Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse rapport suite infection "Defense-Net-Surfage"?

francescaC
 Partager

Messages recommandés

francescaC Junior Member

francescaC

Posté(e)
Posté(e)

Bonjour,

 

Suite à une infection par le virus Defense-Net-Surfage", qqn pourrait m'aider à analyser le logfile suivant et me donner des instructions pour éradiquer le virus, si possible? Pour info, je suis assez à l'aise dans le domaine informatique. merci, FC

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:32:03, on 11/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\DATA\Soft\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=3071221

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\sstqo.dll,#1

O4 - HKLM\..\Run: [bMdd016084] Rundll32.exe "C:\Windows\system32\brcgkfhe.dll",s

O4 - HKLM\..\Run: [de325318] rundll32.exe "C:\Windows\system32\jdjfgjfy.dll",b

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\FRANCE~1\AppData\Local\Temp\cbxww.dll,#1

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\FRANCE~1\AppData\Local\Temp\txcglybx.dll",run

O4 - HKCU\..\Run: [bMdd016084] Rundll32.exe "C:\Users\FRANCE~1\AppData\Local\Temp\akdbwmyq.dll",s

O4 - HKCU\..\Run: [de325318] rundll32.exe "C:\Users\FRANCE~1\AppData\Local\Temp\egpadtme.dll",b

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0325101205216945) (0325101205216945mcinstcleanup) - Unknown owner - C:\Windows\TEMP\032510~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9592 bytes

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Vider la corbeille.

 

* Faire un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

 

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème :Cybersécurité

http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: Le scan est à faire avec Internet Explorer.

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

Fermer tous les programmes

 

Télécharger combofix.exe de sUBs

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel:http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 

*Double cliquer sur combofix.exe pour le lancer.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas, Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé, cela pourrait prendre un certain temps,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Modifié par pear
francescaC Junior Member

francescaC

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Merci de votre réponse.

J'ai bien réalisé ce que vous indiquez, mais il m'est impossible de sauvegarder le rapport. Un message me dit que la sécurité de mon oridnateur n'autorise pas l'enregistrement de ce fichier sauf dans le "Temporary Internet Files", or il ne s'y trouve pas.

 

Auriez vous une idée de ce qui peut me bloquer ?

 

 

Pour information mon OS est Windows Vista.

 

merci,

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

en cas d'échec, renommer Combo-fix

http://forum.pcastuces.com/sujet.asp?f=25&s=37315

l est nécessaire de renommer ComboFix.exe en Combo-Fix.exe avant le téléchargement pour traiter cette infection.I

Bagle cible tout fichier nommé ComboFix et lui saute dessus, ce qui vous donne un message d'erreur.

Le télécharger sur ce lien:

http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe

 

*Double cliquer sur combofix.exe pour le lancer.

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé, cela pourrait prendre un certain temps,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

 

 

 

 

Si la routine coïnce à la fenêtre Find3M >> lancer le Gestionnaire des tâches et stopper un des deux processus CF#####.exe (où ##### sont des chiffres aléatoires) et le rappport sera généré.

francescaC Junior Member

francescaC

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

OK, en fait j'avais pas encore scanné avec ComboFix, juste avec Kaspersky.

C'est le rapport Kaspersky qui était impossible à sauvegarder.

Voici le rapport Combo-Fix : (merci d'avance pour votre aide)

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\BMdd016084.xml

C:\Windows\pskt.ini

C:\Windows\system32\brcgkfhe.dll

C:\Windows\system32\cyiteqkx.dll

C:\Windows\system32\ddcyw.dll

C:\Windows\system32\jdjfgjfy.dll

C:\Windows\system32\mdtgjawg.dll

C:\Windows\system32\ndbgworn.dll

C:\Windows\System32\onmoq.ini

C:\Windows\System32\onmoq.ini2

C:\Windows\system32\qomno.dll

C:\Windows\system32\sdijwnlq.dll

C:\Windows\system32\sstqo.dll

C:\Windows\System32\stvut.ini

C:\Windows\System32\stvut.ini2

C:\Windows\system32\tuvts.dll

C:\Windows\System32\wycdd.ini

C:\Windows\System32\wycdd.ini2

C:\Windows\System32\yfjgfjdj.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))

.

