lurkb.bak2
C:\WINDOWS\security\lurkb.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\security\lurkb.ini
C:\WINDOWS\security\lurkb.ini Has been deleted!
Attempting to delete C:\WINDOWS\security\lurkb.ini2
C:\WINDOWS\security\lurkb.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\security\lurkb.tmp
C:\WINDOWS\security\lurkb.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\aolfvtat.ini
C:\WINDOWS\system32\aolfvtat.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbpqjosa.dll
C:\WINDOWS\system32\bbpqjosa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdupflwk.dll
C:\WINDOWS\system32\bdupflwk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ckrgmlme.dll
C:\WINDOWS\system32\ckrgmlme.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cugkjoew.dll
C:\WINDOWS\system32\cugkjoew.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cvhudkpr.dll
C:\WINDOWS\system32\cvhudkpr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dfpwqbre.exe
C:\WINDOWS\system32\dfpwqbre.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgcnckjm.dll
C:\WINDOWS\system32\dgcnckjm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\doatrvvs.dll
C:\WINDOWS\system32\doatrvvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dopmndqc.dll
C:\WINDOWS\system32\dopmndqc.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\dyxkrilx.dll
C:\WINDOWS\System32\dyxkrilx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\eboshsvl.dll
C:\WINDOWS\system32\eboshsvl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekgpuktl.dll
C:\WINDOWS\system32\ekgpuktl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\epgdgehe.dll
C:\WINDOWS\system32\epgdgehe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\erjkvhhr.dll
C:\WINDOWS\system32\erjkvhhr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjcxcatg.dll
C:\WINDOWS\system32\fjcxcatg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\foommfcy.dll
C:\WINDOWS\system32\foommfcy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fskgewcw.dll
C:\WINDOWS\system32\fskgewcw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gadetugi.dll
C:\WINDOWS\system32\gadetugi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhvddto.dll
C:\WINDOWS\system32\gfhvddto.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghpaclyl.dll
C:\WINDOWS\system32\ghpaclyl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghyhyfbl.dll
C:\WINDOWS\system32\ghyhyfbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gnfoqsmy.dll
C:\WINDOWS\system32\gnfoqsmy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gupabuxr.dll
C:\WINDOWS\system32\gupabuxr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hoimwfwm.dll
C:\WINDOWS\system32\hoimwfwm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hsalnllt.dll
C:\WINDOWS\system32\hsalnllt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hsughpyt.dll
C:\WINDOWS\system32\hsughpyt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jwgwaeib.dll
C:\WINDOWS\system32\jwgwaeib.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lggeudny.dll
C:\WINDOWS\system32\lggeudny.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mamsljpr.dll
C:\WINDOWS\system32\mamsljpr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\niycsvwa.dll
C:\WINDOWS\system32\niycsvwa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nkjirwyi.exe
C:\WINDOWS\system32\nkjirwyi.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\nlljijnu.dll
C:\WINDOWS\system32\nlljijnu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\npffekvs.dll
C:\WINDOWS\system32\npffekvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oiloyqff.dll
C:\WINDOWS\system32\oiloyqff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pdgdufdo.dll
C:\WINDOWS\system32\pdgdufdo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\phbenwla.dll
C:\WINDOWS\system32\phbenwla.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pjtnpioc.dll
C:\WINDOWS\system32\pjtnpioc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\psdlfbjb.dll
C:\WINDOWS\system32\psdlfbjb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qgqbqmnd.dll
C:\WINDOWS\system32\qgqbqmnd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qolwfbdf.dll
C:\WINDOWS\system32\qolwfbdf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qsgcxema.dll
C:\WINDOWS\system32\qsgcxema.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qygiitvy.dll
C:\WINDOWS\system32\qygiitvy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rdahukjt.dll
C:\WINDOWS\system32\rdahukjt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sjkieach.dll
C:\WINDOWS\system32\sjkieach.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sqwrcvyr.dll
C:\WINDOWS\system32\sqwrcvyr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tatvfloa.dll
C:\WINDOWS\system32\tatvfloa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\trkrtuhy.dll
C:\WINDOWS\system32\trkrtuhy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\unfqjusg.dll
C:\WINDOWS\system32\unfqjusg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqtvpgld.dll
C:\WINDOWS\system32\uqtvpgld.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urfxcoqg.dll
C:\WINDOWS\system32\urfxcoqg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvwflpth.dll
C:\WINDOWS\system32\uvwflpth.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uwgoxyoj.dll
C:\WINDOWS\system32\uwgoxyoj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vbnyhtyn.dll
C:\WINDOWS\system32\vbnyhtyn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vfiufqvh.dll
C:\WINDOWS\system32\vfiufqvh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xfauugul.dll
C:\WINDOWS\system32\xfauugul.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xpvqxhua.dll
C:\WINDOWS\system32\xpvqxhua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xssfrwah.dll
C:\WINDOWS\system32\xssfrwah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yjppevyl.dll
C:\WINDOWS\system32\yjppevyl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yqcldmpp.dll
C:\WINDOWS\system32\yqcldmpp.dll Has been deleted!
Performing Repairs to the registry.
Done!
maintenant, j'ai refait le hijack et voici le rapport:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:06:34, on 08/05/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\directxs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\winmsgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fred\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6151022B-8D5E-4C20-898D-1A46BA573132} - C:\WINDOWS\security\bkrul.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [Dispatcher] C:\WINDOWS\dispatcher.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\tatvfloa.dll",realset
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Policies\Explorer\Run: [{805398B0-0A6A-1036-0923-031007020021}] "C:\Program Files\Fichiers communs\{805398B0-0A6A-1036-0923-031007020021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gkjytsu.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/instal [...] art_fr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14e8d6 [...] 601_fr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/re [...] ase969.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geomapguide.com/aixenpr [...] axctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1359053430
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/0 [...] 101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B611D17-6688-402E-A667-6525F8C17465}: NameServer = 84.103.237.143 86.64.145.143
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://www.forum-prison-break.net/ [...] 24x768.jpg
--
End of file - 12528 bytes
merci de me dire alors si c'est bon, moi je continue à voir si les problèmes persistent.
Bonsoir,
Désolé du retard !
Télécharge ComboFix (par sUBs) sur ton Bureau
Double clique sur combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Il y a 1270 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
Par Destrio5 il y a 6 jours :
