Fenêtres intempestives sans cesse!!!! - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Fenêtres intempestives sans cesse!!!!
 
laurence17
Profil : IDNaute
Plus d'informations
n°310395
19-05-2008 à 21:16:55

Bonsoir à tous,
 
Des fenêtres de publicité apparaissent en permance et me rendent dingue!!!!
 
Pouvez-vous m'aider svp?
 
Voici le rapport Hijackthis:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:08, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllcache\ibmpsw.exe
C:\INOCULAN\InoRpc.exe
C:\INOCULAN\InoRT.exe
C:\INOCULAN\InoTask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SVCHOST.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\VNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchoST.exe
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\sdhost.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\nxhvt.exe
C:\WINDOWS\WNSXS~1\explorer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\??crosoft\m?config.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\system32\dllcache\wintcps.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\LBA999~1.DOR\LOCALS~1\Temp\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe
O1 - Hosts: 128.45.0.11 NSRECY1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B6D231F4-A54C-A593-11E7-A78F74522F94} - C:\WINDOWS\system32\pqybqgt.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\INOCULAN\realmon.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212339A30506CAC59B6
O4 - HKLM\..\RunServices: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\nxhvt.exe
O4 - HKCU\..\Run: [Asba] "C:\WINDOWS\WNSXS~1\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [Hsohaqi] "C:\Program Files\??crosoft\m?config.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\Software\..\Telephony: DomainName = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{945E8E45-3AC6-40E8-865B-ED64CCCF4521}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: Domain = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: NameServer = 128.45.0.11,128.45.0.31
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: IBM Access Driver Control - Unknown owner - C:\WINDOWS\system32\dllcache\ibmpsw.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\INOCULAN\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\INOCULAN\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\INOCULAN\InoTask.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\system32\dllcache\wintcps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: CCM Windows Agent (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\VNC\WinVNC\WinVNC.exe
 
--
End of file - 9631 bytes

Liens

laurence17
Profil : IDNaute
Plus d'informations
n°310715
21-05-2008 à 18:01:37

Bonjour,
 
Personne ne peut m'aider?? :-(
 
Il est si infecté que ça?? :-( :-(

Angeldark
Profil : Helper
Plus d'informations
n°310725
21-05-2008 à 19:18:19

Bonjour,
 
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
 

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
laurence17
Profil : IDNaute
Plus d'informations
n°310961
22-05-2008 à 21:23:45

Bonsoir,
 
Voici le rapport:
 
ComboFix 08-05-21.3 - lb 2008-05-22 21:06:13.1 - NTFSx86
Running from: C:\Documents and Settings\lb.DOREC000\Desktop\ComboFix.exe
 * Created a new restore point
 
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\lb.DOREC000\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo
C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\crosof~1
C:\Program Files\crosof~1\m?config.exe
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Temporary
C:\WINDOWS\b128.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\27031_mssql.exe
C:\WINDOWS\system32\inetsrv\sdhost.exe
C:\WINDOWS\system32\pqybqgt.dll
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\explorer.exe
C:\WINDOWS\wnsxs~1\W?nSxS\
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Legacy_MICROSOFT_WINDOWS_TCP_PROTOCOL
-------\Service_Microsoft Windows TCP Protocol
 
 
(((((((((((((((((((((((((   Files Created from 2008-04-22 to 2008-05-22  )))))))))))))))))))))))))))))))
.
 
2008-05-19 21:32 . 2008-05-20 19:08 54 --a------ C:\WINDOWS\system32\x
2008-05-19 21:15 . 2008-05-19 21:16 65,536 --a------ C:\WINDOWS\system32\WinTrack.exe
2008-05-19 21:08 . 2008-05-19 21:07 396,508 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
2008-05-08 10:38 . 2008-05-19 21:31 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-05-04 21:33 . 2008-05-04 21:33 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-30 12:07 . 2008-04-30 12:07 507,904 -r-hsc--- C:\WINDOWS\system32\dllcache\ibmpsw.exe
2008-04-29 17:03 . 2008-04-30 16:53 <DIR> d-------- C:\Program Files\GlobalEnglish
2008-04-29 12:34 . 2008-05-22 21:13 13,392 --a------ C:\WINDOWS\system32\nefcua.gfr
2008-04-25 15:07 . 2008-04-25 15:07 <DIR> d-------- C:\WINDOWS\system32\shellexec
2008-04-25 15:07 . 2008-04-25 15:07 47 --a------ C:\WINDOWS\system32\wps.dlx
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 19:17 --------- d-----w C:\Program Files\Wanadoo
2008-04-21 18:19 539,136 ----a-w C:\WINDOWS\system32\remote.dll
2008-02-25 10:44 603,176 ----a-w C:\autoruns.exe
2008-02-25 10:44 513,064 ----a-w C:\autorunsc.exe
2006-11-19 16:20 21,104 ----a-w C:\Documents and Settings\lb.DOREC000\Application Data\GDIPFONTCACHEV1.DAT
2005-03-13 11:45 39,936 --sh--w C:\WINDOWS\system32\wps.dll
2005-01-22 18:43 58,816 --sha-w C:\WINDOWS\system32\wps.exe
2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\wps.sys
.
 
