Sujet Précédent Sujet Suivant

Dos optimizer

Résolu/Fermé
Profil bloqué - 3 sept. 2009 à 18:34
 Profil bloqué - 8 sept. 2009 à 01:22
Bonjour,
Il y a le virus dos optimizer sur mon pc, que faire ?
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
Utilisateur anonyme
5 sept. 2009 à 05:47
l infection se relance car un fichier ne veut pas partir

on va devoir recommencer la manipe précédente mas avec ce fichier :

http://sd-1.archive-host.com/membres/up/127028005715545653/CFScript.zip
0
Réponse 22 / 28
Profil bloqué
5 sept. 2009 à 07:37
ComboFix 09-09-04.01 - ESS 05/09/2009 6:21.3.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.560 [GMT 2:00]
Running from: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\ComboFix.exe
Command switches used :: c:\documents and settings\ESS\Bureau\disque\logicielle\désinfection -virus provenant de flach disque-\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\ESS\Application Data\smss.exe"
"c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"
"c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\DosÿOptimizer.pif"
"c:\windows\Inf\smss.exe"
"c:\windows\system32\Sexy Girls.scr"
.

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 03:02 . 2009-09-05 03:02 -------- d-----w- c:\program files\AskBardis
2009-09-02 04:21 . 2009-09-02 04:21 -------- d-sh--w- c:\documents and settings\ESS\IECompatCache
2009-09-02 04:17 . 2009-09-02 04:17 -------- d-sh--w- c:\documents and settings\ESS\PrivacIE
2009-09-02 04:16 . 2009-09-02 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 04:13 . 2009-09-02 04:13 -------- d-sh--w- c:\documents and settings\ESS\IETldCache
2009-09-02 04:08 . 2009-09-02 22:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 04:00 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-02 03:59 . 2007-08-13 17:45 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-08-31 16:41 . 2009-08-31 16:41 -------- d-----w- c:\documents and settings\ESS\Application Data\Todae
2009-08-31 13:58 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-31 13:56 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 13:56 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-26 17:28 . 2009-09-02 04:01 -------- d-----w- c:\documents and settings\All Users\Bureau
2009-08-24 02:28 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Visicron
2009-08-24 01:27 . 2009-08-24 01:28 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\TVU Networks
2009-08-24 00:53 . 2009-08-24 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-24 00:52 . 2009-08-24 00:52 -------- d-----w- c:\documents and settings\ESS\LocalLow
2009-08-24 00:52 . 2009-08-25 16:09 -------- d-----w- c:\program files\SopCast
2009-08-24 00:07 . 2009-08-24 00:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\toolbartv
2009-08-24 00:07 . 2009-08-24 00:34 -------- d-----w- c:\program files\toolbartv
2009-08-22 22:57 . 2009-08-22 22:57 -------- d-----w- C:\Hotspot Shield
2009-08-22 05:23 . 2009-08-22 05:23 -------- d-----w- c:\program files\RadioXpi
2009-08-22 04:07 . 2009-08-22 04:07 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\LiveTV_
2009-08-22 04:06 . 2009-08-22 04:07 -------- d-----w- c:\program files\LiveTV_
2009-08-19 22:24 . 2009-08-19 22:44 -------- d-----w- c:\program files\Patch MsnCreative
2009-08-16 14:54 . 2009-08-16 14:54 -------- d-----w- c:\program files\MediaSPace
2009-08-16 14:53 . 2009-08-16 14:53 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Downloaded Installations
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\documents and settings\ESS\Local Settings\Application Data\Identities
2009-08-12 03:17 . 2009-08-12 03:17 -------- d-----w- c:\program files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 03:07 . 2008-12-17 23:59 -------- d-----w- c:\documents and settings\ESS\Application Data\Skype
2009-09-05 02:05 . 2008-10-10 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-05 00:46 . 2008-08-28 23:31 -------- d--h--w- c:\documents and settings\ESS\Application Data\skypePM
2009-09-05 00:37 . 2009-07-17 11:01 -------- d-----w- c:\program files\trend micro
2009-09-03 17:45 . 2001-10-14 22:44 76384 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 17:45 . 2001-10-14 22:44 471246 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 10:18 . 2008-10-03 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 22:34 . 2008-08-26 00:30 -------- d-----w- c:\program files\Yahoo!
2009-08-25 16:09 . 2008-11-13 00:57 -------- d-----w- c:\documents and settings\ESS\Application Data\Paltalk
2009-08-25 16:07 . 2008-08-25 15:17 -------- d-----w- c:\program files\Creative
2009-08-24 01:32 . 2008-08-25 15:25 -------- d-----w- c:\program files\DivX
2009-08-22 23:00 . 2009-06-17 23:47 -------- d-----w- c:\program files\Hotspot Shield
2009-08-16 02:16 . 2009-06-23 00:11 -------- d-----w- c:\program files\Proxifier
2009-08-16 01:49 . 2008-08-28 11:57 -------- d-----w- c:\program files\Google
2009-08-12 04:36 . 2009-04-26 23:35 -------- d-----w- c:\documents and settings\ESS\Application Data\LimeWire
2009-08-10 17:00 . 2009-06-02 19:32 -------- d-----w- c:\program files\SpacialAudio
2009-08-06 22:59 . 2009-07-17 21:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 11:36 . 2008-10-03 23:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-03 23:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:24 . 2009-06-17 23:48 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-23 01:27 . 2009-05-25 14:18 -------- d-----w- c:\documents and settings\ESS\Application Data\Winamp
2009-07-22 21:07 . 2009-05-25 14:18 -------- d-----w- c:\program files\Winamp
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\program files\Avira
2009-07-17 21:40 . 2009-07-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-12 14:33 . 2009-07-12 14:33 -------- d-----w- c:\program files\SAGEM WiFi manager
2009-07-12 14:25 . 2008-08-25 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:15 . 2009-04-29 21:53 -------- d-----w- c:\program files\SAGEM
2009-07-12 14:15 . 2009-07-12 14:15 -------- d-----w- c:\documents and settings\ESS\Application Data\InstallShield
2009-07-04 14:40 . 2009-07-04 14:40 0 -c--a-w- c:\windows\system32\cd.dat
2009-07-02 02:34 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-27 23:20 . 2009-06-27 23:20 165069 ----a-w- c:\windows\IceOp Uninstaller.exe
2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-11-12 00:19 359040 EBEAB4C47642CD68D7FD23187EECA1B0 c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 03:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 03:14 359040 3BB4B08619C111C7BE8BDA07AA0DE6A2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-05_01.29.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 01:38 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-09-05 01:38 . 2004-08-04 04:55 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-09-05 01:38 . 2004-08-04 04:55 25088 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-09-05 01:38 . 2004-08-04 04:55 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-09-05 01:38 . 2004-08-04 04:55 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-09-05 01:38 . 2006-10-18 19:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 18944 c:\windows\system32\dllcache\cache\linkinfo.dll
+ 2009-09-05 01:38 . 2004-08-04 04:45 25216 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-09-05 01:38 . 2004-08-04 03:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-09-05 01:38 . 2004-08-04 04:54 55808 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 60416 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 77312 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-09-05 01:38 . 2004-08-04 03:05 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-09-05 01:38 . 2001-10-14 22:41 12032 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-09-05 02:05 . 2009-09-05 02:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
- 2009-06-23 23:05 . 2009-06-23 23:05 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-09-05 01:38 . 2001-10-14 22:44 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-09-05 01:38 . 2001-10-14 22:41 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-09-05 01:38 . 2004-08-04 04:54 129536 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-09-05 01:38 . 2004-08-04 04:55 506368 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-09-05 01:38 . 2008-08-26 08:11 826368 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 578048 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 185344 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 297984 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 246272 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-09-05 01:38 . 2004-08-04 04:55 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 193024 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 186368 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 395776 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 382464 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 438272 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-09-05 01:38 . 2004-08-04 03:15 574592 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-09-05 01:38 . 2004-08-04 04:54 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-09-05 01:38 . 2004-08-04 03:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-09-05 01:38 . 2004-08-04 04:54 247808 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-09-05 01:38 . 2001-10-14 22:43 924432 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 243200 c:\windows\system32\dllcache\cache\es.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 851968 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 611328 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 176640 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-09-05 01:38 . 2004-08-03 20:39 142464 c:\windows\system32\dllcache\cache\aec.sys
- 2009-06-23 23:05 . 2009-06-23 23:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2009-09-05 01:38 . 2004-08-04 04:54 1548288 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-09-05 01:38 . 2004-08-04 04:48 2150400 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-09-05 01:38 . 2004-08-04 05:05 2017280 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-09-05 01:38 . 2008-08-27 13:41 3593216 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 1048576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-09-05 01:38 . 2004-08-04 04:54 1036288 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-09-05 02:05 . 2009-09-05 02:05 1461248 c:\windows\Installer\225d0a.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-22 22:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-12 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\ESS\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2008-2-17 377344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe
"1"= cmd.exe
"3"= rstrui.exe
"4"= regedit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Keenfinder Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"Capture Device Service"=2 (0x2)
"Boonty Games"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/08/2008 16:48 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 23:40 108289]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20:58 331824]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2008 01:29 47640]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [12/07/2009 16:02 20736]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [01/06/2009 20:13 33840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 12:06 21632]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [12/07/2009 16:33 402432]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 01:22 28592]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [11/05/2009 21:36 173632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 01:19 57640]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/12/2008 00:19 323584]
S3 ntkvpn;Loki VPN Driver Service;c:\windows\system32\DRIVERS\ntkvpn.sys --> c:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320]
S4 Keenfinder Service;Keenfinder Service;"c:\program files\Keenfinder\keenfinder.exe" "c:\program files\Keenfinder\keenfinder.dll" Service --> c:\program files\Keenfinder\keenfinder.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F8414C6-A53E-45C0-B260-CAD037F0532C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 67.69.254.242:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator\Ghost
LSP: PrxerDrv.dll
TCP: {D64A6D53-4B27-4AF5-AA10-4B69889C9792} = 213.150.176.196,196.203.251.8
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ESS\Application Data\Mozilla\Firefox\Profiles\3jzhgi8b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 06:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{219C3740-370D-5039-65CB-DBB14A0E7DC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajokdkadiachhbhbh"=hex:69,61,6d,65,68,6d,67,6d,6a,6b,70,61,63,65,6e,6e,61,6b,
00,00
"hahoafcmmhigabmp"=hex:6a,61,63,66,64,68,62,61,64,6f,69,65,70,6a,6a,64,6b,67,
6d,6f,00,fe
"ianochijpclkfnkgol"=hex:63,61,6e,65,67,6a,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(444)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-09-05 6:32
ComboFix-quarantined-files.txt 2009-09-05 04:31
ComboFix2.txt 2009-09-05 02:25
ComboFix3.txt 2009-09-05 01:40

