multi-infections !!!
multi-infections !!! - Sécurité - Windows & Software
Marsh Posté le 22-06-2006 à 17:43:28
edit : t'as fais ce qu'il fallait niveau scans anti-spy et antivirus, bien sur ?
Message édité par BaF - FlOp le 22-06-2006 à 17:44:35
Marsh Posté le 22-06-2006 à 17:44:22
Merci de mettre un titre qui ait un rapport avec le problème.
---------------
Filmstory : gardez trace des films que vous avez vu ! :D
ui biensur ...
Marsh Posté le 22-06-2006 à 17:56:19
Reply
dans ton 1er post.
Marsh Posté le 22-06-2006 à 17:58:41
| ismael_007 a écrit : baf-flop |
comment ça ?
OUI ou NON ?
c'est dur d'etre explicite, de dire ce que l'on a fait ?
D'essayer de cerner le pb 
| Spoiler : hs |
Message édité par BaF - FlOp le 22-06-2006 à 17:59:43
Marsh Posté le 22-06-2006 à 18:02:35
oui j ai analysé le disque dure avec skybot,Ad-Aware SE Personal et ewido anti-malware mise a jours
Marsh Posté le 22-06-2006 à 18:33:27
Bonjour.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task.
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK.
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt dans ta prochaine réponse.
# Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
* Repost un nouveau log Hijackthis.
Marsh Posté le 22-06-2006 à 18:37:44
J'avais demandé un titre CLAIR, et pas de multiples !!! ou ???. Merci de faire le nécessaire
---------------
Filmstory : gardez trace des films que vous avez vu ! :D
Marsh Posté le 22-06-2006 à 18:56:27
le rapport de Look2Me:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 22/06/2006 18:47:03
Infected! C:\WINDOWS\system32\p6p6lg7s16.dll
Infected! C:\WINDOWS\system32\caadmin.dll
Infected! C:\WINDOWS\system32\h64mlgh1164.dll
Infected! C:\WINDOWS\system32\hfsetup.dll
Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\WINDOWS\system32\j6j6lg1s16.dll
Infected! C:\WINDOWS\system32\muwsock.dll
Infected! C:\WINDOWS\system32\p6p6lg7s16.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\p6p6lg7s16.dll
C:\WINDOWS\system32\p6p6lg7s16.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\caadmin.dll
C:\WINDOWS\system32\caadmin.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\h64mlgh1164.dll
C:\WINDOWS\system32\h64mlgh1164.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hfsetup.dll
C:\WINDOWS\system32\hfsetup.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j6j6lg1s16.dll
C:\WINDOWS\system32\j6j6lg1s16.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\muwsock.dll
C:\WINDOWS\system32\muwsock.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\p6p6lg7s16.dll
C:\WINDOWS\system32\p6p6lg7s16.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{698C260D-E87F-4847-BFDA-F9EC8170765A}"
HKCR\Clsid\{698C260D-E87F-4847-BFDA-F9EC8170765A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D03F1643-D802-4403-8795-8E943AA3132F}"
HKCR\Clsid\{D03F1643-D802-4403-8795-8E943AA3132F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D185EF8C-EF06-470F-A860-D50FC01EDE22}"
HKCR\Clsid\{D185EF8C-EF06-470F-A860-D50FC01EDE22}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEFFA213-9CF8-4E32-BEDC-A79B195031CE}"
HKCR\Clsid\{FEFFA213-9CF8-4E32-BEDC-A79B195031CE}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E8409C62-9614-4CDF-A43A-66C9B09C5BA9}"
HKCR\Clsid\{E8409C62-9614-4CDF-A43A-66C9B09C5BA9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFEFDB4F-8C2A-4E4A-AE4C-B6531DAB7383}"
HKCR\Clsid\{FFEFDB4F-8C2A-4E4A-AE4C-B6531DAB7383}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0224C518-111A-454F-97B9-6BE3F6035A19}"
HKCR\Clsid\{0224C518-111A-454F-97B9-6BE3F6035A19}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A64AE4CB-0F23-4BA4-99EF-721D423ECE92}"
HKCR\Clsid\{A64AE4CB-0F23-4BA4-99EF-721D423ECE92}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{91C9DFD4-1CF6-4B5D-A3AD-FDA29D005C07}"
HKCR\Clsid\{91C9DFD4-1CF6-4B5D-A3AD-FDA29D005C07}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2549E05C-05D8-4A0E-A762-1BAF87317682}"
HKCR\Clsid\{2549E05C-05D8-4A0E-A762-1BAF87317682}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6CCCC0DA-D7AC-4F9A-90DF-B390E2E68A11}"
HKCR\Clsid\{6CCCC0DA-D7AC-4F9A-90DF-B390E2E68A11}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2960FC61-0FF7-4402-AE04-B9720643213E}"
HKCR\Clsid\{2960FC61-0FF7-4402-AE04-B9720643213E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A38DBFA3-6EF6-40A3-9F47-04290240D144}"
HKCR\Clsid\{A38DBFA3-6EF6-40A3-9F47-04290240D144}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B205B57-CB7F-4646-AD70-B4F9CA69FC35}"
HKCR\Clsid\{9B205B57-CB7F-4646-AD70-B4F9CA69FC35}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C880BA33-9800-473D-B61E-1A951D81141D}"
HKCR\Clsid\{C880BA33-9800-473D-B61E-1A951D81141D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81904570-658D-455E-8B8D-0971E7FF4CE4}"
HKCR\Clsid\{81904570-658D-455E-8B8D-0971E7FF4CE4}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F3492077-1CC7-474B-9637-CA351DC53E9C}"
HKCR\Clsid\{F3492077-1CC7-474B-9637-CA351DC53E9C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{943DB570-A21B-4A23-B960-8A0EA5F585B6}"
HKCR\Clsid\{943DB570-A21B-4A23-B960-8A0EA5F585B6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{532AEE87-0C7E-4B5D-8CB0-F995AE190446}"