------- Sigcheck -------
 
2002-08-29 03:58  332928  244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 00:14  359040  6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
 
2004-08-04 01:56  1038848  0fdc6414bc4ffae1e4e6c0e5e099ced6 C:\WINDOWS\explorer.exe
2002-08-29 05:41  1010688  a0bec278727ee02c108b98083152f783 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 01:56  1038848  aac6ab5b4da8e89eccb1806e4d28babd C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
2002-08-29 05:41  19968  25fc10e547e3be0c36a738599c665239 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 01:56  22016  d11589d33eda6e5ed8ad57d272c98847 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 01:56  22016  76b83a79591e8a5646124daac5f02859 C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 22016]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
"Asba"="C:\WINDOWS\WNSXS~1\explorer.exe" [ ]
"Hsohaqi"="C:\Program Files\??crosoft\m?config.exe" [ ]
"Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\INOCULAN\realmon.exe" [2003-12-02 19:31 290816]
"PCTVOICE"="pctspk.exe" [2001-12-11 19:09 172032 C:\WINDOWS\system32\pctspk.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 36864 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2001-09-18 11:16 253952 C:\WINDOWS\system32\atiptaxx.exe]
"CCM User Profile Manager"="c:\_integra\upm\bin\CCM_User.exe" [2003-12-16 18:13 446464]
"WinVNC"="C:\Program Files\VNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 344064]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 26624 C:\WINDOWS\LOGI_MWX.EXE]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 28672]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 57344]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 286720]
"Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 22016]
"Server Daemon Host Manager"="C:\WINDOWS\system32\inetsrv\sdhost.exe" [ ]
"Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 61440]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 266240]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 24624]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 622723]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Service Manager.lnk - C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe [2002-12-17 17:23:32 82500]
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"Protected system files1"= avgupsvc.exe
"Protected system files2"= avgamsvr.exe
"Protected system files3"= avgcc.exe
"Protected system files4"= nod32kui.exe
"Protected system files5"= nod32krn.exe
"Protected system files6"= ccSetMgr.exe
"Protected system files7"= ccEvtMgr.exe
"Protected system files8"= DefWatch.exe
"Protected system files9"= SavRoam.exe
"Protected system files10"= Rtvscan.exe
"Protected system files11"= VPTray.exe
"Protected system files12"= ccApp.exe
"Protected system files13"= AluSchedulerSvc.exe
"Protected system files14"= nod32.exe
"Protected system files15"= nod32ra.exe
"Protected system files16"= UpdaterUI.exe
"Protected system files17"= tbmon.exe
"Protected system files18"= Mcshield.exe
"Protected system files19"= SHSTAT.exe
"Protected system files20"= ashMaiSv.exe
"Protected system files21"= ashServ.exe
"Protected system files22"= ashWebSv.exe
"Protected system files23"= aswUpdSv.exe
"Protected system files24"= AVGUARD.exe
"Protected system files25"= AVWUPSRV.exe
"Protected system files26"= avscan.exe
"Protected system files27"= guardgui.exe
"Protected system files28"= VxMon.exe
"Protected system files29"= AVGNT.exe
"Protected system files30"= avgemc.exe
"Protected system files31"= avp.exe
"Protected system files32"= avp.com
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"Protected system files1"= avgupsvc.exe
"Protected system files2"= avgamsvr.exe
"Protected system files3"= avgcc.exe
"Protected system files4"= nod32kui.exe
"Protected system files5"= nod32krn.exe
"Protected system files6"= ccSetMgr.exe
"Protected system files7"= ccEvtMgr.exe
"Protected system files8"= DefWatch.exe
"Protected system files9"= SavRoam.exe
"Protected system files10"= Rtvscan.exe
"Protected system files11"= VPTray.exe
"Protected system files12"= ccApp.exe
"Protected system files13"= AluSchedulerSvc.exe
"Protected system files14"= nod32.exe
"Protected system files15"= nod32ra.exe
"Protected system files16"= UpdaterUI.exe
"Protected system files17"= tbmon.exe
"Protected system files18"= Mcshield.exe
"Protected system files19"= SHSTAT.exe
"Protected system files20"= ashMaiSv.exe
"Protected system files21"= ashServ.exe
"Protected system files22"= ashWebSv.exe
"Protected system files23"= aswUpdSv.exe
"Protected system files24"= AVGUARD.exe
"Protected system files25"= AVWUPSRV.exe
"Protected system files26"= avscan.exe
"Protected system files27"= guardgui.exe
"Protected system files28"= VxMon.exe
"Protected system files29"= AVGNT.exe
"Protected system files30"= avgemc.exe
"Protected system files31"= avp.exe
"Protected system files32"= avp.com
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
 