 

2008-03-12 01:25 . 2008-03-12 01:25 <DIR> d-------- C:\Program Files\Debugging Tools for Windows

2008-03-12 00:39 . 2008-03-12 01:40 <DIR> d-------- C:\Users\All Users\Kaspersky Lab

2008-03-12 00:39 . 2008-03-12 01:40 <DIR> d-------- C:\ProgramData\Kaspersky Lab

2008-03-11 19:15 . 2008-03-11 19:15 <DIR> d-------- C:\Windows\System32\Kaspersky Lab

2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\kav

2008-03-10 17:06 . 2008-03-10 17:08 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-03-10 17:06 . 2008-03-10 17:08 <DIR> d-------- C:\ProgramData\Lavasoft

2008-03-10 17:06 . 2008-03-10 17:06 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-10 17:05 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-10 12:53 . 2008-03-10 13:30 1,318,147 ---hs---- C:\Windows\System32\xbalphdl.ini

2008-03-10 12:31 . 2008-03-10 12:42 1,317,855 ---hs---- C:\Windows\System32\umteyjnx.ini

2008-03-09 23:57 . 2008-03-10 12:38 <DIR> d-------- C:\Users\Francesca\AppData\Roaming\uTorrent

2008-03-09 23:57 . 2008-03-10 00:14 <DIR> d-------- C:\Program Files\uTorrent

2008-02-23 00:59 . 2008-02-23 00:59 <DIR> d-------- C:\Program Files\UUD32Win

2008-02-20 11:32 . 2008-03-04 14:14 69 --a------ C:\Windows\NeroDigital.ini

2008-02-20 01:06 . 2008-03-06 19:11 54,156 --ah----- C:\Windows\QTFont.qfn

2008-02-20 01:06 . 2008-02-20 01:06 1,409 --a------ C:\Windows\QTFont.for

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Users\All Users\Apple

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\ProgramData\Apple Computer

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\ProgramData\Apple

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Program Files\QuickTime

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Program Files\Apple Software Update

2008-02-19 22:43 . 2008-02-19 22:43 <DIR> d-------- C:\Users\Francesca\AppData\Roaming\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Users\All Users\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\ProgramData\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Program Files\Nero

2008-02-19 22:40 . 2008-02-19 22:42 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-02-19 20:48 . 2008-02-28 00:20 67 --a------ C:\Windows\DVDRegionFreeLite.INI

2008-02-19 17:16 . 2008-02-19 17:16 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-02-19 17:16 . 2008-02-19 17:16 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-02-19 17:05 . 2008-02-19 21:32 <DIR> d-------- C:\Program Files\Windows Live

2008-02-19 17:05 . 2008-02-19 17:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-19 17:04 . 2008-02-19 17:04 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-02-19 17:04 . 2008-02-19 17:04 <DIR> d-------- C:\ProgramData\WLInstaller

2008-02-19 08:36 . 2008-02-19 08:36 <DIR> d-------- C:\Windows\Sun

2008-02-18 22:18 . 2007-09-25 12:45 184,320 --a------ C:\Windows\System32\igfxres.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 08:48 --------- d-----w C:\Program Files\McAfee

2008-03-09 15:00 --------- d-----w C:\ProgramData\DVD Shrink

2008-03-09 13:29 --------- d-----w C:\Users\Francesca\AppData\Roaming\FileZilla

2008-02-26 18:34 --------- d-----w C:\ProgramData\Dell

2008-02-19 21:32 --------- d-----w C:\Program Files\Ahead

2008-02-03 13:41 --------- d-----w C:\Program Files\Picasa2

2008-01-29 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-29 13:50 --------- d-----w C:\Users\Francesca\AppData\Roaming\AgipaMaster

2008-01-29 13:50 --------- d-----w C:\Program Files\APLI-AGIPA

2008-01-22 17:02 --------- d-----w C:\Program Files\Common Files\xing shared

2008-01-22 17:01 --------- d-----w C:\Program Files\Real

2008-01-22 17:01 --------- d-----w C:\Program Files\Common Files\Real

2008-01-15 19:52 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-01-15 19:51 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-15 12:23 --------- d-----w C:\Users\Francesca\AppData\Roaming\CyberLink

2008-01-15 12:23 --------- d-----w C:\ProgramData\CyberLink

2008-01-14 00:03 --------- d-----w C:\Program Files\Microsoft Games

2008-01-13 23:58 --------- d-----w C:\Users\Francesca\AppData\Roaming\Goodsol

2008-01-13 23:57 --------- d-----w C:\Program Files\FreeCell Wizard

2008-01-13 21:41 --------- d-----w C:\Users\Francesca\AppData\Roaming\vlc

2008-01-12 18:04 --------- d-----w C:\Program Files\Micro Application

2008-01-12 07:51 --------- d-----w C:\Users\Francesca\AppData\Roaming\Teleca

2007-12-27 19:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-27 19:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-27 19:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-27 19:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-27 19:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-27 19:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-27 19:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-27 19:56 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-27 19:56 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-27 19:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2007-12-27 19:50 43,352 ----a-w C:\Windows\System32\wups2.dll

2007-12-27 19:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2007-12-27 19:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2007-12-27 19:49 80,896 ----a-w C:\Windows\System32\wudriver.dll

2007-12-27 19:49 549,720 ----a-w C:\Windows\System32\wuapi.dll

2007-12-27 19:49 33,624 ----a-w C:\Windows\System32\wups.dll

2007-12-27 19:48 31,232 ----a-w C:\Windows\System32\wuapp.exe

2007-12-27 19:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2007-12-21 09:34 229,888 ----a-w C:\Windows\System32\msshsq.dll

2007-12-21 09:33 87,040 ----a-w C:\Windows\System32\msoert2.dll

2007-12-21 09:33 750,080 ----a-w C:\Windows\System32\qmgr.dll

2007-12-21 09:33 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2007-12-21 09:33 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2007-12-21 09:33 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2007-12-21 09:31 974,336 ----a-w C:\Windows\System32\crypt32.dll

2007-12-21 09:31 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-12-21 09:31 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-12-21 09:31 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-12-21 09:31 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-12-21 09:31 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-12-21 09:31 633,856 ----a-w C:\Windows\System32\user32.dll

2007-12-21 09:31 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-12-21 09:31 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-12-21 09:31 2,026,496 ----a-w C:\Windows\System32\win32k.sys

2007-12-21 09:28 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-12-21 09:28 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-12-21 09:28 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2007-12-21 09:26 98,304 ----a-w C:\Windows\System32\mssitlb.dll

2007-12-21 09:25 22,016 ----a-w C:\Windows\System32\netiougc.exe

2007-12-21 09:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2007-12-21 09:25 160,872 ----a-w C:\Windows\System32\halmacpi.dll

2007-12-21 09:25 134,760 ----a-w C:\Windows\System32\halacpi.dll

2007-12-21 09:25 134,144 ----a-w C:\Windows\System32\rdpdd.dll

2007-12-21 01:39 174 --sha-w C:\Program Files\desktop.ini

2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2005-08-04 20:40 19,684,864 ----a-w C:\Windows\Media\Themes\Aura\Aura_2_3_1_51.exe

2002-11-14 16:31 36,864 ----a-w C:\Windows\Media\Themes\Babbling Brook v1-5 dir\saver1.dll

2002-11-14 16:31 18,192 ----a-w C:\Windows\Media\Themes\Babbling Brook v1-5 dir\saver2.dll

1999-06-28 18:42 196,334 ----a-w C:\Windows\Media\Themes\MC Escher\MC Escher Logos\MC Escher Logo Setup.exe

1999-06-28 18:37 1,742,795 ----a-w C:\Windows\Media\Themes\MC Escher\MC Escher Screen Saver\MC Escher Screen Saver Setup.exe

.

