Sujet Précédent Sujet Suivant

Ecran.exe(taskmgr.exe) virus

Résolu/Fermé
wakoto Messages postés 15 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 28 août 2008 - 21 août 2008 à 15:47
 Utilisateur anonyme - 21 août 2008 à 18:21
Bonjour,



Apres analyse avec ComboFix voici le rapport:

ComboFix 08-08-19.06 - ARISTIDE 2008-08-21 10:19:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.370 [GMT 0:00]
Endroit: C:\Documents and Settings\ARISTIDE\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

2008-08-19 13:53 . 2008-08-19 13:53 <REP> d-------- C:\Program Files\Trend Micro
2008-08-19 13:26 . 2008-08-19 13:26 578,048 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-19 13:23 . 2008-08-19 13:23 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-19 13:16 . 2008-08-19 13:36 <REP> d-------- C:\SDFix
2008-08-19 13:02 . 2008-08-19 13:02 <REP> d-------- C:\Documents and Settings\ARISTIDE\Application Data\Malwarebytes
2008-08-19 13:02 . 2008-08-19 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 09:28 . 2008-08-18 09:28 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-14 09:45 . 2008-08-21 09:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-14 08:32 . 2008-08-14 09:24 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-14 08:32 . 2008-08-14 09:24 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-14 08:31 . 2008-08-21 09:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-14 08:31 . 2008-08-21 10:24 4,980,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 08:31 . 2008-08-21 10:23 68,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 08:31 . 2008-08-21 10:26 32,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-14 08:31 . 2008-08-21 10:23 5,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-14 08:11 . 2008-08-14 08:25 <REP> d-------- C:\Program Files\UltraVNC
2008-08-14 08:11 . 2005-06-10 22:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
2008-08-14 08:11 . 2004-06-26 13:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2008-08-14 08:11 . 2004-06-26 13:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
2008-08-14 08:11 . 2004-06-26 13:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
2008-08-14 08:11 . 2008-08-14 08:11 28 --a------ C:\WINDOWS\system32\'
2008-08-11 16:05 . 2008-08-11 16:05 23 --a------ C:\WINDOWS\pendu.ini
2008-08-11 12:42 . 2008-08-11 12:42 <REP> d-------- C:\Program Files\TomCat Soft
2008-08-11 09:02 . 2008-08-11 09:02 <REP> d-------- C:\WINDOWS\system32\THe Girls
2008-08-11 09:02 . 2008-06-17 09:09 679,936 ---hs---- C:\WINDOWS\system32\Ecran.exe
2008-08-11 09:02 . 2008-06-07 10:40 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-08-11 09:02 . 2008-04-10 16:08 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-08-11 09:02 . 2008-08-11 09:02 4,157 ---hs---- C:\WINDOWS\system32\Win32.vbs
2008-08-08 10:17 . 2008-08-14 07:59 <REP> d-------- C:\Program Files\Skype
2008-08-05 16:32 . 2008-08-06 16:04 <REP> d-------- C:\Program Files\EDraw Max
2008-08-05 15:40 . 2008-08-14 11:57 <REP> d-------- C:\Program Files\CamStudio
2008-08-05 15:37 . 2008-08-05 15:37 <REP> d-------- C:\Program Files\Illustrate
2008-08-05 15:37 . 2008-08-05 15:37 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-05 15:37 . 2008-08-05 15:37 35,132 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-08-05 15:37 . 2008-08-05 15:36 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-08-05 15:33 . 2008-08-05 15:33 <REP> d-------- C:\Program Files\ASCII
2008-08-05 15:33 . 2000-07-08 17:06 87,040 --a------ C:\WINDOWS\UnGins.exe
2008-07-24 17:00 . 2008-07-28 17:24 <REP> d-------- C:\Program Files\speed-bit
2008-07-24 16:52 . 2008-07-28 08:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 13:12 . 2008-07-21 13:41 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 08:01 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-08-14 09:45 --------- d-----w C:\Program Files\Google
2008-08-14 09:24 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-14 08:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-14 08:01 --------- d-----w C:\Program Files\Bonjour
2008-08-14 08:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-14 07:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-23 10:31 --------- d-----w C:\Documents and Settings\ARISTIDE\Application Data\U3
2008-07-21 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-02 09:06 784 ----a-w C:\Documents and Settings\ARISTIDE\Application Data\mpauth.dat
2008-01-09 16:13 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 09:07 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-14 09:45 39408]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-27 07:51 3810544]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 16:45 1052672]
"Avg_AntiHost"="C:\WINDOWS\system32\THe Girls\Ecran.exe" [2008-06-17 09:09 679936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 01:11 925696]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 04:11 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 04:13 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 04:10 94208]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 06:23 487424]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 16:10 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 04:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-04-18 17:05 69632]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 03:01 503808]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 15:24 196696]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-08 05:10 169472]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 18:08 335872]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 15:38 41472]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 19:15 2333440]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2002-04-26 17:53 12288]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"FIXEDFON.FON"="C:\WINDOWS\system32\Win32.vbs" [2008-08-11 09:02 4157]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-18 17:05 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9974:TCP"= 9974:TCP:BitComet 9974 TCP
"9974:UDP"= 9974:UDP:BitComet 9974 UDP

R2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 15:05]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-05-12 17:10]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 17:49]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ad816a-561c-11dc-8e07-001558d515ed}]
\Shell\AutoRun\command - E:\80avp08.com
\Shell\explore\Command - E:\80avp08.com
\Shell\open\Command - E:\80avp08.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75931cee-7caf-11dc-b696-001558d515ed}]
\Shell\AutoRun\command - wscript "The_Cars.vbs"
\Shell\explore\Command - wscript "The_Cars.vbs"
\Shell\open\Command - wscript "The_Cars.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eddfda0c-ca61-11dc-8d2a-001558d515ed}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-04-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-19 C:\WINDOWS\Tasks\Invite de commandes.job
- C:\WINDOWS\system32\cmd.exe [2004-08-05 13:00]

2008-08-01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:18]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ARISTIDE\Application Data\Mozilla\Firefox\Profiles\ghyuekzw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1133554&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.abidjan.net/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 10:25:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ARISTIDE\LOCALS~1\Temp\mc28.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 10:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 10:30:16

Pre-Run: 10,840,432,640 octets libres
Post-Run: 10,982,563,840 octets libres

207 --- E O F --- 2008-05-16 08:07:24

En même temps voici aussi le rapport avec HJTInstall:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:32, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\THe Girls\Ecran.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.8.190:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbuA\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FIXEDFON.FON] "C:\WINDOWS\system32\Win32.vbs"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Avg_AntiHost] "C:\WINDOWS\system32\THe Girls\Ecran.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F6CE1-CC99-4017-BBFE-9F6062C601B4}: NameServer = 10.6.8.1,10.6.11.3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
End of file - 12539 bytes


Cependant l'image pornographique est toujours present sur le bureau de mon pc.Kaspersky est mon anti virus.

Merci pour me trouver une solution

Configuration: Windows XP
Firefox 2.0.0.16

3 réponses

Réponse 1 / 3
wakoto Messages postés 15 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 28 août 2008
21 août 2008 à 18:18
Bonjour,

Je vous adresse un grand merci à tous qui m'aviez aidé à trouver une solution.
J'ai pu trouvé la solution en installant Trojan Remover.Merci yann000.
0
Réponse 2 / 3
Utilisateur anonyme
21 août 2008 à 18:21
de rien bonne continuation
0
Réponse 3 / 3
Utilisateur anonyme
21 août 2008 à 15:49
esaye ca https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/12884.html
et ca https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
-1

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses