tuile Msn
Forum Sécurité - Virus : tuile Msn
Bonjour a toutes et à tous
J'ai chopé a mon avis une merde sur ma machine, quand je lance msn tout le pc se met a ramer a mort jusqu'a ce que je le déconnecte(ca prends facile 5 minutes), il me faut environ 2 minutes pour qu'il se connecte.
Scan avec spybot : rien
Scan antivirus : RIen
Voila mon rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:49, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\easyrencontre\easyrencontre.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EasyFlirt Messenger.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by139fd.bay139.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 13364 bytes
Merci a celui qui me trouveras la solution
Bonjour,
Tu as un os pirate ?
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
non j'ai un win XP pro Volume liscence (MSDN fourni par mon lycée (BTS INFO)
je poste le rapport des que il m'a fait le scan
merci
il y a combien d'étapes ? j'en suis a la 36eme
Voila le rapport :
ComboFix 07-11-08.1 - Mckilleron 2007-11-15 19:00:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.447 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\newdotnet
C:\Program Files\newdotnet\newdotnet7_48.dll_tobedeleted_old
C:\WINDOWS\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NNSERV
-------\NNServ
-------\ntldr.sys
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-15 18:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 18:00 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-15 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-15 00:01 <REP> d-------- C:\Program Files\MultiProxy
2007-11-14 09:43 49,536 --a------ C:\WINDOWS\system32\drivers\a07l15w8.sys
2007-11-11 18:19 <REP> d-------- C:\Documents and Settings\Mckilleron\.thinupload
2007-11-11 11:43 49,536 --a------ C:\WINDOWS\system32\drivers\at7ph1ja.sys
2007-11-10 19:26 <REP> d-------- C:\temp
2007-11-10 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2007-11-10 18:52 <REP> d-------- C:\Documents and Settings\Mckilleron\Application Data\InstallShield
2007-11-10 18:40 <REP> d-------- C:\WINDOWS\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP
2007-11-10 15:08 <REP> d--h----- C:\Documents and Settings\MAC4602\ASPNET\Voisinage r‚seau
2007-11-10 15:08 <REP> d--h----- C:\Documents and Settings\MAC4602\ASPNET\Voisinage d'impression
2007-11-10 15:08 <REP> d--h----- C:\Documents and Settings\MAC4602\ASPNET\ModŠles
2007-11-10 15:08 <REP> d-------- C:\Documents and Settings\MAC4602\ASPNET\Mes documents
2007-11-10 15:08 <REP> dr------- C:\Documents and Settings\MAC4602\ASPNET\Menu D‚marrer
2007-11-10 15:08 <REP> d-------- C:\Documents and Settings\MAC4602\ASPNET\Favoris
2007-11-10 15:08 <REP> d-------- C:\Documents and Settings\MAC4602\ASPNET\Bureau
2007-11-10 15:08 <REP> d-------- C:\Documents and Settings\MAC4602\ASPNET
2007-11-09 17:03 <REP> d-------- C:\ElectronicArts
2007-11-09 17:03 283,648 --a------ C:\WINDOWS\unin040c.exe
2007-11-09 17:03 132,096 --a------ C:\WINDOWS\system32\RashIcon.dll
2007-11-09 17:03 41,472 --a------ C:\WINDOWS\system32\RashProp.dll
2007-11-09 17:03 28,672 --a------ C:\WINDOWS\system32\AWEMan32.dll
2007-11-07 17:16 <REP> d-------- C:\Master 2mi
2007-11-07 13:23 <REP> d-------- C:\Documents and Settings\Mckilleron\VSWebCache
2007-11-07 10:43 <REP> d-------- C:\Program Files\MSDN
2007-11-07 10:10 <REP> d-------- C:\Program Files\HTML Help Workshop
2007-11-07 10:10 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2007-11-07 10:10 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-11-07 10:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-07 10:08 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-11-07 09:49 127,488 --a--c--- C:\WINDOWS\system32\dllcache\ftpsv251.dll
2007-11-07 09:49 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpmib.dll
2007-11-06 15:17 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-11-06 15:11 <REP> d-------- C:\severance
2007-11-05 21:31 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-11-05 21:30 <REP> d-------- C:\Program Files\Microsoft Reader
2007-11-05 21:30 57,436 --a------ C:\WINDOWS\DASShp.dll
2007-11-05 15:38 <REP> d-------- C:\Program Files\Cookie Viewer
2007-11-03 11:49 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-03 11:22 <REP> d-------- C:\Program Files\IE7Pro
2007-11-03 11:22 <REP> d-------- C:\Documents and Settings\Mckilleron\Application Data\IE7Pro
2007-11-01 23:09 <REP> d-------- C:\Program Files\vso
2007-11-01 23:09 <REP> d-------- C:\Documents and Settings\Mckilleron\Application Data\Vso
2007-11-01 23:09 81,920 --a------ C:\Documents and Settings\Mckilleron\Application Data\ezpinst.exe
2007-11-01 23:09 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-01 23:09 47,360 --a------ C:\Documents and Settings\Mckilleron\Application Data\pcouffin.sys
2007-11-01 20:55 <REP> d-------- C:\Program Files\Fake Webcam
2007-10-31 20:17 <REP> d-------- C:\BMW M3 Challenge
2007-10-24 08:12 <REP> d-------- C:\UT2004
2007-10-23 21:26 <REP> d-------- C:\WINDOWS\system32\Futuremark
2007-10-20 11:24 <REP> d-------- C:\Program Files\FlashGet
2007-10-18 16:16 <REP> d-------- C:\Program Files\JoWooD Productions
2007-10-18 11:31 51,224 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-10-17 15:14 <REP> d-------- C:\Program Files\YesMessenger
2007-10-16 14:15 49,536 --a------ C:\WINDOWS\system32\drivers\athtsi8j.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 18:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 18:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-11-15 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-11-15 17:00 --------- d-----w C:\Program Files\Windows Live
2007-11-15 16:57 --------- d-----w C:\Program Files\MSN Messenger
2007-11-15 09:55 --------- d-----w C:\Documents and Settings\Mckilleron\Application Data\AVG7
2007-11-11 22:40 --------- d-----w C:\Program Files\Ground Control II
2007-11-10 17:57 --------- d-----w C:\Program Files\THQ
2007-11-10 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 17:48 --------- d-----w C:\Program Files\GOA
2007-11-10 17:43 --------- d-----w C:\Program Files\Electronic Arts
2007-11-08 21:57 --------- d-----w C:\Program Files\JetAudio
2007-11-08 21:42 --------- d-----w C:\Program Files\Fichiers communs\COWON
2007-11-05 14:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-05 14:38 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-04 13:52 --------- d-----w C:\Program Files\Starcraft
2007-11-02 19:59 --------- d-----w C:\Program Files\Mu~Intensity
2007-10-31 12:42 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-23 10:55 --------- d-----w C:\Program Files\BitComet
2007-10-19 20:01 --------- d-----w C:\Program Files\easyrencontre
2007-10-19 15:16 --------- d-----w C:\Program Files\PSPad editor
2007-10-19 13:45 --------- d-----w C:\Program Files\EasyFlirt Messenger
2007-10-14 09:15 --------- d-----w C:\Documents and Settings\Mckilleron\Application Data\Screenshot Sender
2007-10-13 10:21 --------- d-----w C:\Program Files\Playlogic
2007-10-12 15:23 --------- d-----w C:\Program Files\Strategy First
2007-10-10 18:08 --------- d-----w C:\Documents and Settings\Mckilleron\Application Data\ma-config.com
2007-10-10 17:57 --------- d-----w C:\Program Files\ma-config.com
2007-10-08 16:23 --------- d-----w C:\Program Files\SLD Codec Pack
2007-10-07 07:44 --------- d-----w C:\Program Files\TomTom HOME
2007-10-06 22:07 --------- d-----w C:\Program Files\NCH Swift Sound
2007-10-06 20:27 --------- d-----w C:\Program Files\Cyanide
2007-10-05 17:03 --------- d-----w C:\Program Files\Gamenext
2007-10-05 16:52 --------- d-----w C:\Program Files\DOSBox-0.70
2007-10-05 16:01 --------- d-----w C:\Program Files\SpeedFan
2007-10-05 16:00 --------- d-----w C:\Program Files\Warcraft III
2007-10-02 21:15 --------- d-----w C:\Program Files\Buka
2007-10-02 21:14 --------- d-----w C:\Program Files\Black Isle
2007-10-01 20:16 --------- d-----w C:\Program Files\Trend Micro
2007-09-26 19:48 --------- d-----w C:\Program Files\EasyPHP1-8
2007-09-22 08:48 --------- d-----w C:\Program Files\Atari
2007-09-21 15:50 --------- d-----w C:\Documents and Settings\Mckilleron\Application Data\VMware
2007-09-21 14:30 --------- d-----w C:\Program Files\Doom 3
2007-09-20 14:44 --------- d-----w C:\Program Files\Duke Nukem - Manhattan Project
2007-05-09 16:50 6,775 ----a-w C:\Program Files\UnInstall_jetAudio.txt
2007-04-22 12:04 135,360 ----a-w C:\Program Files\Hamasaki.Ayumi.-.rainy.day.avi
2006-02-24 10:11 11,304 ------w C:\Program Files\French.lng
2006-02-24 09:07 77,824 ------w C:\Program Files\JetTrim.FRC
2006-02-24 09:07 577,536 ------w C:\Program Files\JetAudio.FRC
2006-02-24 09:07 49,152 ------w C:\Program Files\JXCddb.FRC
2006-02-24 09:07 462,848 ------w C:\Program Files\JetCast.FRC
2006-02-24 09:07 45,056 ------w C:\Program Files\JXLeoLDB.FRC
2006-02-24 09:07 45,056 ------w C:\Program Files\JetLyric.FRC
2006-02-24 09:07 40,960 ------w C:\Program Files\JFWMARd.FRC
2006-02-24 09:07 36,864 ------w C:\Program Files\JetFlExt.FRC
2006-02-24 09:07 36,864 ------w C:\Program Files\JetCrash.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JXVisual.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JXTag.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JXCDMan.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JSWMAWt.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JFWMAWt7.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JFWMAWt.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JFWavWt.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JFWavRd.FRC
2006-02-24 09:07 32,768 ------w C:\Program Files\JFWavOut.FRC
2006-02-24 09:07 151,552 ------w C:\Program Files\JetChat.FRC
2006-02-24 09:07 131,072 ------w C:\Program Files\JXVidCnv.FRC
2006-02-24 09:07 106,496 ------w C:\Program Files\JetRecorder.FRC
2006-02-24 09:06 81,920 ------w C:\Program Files\JFRMPl.FRC
2006-02-24 09:06 57,344 ------w C:\Program Files\JFDSPl.FRC
2006-02-24 09:06 53,248 ------w C:\Program Files\JFDVDPl.FRC
2006-02-24 09:06 40,960 ------w C:\Program Files\JFACDWt.FRC
2006-02-24 09:06 36,864 ------w C:\Program Files\JFVCDPl.FRC
2006-02-24 09:06 36,864 ------w C:\Program Files\JFSpeexWt.FRC