<pre>
----a-r		   409,600 2002-02-02 18:22:00  C:\DATA\Parametres_Perso\GAMES\pompier .exe
</pre>

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B3588E8-F285-49B2-8CE2-A073EABCB106}]

C:\Windows\system32\tuvts.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84bac754-c446-4b6d-95ec-913b394e9a3d}]

C:\Windows\system32\ndbgworn.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B2B56B-F890-42E0-AD44-1616650DD13D}]

C:\Windows\system32\ddcyw.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

"de325318"="C:\Windows\system32\jdjfgjfy.dll" [ ]

"BMdd016084"="C:\Windows\system32\brcgkfhe.dll" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-21 10:27 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-14 10:03 4452352 C:\Windows\RtHDVCpl.exe]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-25 12:46 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-25 12:45 154136]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-25 12:45 129560]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"@"="" []

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-21 02:54 1838592]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 18:01 185896]

"MSServer"="C:\Windows\system32\sstqo.dll" [ ]

"BMdd016084"="C:\Windows\system32\brcgkfhe.dll" [ ]

"de325318"="C:\Windows\system32\jdjfgjfy.dll" [ ]

"combofix"="C:\Windows\system32\CF507.exe" [2006-11-02 10:44 320000]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\DATA\Soft\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 14:18 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

"LoadAppInit_DLLs"=1 (0x1)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore 2.0]

--a------ 2007-02-13 19:57 2020968 C:\Program Files\Norton Save and Restore\Agent\VProTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

--------- 2006-10-20 18:23 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-27 02:04 32768 C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]

C:\Users\FRANCE~1\AppData\Local\Temp\NERO13969\Setupx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-01-22 18:01 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CEB8F087-BCD1-4C9D-99D6-95D890B2530B}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent

"{CE952F5E-11AF-4A69-9F07-4F0D25DB78B0}"= TCP:2799:Altova License Metering Port (UDP)

"{46D582E4-CD89-431D-99BB-41B441778370}"= UDP:2799:Altova License Metering Port (TCP)

"{C4DFD80F-9175-4A97-9000-E5904C8A4C33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"{827537F2-DF2B-4797-8D90-B36A90CC2654}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3EE09781-0978-445B-B191-9C84B22891F6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 19:57]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-25 12:45]

S2 0142961205311711mcinstcleanup;McAfee Application Installer Cleanup (0142961205311711);C:\Windows\TEMP\014296~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-12 19:31:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-15 00:00:00 C:\Windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-02-29 23:59:59 C:\Windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-12 21:15:27

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Windows\system32\WUDFHost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\conime.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

.

**************************************************************************

.

Completion time: 2008-03-12 21:16:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-12 20:16:20

.

2007-12-27 19:58:16 --- E O F ---

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

File::

C:\Windows\System32\xbalphdl.ini

C:\Windows\System32\umteyjnx.ini

C:\Windows\QTFont.qfn

C:\Windows\QTFont.for

 

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B3588E8-F285-49B2-8CE2-A073EABCB106}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B2B56B-F890-42E0-AD44-1616650DD13D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84bac754-c446-4b6d-95ec-913b394e9a3d}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B2B56B-F890-42E0-AD44-1616650DD13D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSServer"=-

"BMdd016084"=-

"de325318"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdd016084]

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

wv0zyqhphc.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Postez un nouvel Hijackthis avec vos commentaires sur le pc svp.

francescaC Junior Member

francescaC

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Merci pour votre aide.

OK, voici le rapport ComboFix.

Je vous envoie le rapport HijackThis par la suite.

-FC

 

ComboFix 08-03-10.1 - Francesca 2008-03-13 14:38:06.3 - NTFSx86

Microsoft® Windows Vista Business 6.0.6000.0.1252.1.1033.18.2454 [GMT 1:00]

Running from: C:\Users\Francesca\Desktop\ComboFix.exe

Command switches used :: C:\Users\Francesca\Desktop\CFScript.txt

* Created a new restore point

 

FILE ::

C:\Windows\QTFont.for

C:\Windows\QTFont.qfn

C:\Windows\System32\umteyjnx.ini

C:\Windows\System32\xbalphdl.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\QTFont.for

C:\Windows\QTFont.qfn

C:\Windows\System32\umteyjnx.ini

C:\Windows\System32\xbalphdl.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))

.