HKCR\Clsid\{532AEE87-0C7E-4B5D-8CB0-F995AE190446}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{832D485D-15A1-4D1B-860F-0926755FAA02}"
HKCR\Clsid\{832D485D-15A1-4D1B-860F-0926755FAA02}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4883D1FD-378A-43B3-BFDC-0121CCAD6DD3}"
HKCR\Clsid\{4883D1FD-378A-43B3-BFDC-0121CCAD6DD3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{146F8B3C-551B-4397-8E2E-EF8023D42B76}"
HKCR\Clsid\{146F8B3C-551B-4397-8E2E-EF8023D42B76}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{778B769C-B8F1-4AEC-92A6-8B9C34567598}"
HKCR\Clsid\{778B769C-B8F1-4AEC-92A6-8B9C34567598}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B7072D9-4E49-4769-8BF6-6ABA4656BAC2}"
HKCR\Clsid\{6B7072D9-4E49-4769-8BF6-6ABA4656BAC2}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{746837B9-0CDB-4D20-A50E-E866D7BBC82E}"
HKCR\Clsid\{746837B9-0CDB-4D20-A50E-E866D7BBC82E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFDFA260-B5B0-497E-88EC-18F50E1C0C7D}"
HKCR\Clsid\{FFDFA260-B5B0-497E-88EC-18F50E1C0C7D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0172D111-2644-43FD-9D7F-046986B6675B}"
HKCR\Clsid\{0172D111-2644-43FD-9D7F-046986B6675B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{95090F3E-E88D-4D7F-8048-3B0EEDE64D4F}"
HKCR\Clsid\{95090F3E-E88D-4D7F-8048-3B0EEDE64D4F}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:55:44, on 22/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\services.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Belgacom ADSL\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\40fd6e1a.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Arture\Bureau\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Belgacom ADSL\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [40fd6e1a.exe] C:\WINDOWS\System32\40fd6e1a.exe
O4 - HKLM\..\Run: [crifx.exe] C:\WINDOWS\System32\crifx.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [40fd6e1a.exe] C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
O4 - Startup: Reboot.exe
O4 - Startup: Reprendre l'installation de Windows Update.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3814CC-81D2-444D-9870-85EC76F39F88}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC83B7F0-5520-4C13-9C6F-B98CEA2D294E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAE364-EF29-45F5-A066-DE00067873A1}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\logonui.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe
Marsh Posté le 22-06-2006 à 18:57:46
Le titre à changer et les !!! à supprimer, ou on ferme.
---------------
Filmstory : gardez trace des films que vous avez vu ! :D
Marsh Posté le 22-06-2006 à 18:58:04
| freds45 a écrit : J'avais demandé un titre CLAIR, et pas de multiples !!! ou ???. Merci de faire le nécessaire |
Sujets relatifs:
- [mozilla] multi certificats et site des impots.
- Multi Bureaux / Bureaux Virtuels ?! Infos svp.
- gravure multi CD ISO
- ms access et multi utilisateur
- Désinstaller Win XP sur un multi boot
- Multi boot XP sur HDD Sata
- Je cherche un navigateur internet multi fenêtre
- suppression disque C (multi boot)
- multi ecran adobe premiere pro 1.5
- Vista optimisé Multi Core ?
Marsh Posté le 22-06-2006 à 17:42:45
slt j ai plusieur probleme :
fndr.exe,dikh.exe,drsmartload1.exe,drsmartload45d.exe,drsmartload46d.exe,drsmartload849d.exe,fgikh.exe,kybrd.exe,Mendoza1.exe,MTE3NDI6ODoxNg.exe,nwnm.exe,steam.exe,warebundle.exe,VSL02.exe,dfndra.exe,drsmartload45e.exe,drsmartload46e.exe,drsmartload849e.exe,drsmartload45f.exe,drsmartload46f.exe et drsmartload849f.exe
1°)y a plusieur fenetre (web) qui s ouvre tout seul
2°)msn se connecte 1 fois sur 5 quand je met depanner il me dit que les fichiers host sont endommagés
3°)y a plusieur fichier qui se sont ajoute a la racine(c
mon log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:40:28, on 22/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\services.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Belgacom ADSL\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Arture\Bureau\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Belgacom ADSL\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [40fd6e1a.exe] C:\WINDOWS\System32\40fd6e1a.exe
O4 - HKLM\..\Run: [crifx.exe] C:\WINDOWS\System32\crifx.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [40fd6e1a.exe] C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
O4 - Startup: Reboot.exe
O4 - Startup: Reprendre l'installation de Windows Update.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3814CC-81D2-444D-9870-85EC76F39F88}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC83B7F0-5520-4C13-9C6F-B98CEA2D294E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAE364-EF29-45F5-A066-DE00067873A1}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\logonui.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\p6p6lg7s16.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe (file missing)
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe
y a-t-il qlq 1 qui peux m aider !!!!! merci d avence
Message édité par ismael_007 le 22-06-2006 à 17:58:52