2006-02-24 09:06 36,864 ------w C:\Program Files\JFNetworkWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFWMANetWt9.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFWMANetWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFSpeexRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFRMWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFQTPl.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFOGGWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFOGGRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFOGGEnc.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFNetFP.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMPCWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMPCRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3Wt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3Rd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3ProWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3ProEnc.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3Enc.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMP3Dec.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMODRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFMIDRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFIMSRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFFLACWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFFLACRd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFCDPl.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFAPEWt.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFAPERd.FRC
2006-02-24 09:06 32,768 ------w C:\Program Files\JFAMP3En.FRC
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-30 20:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-04-13 00:51]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-31 13:54]
"nwiz"="nwiz.exe" [2006-03-31 13:54 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-31 13:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 22:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mckilleron^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
path=C:\Documents and Settings\Mckilleron\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk
backup=C:\WINDOWS\pss\BoontyBox 01net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mckilleron^Menu Démarrer^Programmes^Démarrage^Dial-Messenger.lnk]
path=C:\Documents and Settings\Mckilleron\Menu Démarrer\Programmes\Démarrage\Dial-Messenger.lnk
backup=C:\WINDOWS\pss\Dial-Messenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mckilleron^Menu Démarrer^Programmes^Démarrage^easyrencontre.lnk]
path=C:\Documents and Settings\Mckilleron\Menu Démarrer\Programmes\Démarrage\easyrencontre.lnk
backup=C:\WINDOWS\pss\easyrencontre.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mckilleron^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Mckilleron\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun]
"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watch]
C:\PROGRA~1\minitel\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 pohci13F;pohci13F;\??\C:\DOCUME~1\MCKILL~1\LOCALS~1\Temp\pohci13F.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b156739-735d-11dc-ac89-0014858055e6}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f2cc10-032f-11dc-b720-005056c00008}]
\Shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfc28d2-e6fe-11db-8820-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 16:15:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-10 19:23:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 19:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
relancement d'msn ==> Problème persistant
Test avec A msn ==> meme souci
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:03, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EasyFlirt Messenger.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by139fd.bay139.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 12581 bytes
On va faire une vérif.
Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Répondre à Angeldark
MSNFix 1.579
C:\Downloads\MSNFix\MSNFix
Fix exécuté le 15/11/2007 - 19:49:36,29 By Mckilleron
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PROGRA~1\UnInstall_jetAudio.exe] 98604F0CE0593304E331B3FF0995BE88
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\MCKILL~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 15112007_19505978.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
jet audio c'est mon lecteur mp3 jamais eu de souci
toujours le meme problème persistant
Pas une infection MSN.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Répondre à Angeldark
voila
15/11/2007 a 20:28:40,96
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\Documents and Settings\Mckilleron\Application Data\ezpinst.exe" FOUND
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
j'ai supprimé le fichier ezpinst.exe
aucun chagement
je sais plus quoi faire la...
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:10, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EasyFlirt Messenger.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by139fd.bay139.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{468F0530-330A-4428-BDB8-0BCBC8CB233F}: NameServer = 84.103.237.140
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 12502 bytes
Mon temps de réaction est rapide
j'arrive pas a trouver la tuile
j'ai analysé tous les processus de mon pc en cours, rien d'anormal
qqun peut m'aider ?
snif je suis en galère la
bon bah ca sent le format
Peut etre es tu allé trop voir les sites X 
hein monsieur romain...
Tu peux pas patienter là ?
Désinstalle AskPBar.
Répondre à Angeldark
Il y a 2427 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