 

2008-03-12 01:25 . 2008-03-12 01:25 <DIR> d-------- C:\Program Files\Debugging Tools for Windows

2008-03-12 00:39 . 2008-03-12 01:40 <DIR> d-------- C:\Users\All Users\Kaspersky Lab

2008-03-12 00:39 . 2008-03-12 01:40 <DIR> d-------- C:\ProgramData\Kaspersky Lab

2008-03-11 19:15 . 2008-03-11 19:15 <DIR> d-------- C:\Windows\System32\Kaspersky Lab

2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\kav

2008-03-10 17:06 . 2008-03-10 17:08 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-03-10 17:06 . 2008-03-10 17:08 <DIR> d-------- C:\ProgramData\Lavasoft

2008-03-10 17:06 . 2008-03-10 17:06 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-10 17:05 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-09 23:57 . 2008-03-10 12:38 <DIR> d-------- C:\Users\Francesca\AppData\Roaming\uTorrent

2008-03-09 23:57 . 2008-03-10 00:14 <DIR> d-------- C:\Program Files\uTorrent

2008-02-23 00:59 . 2008-02-23 00:59 <DIR> d-------- C:\Program Files\UUD32Win

2008-02-20 11:32 . 2008-03-04 14:14 69 --a------ C:\Windows\NeroDigital.ini

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Users\All Users\Apple

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\ProgramData\Apple Computer

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\ProgramData\Apple

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Program Files\QuickTime

2008-02-20 01:05 . 2008-02-20 01:05 <DIR> d-------- C:\Program Files\Apple Software Update

2008-02-19 22:43 . 2008-02-19 22:43 <DIR> d-------- C:\Users\Francesca\AppData\Roaming\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Users\All Users\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\ProgramData\Nero

2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Program Files\Nero

2008-02-19 22:40 . 2008-02-19 22:42 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-02-19 20:48 . 2008-02-28 00:20 67 --a------ C:\Windows\DVDRegionFreeLite.INI

2008-02-19 17:16 . 2008-02-19 17:16 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-02-19 17:16 . 2008-02-19 17:16 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-02-19 17:05 . 2008-02-19 21:32 <DIR> d-------- C:\Program Files\Windows Live

2008-02-19 17:05 . 2008-02-19 17:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-19 17:04 . 2008-02-19 17:04 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-02-19 17:04 . 2008-02-19 17:04 <DIR> d-------- C:\ProgramData\WLInstaller

2008-02-19 08:36 . 2008-02-19 08:36 <DIR> d-------- C:\Windows\Sun

2008-02-18 22:18 . 2007-09-25 12:45 184,320 --a------ C:\Windows\System32\igfxres.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 08:48 --------- d-----w C:\Program Files\McAfee

2008-03-09 15:00 --------- d-----w C:\ProgramData\DVD Shrink

2008-03-09 13:29 --------- d-----w C:\Users\Francesca\AppData\Roaming\FileZilla

2008-02-26 18:34 --------- d-----w C:\ProgramData\Dell

2008-02-19 21:32 --------- d-----w C:\Program Files\Ahead

2008-02-03 13:41 --------- d-----w C:\Program Files\Picasa2

2008-01-29 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-29 13:50 --------- d-----w C:\Users\Francesca\AppData\Roaming\AgipaMaster

2008-01-29 13:50 --------- d-----w C:\Program Files\APLI-AGIPA

2008-01-22 17:02 --------- d-----w C:\Program Files\Common Files\xing shared

2008-01-22 17:01 --------- d-----w C:\Program Files\Real

2008-01-22 17:01 --------- d-----w C:\Program Files\Common Files\Real

2008-01-15 19:52 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-01-15 19:51 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-15 12:23 --------- d-----w C:\Users\Francesca\AppData\Roaming\CyberLink

2008-01-15 12:23 --------- d-----w C:\ProgramData\CyberLink

2008-01-14 00:03 --------- d-----w C:\Program Files\Microsoft Games

2008-01-13 23:58 --------- d-----w C:\Users\Francesca\AppData\Roaming\Goodsol

2008-01-13 23:57 --------- d-----w C:\Program Files\FreeCell Wizard

2008-01-13 21:41 --------- d-----w C:\Users\Francesca\AppData\Roaming\vlc

2007-12-27 19:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-27 19:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-27 19:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-27 19:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-27 19:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-27 19:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-27 19:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-27 19:56 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-27 19:56 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-27 19:50 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2007-12-27 19:50 43,352 ----a-w C:\Windows\System32\wups2.dll

2007-12-27 19:50 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2007-12-27 19:50 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2007-12-27 19:49 80,896 ----a-w C:\Windows\System32\wudriver.dll

2007-12-27 19:49 549,720 ----a-w C:\Windows\System32\wuapi.dll

2007-12-27 19:49 33,624 ----a-w C:\Windows\System32\wups.dll

2007-12-27 19:48 31,232 ----a-w C:\Windows\System32\wuapp.exe

2007-12-27 19:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2007-12-21 09:34 229,888 ----a-w C:\Windows\System32\msshsq.dll

2007-12-21 09:33 87,040 ----a-w C:\Windows\System32\msoert2.dll

2007-12-21 09:33 750,080 ----a-w C:\Windows\System32\qmgr.dll

2007-12-21 09:33 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2007-12-21 09:33 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2007-12-21 09:33 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2007-12-21 09:31 974,336 ----a-w C:\Windows\System32\crypt32.dll

2007-12-21 09:31 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-12-21 09:31 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-12-21 09:31 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-12-21 09:31 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-12-21 09:31 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-12-21 09:31 633,856 ----a-w C:\Windows\System32\user32.dll

2007-12-21 09:31 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-12-21 09:31 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-12-21 09:31 2,026,496 ----a-w C:\Windows\System32\win32k.sys

2007-12-21 09:28 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-12-21 09:28 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-12-21 09:28 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2007-12-21 09:26 98,304 ----a-w C:\Windows\System32\mssitlb.dll

2007-12-21 09:25 22,016 ----a-w C:\Windows\System32\netiougc.exe

2007-12-21 09:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2007-12-21 09:25 160,872 ----a-w C:\Windows\System32\halmacpi.dll

2007-12-21 09:25 134,760 ----a-w C:\Windows\System32\halacpi.dll

2007-12-21 09:25 134,144 ----a-w C:\Windows\System32\rdpdd.dll

2007-12-21 01:39 174 --sha-w C:\Program Files\desktop.ini

2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2005-08-04 20:40 19,684,864 ----a-w C:\Windows\Media\Themes\Aura\Aura_2_3_1_51.exe

2002-11-14 16:31 36,864 ----a-w C:\Windows\Media\Themes\Babbling Brook v1-5 dir\saver1.dll

2002-11-14 16:31 18,192 ----a-w C:\Windows\Media\Themes\Babbling Brook v1-5 dir\saver2.dll

1999-06-28 18:42 196,334 ----a-w C:\Windows\Media\Themes\MC Escher\MC Escher Logos\MC Escher Logo Setup.exe

1999-06-28 18:37 1,742,795 ----a-w C:\Windows\Media\Themes\MC Escher\MC Escher Screen Saver\MC Escher Screen Saver Setup.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-12_21.15.59.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-12 18:53:02 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-03-13 06:29:50 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-03-12 18:58:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-03-13 10:57:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-03-12 18:58:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-13 10:57:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-12 18:58:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-03-13 10:57:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-21 10:27 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-14 10:03 4452352 C:\Windows\RtHDVCpl.exe]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-25 12:46 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-25 12:45 154136]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-25 12:45 129560]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-21 02:54 1838592]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 18:01 185896]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\DATA\Soft\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 14:18 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore 2.0]

--a------ 2007-02-13 19:57 2020968 C:\Program Files\Norton Save and Restore\Agent\VProTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

--------- 2006-10-20 18:23 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-27 02:04 32768 C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]

C:\Users\FRANCE~1\AppData\Local\Temp\NERO13969\Setupx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-01-22 18:01 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CEB8F087-BCD1-4C9D-99D6-95D890B2530B}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent

"{CE952F5E-11AF-4A69-9F07-4F0D25DB78B0}"= TCP:2799:Altova License Metering Port (UDP)

"{46D582E4-CD89-431D-99BB-41B441778370}"= UDP:2799:Altova License Metering Port (TCP)

"{C4DFD80F-9175-4A97-9000-E5904C8A4C33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"{827537F2-DF2B-4797-8D90-B36A90CC2654}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3EE09781-0978-445B-B191-9C84B22891F6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 19:57]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-25 12:45]

S2 0142961205311711mcinstcleanup;McAfee Application Installer Cleanup (0142961205311711);C:\Windows\TEMP\014296~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-13 13:31:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-15 00:00:00 C:\Windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-02-29 23:59:59 C:\Windows\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-13 14:39:12

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-13 14:39:49

ComboFix-quarantined-files.txt 2008-03-13 13:39:47

ComboFix2.txt 2008-03-13 12:57:27

ComboFix3.txt 2008-03-12 20:16:24

.