Pre-Run: 6 827 737 088 octets libres
Post-Run: 6 842 855 424 octets libres

351
0
Réponse 23 / 28
Utilisateur anonyme
5 sept. 2009 à 14:57
c est bizarre les outils ne supprime pas ce fichier ..


▶ Télécharge OTM de OldTimer sur ton Bureau.

• Double-clique sur OTM.exe afin de le lancer.

• Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe

:files
c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\DosÿOptimizer.pif
:commands
[emptytemp]



• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

• Clique maintenant sur le bouton MoveIt! puis ferme OTM.

▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.

• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 24 / 28
Profil bloqué
5 sept. 2009 à 15:08
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif not found.
File/Folder c:\documents and settings\ESS\Menu Démarrer\Programmes\Démarrage\DosÿOptimizer.pif not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ESS
->Temp folder emptied: 36368923 bytes
->Temporary Internet Files folder emptied: 61151218 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7254622 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 354 bytes
RecycleBin emptied: 1092 bytes

Total Files Cleaned = 99,99 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09052009_135637

Files moved on Reboot...

Registry entries deleted on Reboot...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
Utilisateur anonyme
5 sept. 2009 à 15:09
Télécharge HijackThis (outils de diagnostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 26 / 28
Profil bloqué
5 sept. 2009 à 15:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:30, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.242:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D64A6D53-4B27-4AF5-AA10-4B69889C9792}: NameServer = 213.150.176.196,196.203.251.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
0
Réponse 27 / 28
Utilisateur anonyme
5 sept. 2009 à 15:17
réouvre hijackthis , choisi "do a system scan only"

dans le liste coches ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator\Ghost (file missing)


O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100


tu les coches et tu clic sur fix checked


ensuite refais un scan Rsit et post log.txt stp
0
Réponse 28 / 28
Profil bloqué
8 sept. 2009 à 01:22
chiquitine29, çava comme ça?
0

Discussions similaires

Fonction MS-DOS non valide
Phoenix78 -
avo9900 -

6 réponses
TCP Optimizer est-ce efficace ?
liberteegalite2 -
tanvoilacruchalo -

8 réponses
Comment ouvrir une console DOS sous Windows
Guillaume -
tim -

7 réponses
Commande MS-DOS pour inserer une pause
klash -
Noddy -

12 réponses
etiquette pour dos classeur
cc -
t2stardust -

2 réponses