spyware secure et quelques spams
Forum Sécurité - Virus : spyware secure et quelques spams
salut,
dsl de pas avoir repondu hier mais je n'étais pas chez moi.
aujourd'hui je n'ai aucun probleme, spyware secure ne s'est pas manifesté et aucun spam...
voici quand même le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:29, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chat-land.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00165F0.dat
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DE868.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7995 bytes
voila.
quel est le verdict? 
voici :
31/08/2007 a 13:50:29,53
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\winsys.exe FOUND
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
sa veut dire quoi? 
Fais ce que j'ai dit, il faut aller jusqu'au bout 
Répondre à Angeldark
tu ne veu plus m'aider? 
merde j'ai d'autres infections, j'ai voulu installer un logiciel mais ça m'a mis de la pub... pourtant j'ai verifier le fichier avec avg as et il m'a dit que c'était ok..
aide moi angel dark et dsl si je t'ai dit que je voulais arrêter dz suivre tes conseil, sa me servira de leçon...
Bug du forum. On ne voit pas toutes les pages 
Reposte un rapport Hijackthis.
Répondre à Angeldark
le soft m'as sorti un "accès refuser", c'est pas bon signe?!
sinon voila le rapport:
ComboFix 07-09-14.2 - "Romain" 2007-09-14 21:19:22.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.440 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ProductCode
C:\DOCUME~1\Romain\MENUDM~1\PROGRA~1\DMARRA~1.\TA_Start.lnk
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\inetget2
C:\Program Files\inetget2\wininstall.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\retadpu337.exe
C:\WINDOWS\system32\__c00165F0.dat
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\bjnoixhu.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 21:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 00:21 <REP> d-------- C:\Program Files\Words
2007-09-14 00:16 <REP> d-------- C:\Program Files\Insider
2007-09-13 00:19 287,766 --a------ C:\WINDOWS\system32\khfdeec.dll
2007-09-13 00:11 <REP> d-------- C:\Program Files\WinAble
2007-09-12 12:46 62,464 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-09-12 03:02 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-11 21:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-09 16:10 <REP> d-------- C:\Program Files\VideoLAN
2007-09-09 16:06 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\vlc
2007-09-08 20:10 <REP> d-------- C:\Program Files\BrainWave Generator
2007-09-08 02:31 303,616 --a------ C:\WINDOWS\IsUninst.exe
2007-09-08 02:16 <REP> d-------- C:\Program Files\IDoser v4
2007-08-31 19:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-31 12:20 <REP> d-------- C:\Program Files\Trend Micro
2007-08-31 12:07 <REP> d-------- C:\Program Files\Windows Live
2007-08-31 12:07 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-08-30 14:10 <REP> d-------- C:\Program Files\Navilog1
2007-08-29 09:19 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\EoRezo
2007-08-29 09:12 336,384 --a------ C:\WINDOWS\system32\hygbmso.exe
2007-08-22 22:20 <REP> d-------- C:\DOCUME~1\Famille\APPLIC~1\Google
2007-08-22 22:01 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-08-21 21:38 <REP> d-------- C:\Program Files\SecondLife
2007-08-21 21:38 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\SecondLife
2007-08-20 14:17 <REP> d---s---- C:\DOCUME~1\Famille\UserData
2007-08-19 01:00 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-08-17 23:51 <REP> d-------- C:\Program Files\RayV
2007-08-16 16:51 <REP> d-------- C:\WINDOWS\system32\runtime
2007-08-16 16:51 <REP> d-------- C:\DOCUME~1\Romain\Incomplete
2007-08-16 16:51 <REP> d-------- C:\DOCUME~1\Famille\APPLIC~1\AdobeUM
2007-08-16 16:50 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-08-16 16:50 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-08-16 16:50 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-08-16 16:50 <REP> d---s---- C:\DOCUME~1\ADMINI~1\Mes documents
2007-08-16 16:50 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-08-16 16:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-14 01:45 <REP> d-------- C:\Program Files\LimeWire
2007-08-14 01:45 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 21:21 --------- d-------- C:\Program Files\FlashGet
2007-09-13 23:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-08 02:31 --------- d-------- C:\Program Files\crap
2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-31 12:07 --------- d-------- C:\Program Files\MSN Messenger
2007-08-24 04:31 --------- d-------- C:\Program Files\Google
2007-08-23 01:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-21 13:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 13:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 16:50 --------- d-------- C:\Program Files\Safari
2007-08-16 16:50 --------- d-------- C:\Program Files\Bonjour
2007-08-16 16:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-16 16:49 --------- d-------- C:\Program Files\QuickTime
2007-08-16 16:49 --------- d-------- C:\Program Files\eMule
2007-08-16 16:48 --------- d-------- C:\Program Files\Apple Software Update
2007-08-13 21:29 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Google
2007-08-11 18:20 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Apple Computer
2007-08-11 08:55 --------- d-------- C:\Program Files\Lavasoft
2007-08-11 08:55 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Lavasoft
2007-08-11 08:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-11 06:37 --------- d-------- C:\Program Files\Alwil Software
2007-08-11 01:22 107134 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-08-10 23:57 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\AdobeUM
2007-08-10 21:22 --------- d-------- C:\Program Files\Free
2007-08-10 00:05 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\dvdcss
2007-08-04 18:43 --------- d-------- C:\Program Files\Winamp
2007-07-31 16:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 12:46 62464 --a------ C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-09-13 00:19 287766 --a------ C:\WINDOWS\system32\khfdeec.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 C:\WINDOWS\system32\bthprops.cpl]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-07-23 09:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"EoEngine"="" []
"EoClock"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 12:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WinAble"="C:\Program Files\WinAble\winable.exe" [2007-09-13 00:11]
"icmafhbga"="c:\documents and settings\romain\local settings\application data\icmafhbga.exe" [2007-09-13 00:19]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-09-14 00:16]
"Words"="C:\Program Files\Words\Words.exe" [2007-09-14 00:21]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 21:21:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\khfdeec.dll [2007-09-13 00:19 287766]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdeec]
khfdeec.dll 2007-09-13 00:19 287766 C:\WINDOWS\system32\khfdeec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00DE868.dat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Romain^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Romain\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys
S3 5c021f4b-c2d5-4920-8c7b-1c8adef98181;5c021f4b-c2d5-4920-8c7b-1c8adef98181;\??\D:\Player\cds300.dll
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-08-27 06:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 21:23:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-14 21:24:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 21:24
.
--- E O F ---
je crois que ça a fait la même chose...
je crois que c'est le fait que msn et flash get se lance au demarage alors que le soft demande de rien lancer, si c'est ça, je fait comment?
je poste quand même le rapport
ComboFix 07-09-14.2 - "Romain" 2007-09-14 21:41:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.420 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\geebc.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 21:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 00:21 <REP> d-------- C:\Program Files\Words
2007-09-14 00:16 <REP> d-------- C:\Program Files\Insider
2007-09-13 00:19 287,766 --a------ C:\WINDOWS\system32\khfdeec.dll
2007-09-13 00:11 <REP> d-------- C:\Program Files\WinAble
2007-09-12 12:46 62,464 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-09-12 03:02 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-11 21:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-09 16:10 <REP> d-------- C:\Program Files\VideoLAN
2007-09-09 16:06 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\vlc
2007-09-08 20:10 <REP> d-------- C:\Program Files\BrainWave Generator
2007-09-08 02:31 303,616 --a------ C:\WINDOWS\IsUninst.exe
2007-09-08 02:16 <REP> d-------- C:\Program Files\IDoser v4
2007-08-31 19:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-31 12:20 <REP> d-------- C:\Program Files\Trend Micro
2007-08-31 12:07 <REP> d-------- C:\Program Files\Windows Live
2007-08-31 12:07 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-08-30 14:10 <REP> d-------- C:\Program Files\Navilog1
2007-08-29 09:19 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\EoRezo
2007-08-29 09:12 336,384 --a------ C:\WINDOWS\system32\hygbmso.exe
2007-08-22 22:20 <REP> d-------- C:\DOCUME~1\Famille\APPLIC~1\Google
2007-08-22 22:01 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-08-21 21:38 <REP> d-------- C:\Program Files\SecondLife
2007-08-21 21:38 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\SecondLife
2007-08-20 14:17 <REP> d---s---- C:\DOCUME~1\Famille\UserData
2007-08-19 01:00 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-08-17 23:51 <REP> d-------- C:\Program Files\RayV
2007-08-16 16:51 <REP> d-------- C:\WINDOWS\system32\runtime
2007-08-16 16:51 <REP> d-------- C:\DOCUME~1\Romain\Incomplete
2007-08-16 16:51 <REP> d-------- C:\DOCUME~1\Famille\APPLIC~1\AdobeUM
2007-08-16 16:50 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-08-16 16:50 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-08-16 16:50 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-08-16 16:50 <REP> d---s---- C:\DOCUME~1\ADMINI~1\Mes documents
2007-08-16 16:50 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-08-16 16:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-14 01:45 <REP> d-------- C:\Program Files\LimeWire
2007-08-14 01:45 <REP> d-------- C:\DOCUME~1\Romain\APPLIC~1\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 21:42 --------- d-------- C:\Program Files\FlashGet
2007-09-13 23:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-08 02:31 --------- d-------- C:\Program Files\crap
2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-31 12:07 --------- d-------- C:\Program Files\MSN Messenger
2007-08-24 04:31 --------- d-------- C:\Program Files\Google
2007-08-23 01:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-21 13:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 13:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 16:50 --------- d-------- C:\Program Files\Safari
2007-08-16 16:50 --------- d-------- C:\Program Files\Bonjour
2007-08-16 16:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-16 16:49 --------- d-------- C:\Program Files\QuickTime
2007-08-16 16:49 --------- d-------- C:\Program Files\eMule
2007-08-16 16:48 --------- d-------- C:\Program Files\Apple Software Update
2007-08-13 21:29 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Google
2007-08-11 18:20 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Apple Computer
2007-08-11 08:55 --------- d-------- C:\Program Files\Lavasoft
2007-08-11 08:55 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\Lavasoft
2007-08-11 08:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-11 06:37 --------- d-------- C:\Program Files\Alwil Software
2007-08-11 01:22 107134 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-08-10 23:57 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\AdobeUM
2007-08-10 21:22 --------- d-------- C:\Program Files\Free
2007-08-10 00:05 --------- d-------- C:\DOCUME~1\Romain\APPLIC~1\dvdcss
2007-08-04 18:43 --------- d-------- C:\Program Files\Winamp
2007-07-31 16:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 12:46 62464 --a------ C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-09-13 00:19 287766 --a------ C:\WINDOWS\system32\khfdeec.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 C:\WINDOWS\system32\bthprops.cpl]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-07-23 09:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"EoEngine"="" []
"EoClock"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 12:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WinAble"="C:\Program Files\WinAble\winable.exe" [2007-09-13 00:11]
"icmafhbga"="c:\documents and settings\romain\local settings\application data\icmafhbga.exe" [2007-09-13 00:19]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-09-14 00:16]
"Words"="C:\Program Files\Words\Words.exe" [2007-09-14 00:21]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 21:21:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\khfdeec.dll [2007-09-13 00:19 287766]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdeec]
khfdeec.dll 2007-09-13 00:19 287766 C:\WINDOWS\system32\khfdeec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00DE868.dat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Romain^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Romain\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys
S3 5c021f4b-c2d5-4920-8c7b-1c8adef98181;5c021f4b-c2d5-4920-8c7b-1c8adef98181;\??\D:\Player\cds300.dll
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-08-27 06:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 21:44:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-14 21:45:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 21:45
C:\ComboFix2.txt ... 2007-09-14 21:24
.
--- E O F ---
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
c'est pas un antivirus avg?
merde!!
tu m'avais dit de télécharger anyivir et j'ai oublier 
ok, je télécharge ça? antivir?
Reposte un rapport hijackthis
Répondre à Angeldark
le fameux rapport hijackthis, le voila!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:17, on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chat-land.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DE868.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7066 bytes
Tu l'as déjà fait
http://www.infos-du-net.com/forum/ [...] =0#t236429
Répondre à Angeldark
Tu as essayé la touche Suppr du clavier ? 
Répondre à Angeldark
j'ai choper un virus msn. il envoi des fichier infecté a mes contact..
je suis en train de faire des analyse ac avg..
dsl j'ai pas pris le temps de faire ac le mode sans echec, j'ai un peu de mal avec!
apparament c'étais pas un virus...
sinon j'ai supprimé antivir car il s'ouvrait tout les deux secondes pour me dire qu'il avait trouver des fichiers dangereux
Message édité par romanichel21 le 25-09-2007 à 22:41:45