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
R2 smefs;SMEFileSystem;C:\WINDOWS\system32\drivers\smefs.sys [2002-04-23 19:11]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
R3 smedrv;SMEDriver;C:\WINDOWS\system32\drivers\smedrv.sys [2001-11-10 00:00]
R3 usbmouseb;usbmouseb;C:\WINDOWS\SYSTEM32\drivers\wps.sys [2005-03-13 13:45]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
svchost.exe REG_MULTI_SZ    svchost.exe
yjnzii REG_MULTI_SZ    yjnzii
gwtnhu REG_MULTI_SZ    gwtnhu
MSDTCSERVEsss REG_MULTI_SZ    MSDTCSERVEsss
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
smss
 
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 21:15:34
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
 
C:\Documents and Settings\lb.DOREC000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:CA_INOCULATEIT 512 bytes hidden from API
 
scan completed successfully
hidden files: 1
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> c:\windows\system32\nefcua.dll
-> c:\windows\system32\bspkjj.dll
-> c:\windows\system32\jxatdy.dll
 
PROCESS: C:\WINDOWS\explorer.exe
-> c:\windows\system32\jxatdy.dll
-> c:\windows\system32\bspkjj.dll
-> c:\windows\system32\nefcua.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\dllcache\ibmpsw.exe
C:\INOCULAN\InoRpc.exe
C:\INOCULAN\InoRT.exe
C:\INOCULAN\InoTask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\microsoft sql server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\_INTEGRA\BIN\CCMAGENT.EXE
C:\_INTEGRA\BIN\SHSTART.EXE
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
.
**************************************************************************
.
Completion time: 2008-05-22 21:23:55 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-22 19:23:17
 
Pre-Run: 22,737,111,040 bytes free
Post-Run: 22,660,817,408 bytes free
 
270

Angeldark
Profil : Helper
Plus d'informations
n°311004
23-05-2008 à 11:02:01

Re,
 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
 

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
laurence17
Profil : IDNaute
Plus d'informations
n°311368
25-05-2008 à 13:27:30

Bonjour,
 
Je ne comprends pas ce que je dois télécharger; il s'affiche la page majorgeeks.com et je ne vois pas où se situe le fichier à télécharger... Sorry

Angeldark
Profil : Helper
Plus d'informations
n°311377
25-05-2008 à 13:41:19

Tu as regardé le tuto ? :)


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
laurence17
Profil : IDNaute
Plus d'informations
n°311443
25-05-2008 à 18:21:08

Rebonjour,
 
Voici le rapport:
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 785
 
Type de recherche: Examen complet (C:\|)
Eléments examinés: 79124
Temps écoulé: 43 minute(s), 11 second(s)
 
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 20
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 20
 
Processus mémoire infecté(s):
C:\WINDOWS\mrofinu1001186.exe (Trojan.Downloader) -> Unloaded process successfully.
 
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\syswebtelecom.syswebtelecom (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{639581d0-8376-4073-b73b-45993fa45156} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{66b0c472-a6b5-4e86-8330-f4875af90929} (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2} (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
 
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files2 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files5 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files6 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files7 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files8 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files9 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files10 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files11 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files12 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files13 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files14 (Security.Hijack) -> Quarantined and deleted successfully.
 
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: spc.dll -> Quarantined and deleted successfully.
 
Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
 
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pqybqgt.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09A74484-38C6-43AE-9469-37A8ED71C44F}\RP2\A0000011.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09A74484-38C6-43AE-9469-37A8ED71C44F}\RP2\A0000024.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\JavaCore.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Svconr\Svconr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YaRaby.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\mrofinu1001186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Angeldark
Profil : Helper
Plus d'informations
n°311453
25-05-2008 à 18:31:29

Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
laurence17
Profil : IDNaute
Plus d'informations
n°311468
25-05-2008 à 18:41:12

Le voilà:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47, on 2008-05-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllcache\ibmpsw.exe
C:\INOCULAN\InoRpc.exe
C:\INOCULAN\InoRT.exe
C:\INOCULAN\InoTask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SVCHOST.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\VNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchoST.exe
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WinTrack.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\LBA999~1.DOR\LOCALS~1\Temp\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\INOCULAN\realmon.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Windows Microsoft Services] WinTrack.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [Windows Microsoft Services] WinTrack.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] YaRaby.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Asba] "C:\WINDOWS\WNSXS~1\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [Hsohaqi] "C:\Program Files\??crosoft\m?config.exe"
O4 - HKCU\..\Run: [Windows Microsoft Services] WinTrack.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] YaRaby.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\Software\..\Telephony: DomainName = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{945E8E45-3AC6-40E8-865B-ED64CCCF4521}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: Domain = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: NameServer = 128.45.0.11,128.45.0.31
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: IBM Access Driver Control - Unknown owner - C:\WINDOWS\system32\dllcache\ibmpsw.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\INOCULAN\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\INOCULAN\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\INOCULAN\InoTask.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: CCM Windows Agent (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\VNC\WinVNC\WinVNC.exe
 
--
End of file - 8969 bytes

Angeldark
Profil : Helper
Plus d'informations
n°311476
25-05-2008 à 18:53:32