2007-12-27 19:58:16 --- E O F ---

francescaC Junior Member

francescaC

Posté(e)
  • Auteur
Posté(e)

Re-bonjour,

 

Voici le nouveau log HijackThis:

 

Logfile of HijackThis v1.99.0

Scan saved at 15:05:03, on 13/03/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

 

Running processes:

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\McAfee\MSC\mcuimgr.exe

C:\DATA\Soft\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=3071221

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0142961205311711) - Unknown - C:\Windows\TEMP\014296~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Services - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 - Unknown - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 - Unknown - %windir%\system32\svchost.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

En mode sans échec:

Copiez /collez les lignes suivantes dans le bloc notes, sans ligne blanche au début,

enregistrez, sur le bureau, sous regit.reg et fusionnez(clic droit sur fichier)

Acceptez la modification du régistre.

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000000

 

LSPfix permet de retrouver la connexion internet si elle est perdue.

HijackThis donne, dans son rapport (log), la liste des hijacker de Winsock infestant actuellement votre ordinateur. Ce sont les lignes commençant par O10. Si vous voyez dans le log de HijackThis une ligne comme

O10 - Unknown file in Winsock LSP: c:\winnt\system32\machinchose.dll

faites ce qui suit :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sous Vista,

# Cliquez sur "Démarrer" puis "Panneau de configuration" et enfin "Comptes d'utilisateurs.

# Cliquez sur Activer ou désactiver le contrôle des comptes d'utilisateurs.

# Décochez l'option Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur et à l'invitation de Vista redémarrez votre ordinateur.

Vous ferez l'opération inverse par la suite.

 

 

LSP-Fix

 

1. Téléchargez LSPfix depuis http://www.cexx.org/lspfix.htm

 

2. Lancez l'application (Exécutez la) et agrandissez la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.

3. Déconnectez-vous d'Internet et fermez toutes les instances (fenêtres) Internet Explorer.

4. Cochez la case "I know what I'm doing" ("Je sais ce que je fais").

5. Sélectionnez toutes les instances de machinchose.dll et rien d'autre et faites les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove").

machinchose=c:\windows\system32\nlaapi.dll

c:\windows\system32\napinsp.dll

6. Cliquez sur le bouton "Finish".

7. Maintenant, redémarrez votre ordinateur en mode sans echec

8. Rechercher et détruire le fichier machinchose.dll lui-même.

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple Karcher

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

 

Java n'est pas à jour,donc moins sécurisé.

 

Rendez vous là:

http://www.download.com/Java-Runtime-Envir...4-10009607.html

 

Java Runtime Environment (JRE) 6 Update 5

Download Now

 

S'ouvre une bouvelle page.

 

Vous descendrez là:

 

Java Runtime Environment (JRE) 6 Update 5

Clic sur Download

 

Nouvelle page.

 

Sélectionnez votre platform->Windows

Cochez "I agree to the java..."

clic sur continue

 

Nouvelle page

 

Cochez:

Windows Online Installation

Cochez la flèche orange

" Cochez ici"jre-6u5-windows-i586-p-iftw.exe

 

Cela fait, supprimez les installations java antérieures par "Ajout/Suppression de Programmes"

Modifié par pear
francescaC Junior Member

francescaC

Posté(e)
  • Auteur
Posté(e)

Rebonjour,

 

OK, j'ai modifié le registre et j'ai téléchargé/lancé LSPfix.

J'ai réussi à déplacer les 2 dll en "remove".

En revanche, impossible de supprimer les fichiers mêmes par la suite (ni en mode Safe ni en mode Normal).

Les fichiers y sont toujours, même si HijackThis ne les évoque pas dans le dernier log qui suit:

Encore un grand merci pour votre aide.

-Francesca

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:15, on 13/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\lucho\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0142961205311711) (0142961205311711mcinstcleanup) - Unknown owner - C:\Windows\TEMP\014296~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9765 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...