Sujet Précédent Sujet Suivant

Virus alert

Fermé
franette - 16 juin 2008 à 11:38
 franette - 16 juin 2008 à 14:38
Bonjour,
j'ai eu un probléme avec virus alert j'ai effectué un "nettoyage "mais je suis pas sure que ça soit complétement réglé !!je vous envoie le rapport hijackthis et combofix !!si vous pouviez m'aider en verifiant si c'est bon ou pas !!merci d'avance Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
ComboFix 08-06-10.5 - JeanPierre 2008-06-16 11:14:34.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.722 [GMT 2:00]
Endroit: C:\Documents and Settings\JeanPierre\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-12 19:50 . 2008-06-12 19:50 <REP> d--h----- C:\WINDOWS\PIF
2008-06-11 15:26 . 2008-06-11 15:26 <REP> d-------- C:\Program Files\AIDA32 - Enterprise System Information
2008-06-11 13:02 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 21:11 . 2008-06-09 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-09 20:29 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-09 19:39 . 2008-06-09 19:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-06-09 16:43 . 2008-06-09 21:10 <REP> d-------- C:\Program Files\Yahoo!
2008-06-09 15:36 . 2008-06-09 20:21 35,897 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-06-09 13:17 . 2008-06-09 13:30 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-09 12:54 . 2008-06-09 21:10 <REP> d-------- C:\Documents and Settings\JeanPierre\Application Data\AVGTOOLBAR
2008-06-09 12:52 . 2008-06-10 19:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-06 08:43 . 2008-06-09 21:19 <REP> d-------- C:\Documents and Settings\JeanPierre\Application Data\LimeWire
2008-06-01 11:42 . 2004-08-20 00:00 32,128 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-06-01 11:42 . 2004-08-20 00:00 32,128 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-06-01 10:56 . 2008-06-02 19:41 <REP> d-------- C:\Program Files\Mio Technology
2008-05-31 17:11 . 2008-05-31 17:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-31 16:09 . 2008-05-31 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-05-31 15:12 . 2008-05-31 15:12 <REP> d-------- C:\Documents and Settings\JeanPierre\Application Data\PlayFirst
2008-05-31 15:12 . 2008-05-31 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-27 19:59 . 2008-05-27 19:59 <REP> d-------- C:\Program Files\Pcsx2_0.9.4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 08:20 --------- d-----w C:\Program Files\WinClamAVShield
2008-06-16 06:57 --------- d-----w C:\Program Files\eMule
2008-06-16 06:37 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-16 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-16 06:35 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\Spyware Terminator
2008-06-11 10:55 --------- d-----w C:\Program Files\CleanUp!
2008-06-04 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 11:08 --------- d-----w C:\Program Files\Gamenext
2008-05-31 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 08:44 --------- d-----w C:\Program Files\FuH
2008-05-11 08:39 2,996 ----a-w C:\WINDOWS\system32\drivers\hwinterface.sys
2008-05-11 06:29 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\Microchip
2008-05-10 07:46 --------- d-----w C:\Program Files\ELECTROME LOGICIEL
2008-05-10 07:09 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\AdobeUM
2008-05-10 06:47 --------- d-----w C:\Program Files\HI-TECH Software
2008-05-10 06:46 --------- d-----w C:\Program Files\Microchip
2008-05-10 06:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-05-10 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-10 06:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-09 07:05 --------- d-----w C:\Program Files\Conjugaison
2008-05-08 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-08 14:31 --------- d-----w C:\Program Files\Bonjour
2008-05-08 13:47 --------- d-----w C:\Program Files\Google
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 09:02 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\TaoUSign
2008-04-24 18:50 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-04-23 13:15 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\Apple Computer
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 18:29 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-04-22 09:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-21 19:26 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\SolidWorks 2008
2008-04-21 19:24 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\SolidWorks
2008-04-21 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-04-21 18:56 --------- d-----w C:\Program Files\MSBuild
2008-04-21 18:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-21 18:52 --------- d-----w C:\Program Files\MSECache
2008-04-21 18:46 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\EDrawings
2008-04-21 18:46 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\DassaultSystemes
2008-04-21 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-20 17:19 --------- d-----w C:\Program Files\Windows Live
2008-04-20 16:20 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-20 16:17 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\Windows Live Writer
2008-04-20 16:13 --------- d-----w C:\Documents and Settings\JeanPierre\Application Data\MSN6
2008-04-19 06:57 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-02 10:15 47,360 ----a-w C:\Documents and Settings\JeanPierre\Application Data\pcouffin.sys
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-08 16:13 1817600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-10 08:10:37 25214]
MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2008-06-01 11:42:43 647168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccyvu]
efccyvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qvemzykp]
qvemzykp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 18:31]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-05-11 10:39]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-19 08:57]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 03:52]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 11:38]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 11:19:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-16 11:22:55
ComboFix-quarantined-files.txt 2008-06-16 09:22:01
ComboFix2.txt 2008-06-11 18:42:26
ComboFix3.txt 2008-02-25 12:54:23
ComboFix4.txt 2008-02-16 09:22:58

Pre-Run: 106,748,641,280 octets libres
Post-Run: 106,785,218,560 octets libres

139 --- E O F --- 2008-06-15 18:43:48

3 réponses

Réponse 1 / 3
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
16 juin 2008 à 11:43
Salut !!

ton rapport hijackthis n est pas complet...recommence
0
Réponse 2 / 3
franette
16 juin 2008 à 13:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\JEANPI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\JEANPI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {12225D11-7B35-4E55-88FD-037295341B19} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JeanPierre\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: efccyvu - efccyvu.dll (file missing)
O20 - Winlogon Notify: qvemzykp - qvemzykp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 3 / 3
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
16 juin 2008 à 13:24
tu peux relancer hijackthis en cliquant sur scan only et cocher ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O3 - Toolbar: (no name) - {12225D11-7B35-4E55-88FD-037295341B19} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

ensuite cliquer fix checked.

Et vas aussi faire des analyses en ligne à cette adresse :

http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

les deux premiers savent désinfecter
0
franette
16 juin 2008 à 14:38
merci beaucoup de ta rapidité !! je lance bit defender et je croise les doigts !!
salut
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
ALERT en php
snoopy -
appkech -

14 réponses
HP Battery ALERT
Gershia -
Gershia -

2 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses