multi-infections !!!

Recherche :

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : multi-infections !!!

ismael_007

esprit

slt j ai plusieur probleme :
1°)y a plusieur fenetre (web) qui s ouvre tout seul
2°)msn se connecte 1 fois sur 5 quand je met depanner il me dit que les fichiers host sont endommagés
3°)y a plusieur fichier qui se sont ajoute a la racine(c fndr.exe,dikh.exe,drsmartload1.exe,drsmartload45d.exe,drsmartload46d.exe,drsmartload849d.exe,fgikh.exe,kybrd.exe,Mendoza1.exe,MTE3NDI6ODoxNg.exe,nwnm.exe,steam.exe,warebundle.exe,VSL02.exe,dfndra.exe,drsmartload45e.exe,drsmartload46e.exe,drsmartload849e.exe,drsmartload45f.exe,drsmartload46f.exe et drsmartload849f.exe

mon log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:40:28, on 22/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\services.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Belgacom ADSL\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Arture\Bureau\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Belgacom ADSL\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [40fd6e1a.exe] C:\WINDOWS\System32\40fd6e1a.exe
O4 - HKLM\..\Run: [crifx.exe] C:\WINDOWS\System32\crifx.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [40fd6e1a.exe] C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
O4 - Startup: Reboot.exe
O4 - Startup: Reprendre l'installation de Windows Update.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3814CC-81D2-444D-9870-85EC76F39F88}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC83B7F0-5520-4C13-9C6F-B98CEA2D294E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAE364-EF29-45F5-A066-DE00067873A1}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\logonui.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\p6p6lg7s16.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe (file missing)
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe

y a-t-il qlq 1 qui peux m aider !!!!! merci d avence

Message édité par ismael_007 le 22-06-2006 à 17:58:52

Publicité

BaF - FlOp

:sleep:
edit : t'as fais ce qu'il fallait niveau scans anti-spy et antivirus, bien sur ?

Message édité par BaF - FlOp le 22-06-2006 à 17:44:35

freds45

Merci de mettre un titre qui ait un rapport avec le problème.

---------------
Filmstory : gardez trace des films que vous avez vu ! :D

ismael_007

esprit

baf-flop ui biensur ...

Message cité 1 fois

ismael_007

esprit

freds45:desole je sais pas comment faire

freds45

dans ton 1er post.

---------------
Filmstory : gardez trace des films que vous avez vu ! :D

BaF - FlOp

ismael_007 a écrit :

baf-flop ui biensur ...

comment ça ?
OUI ou NON ?

c'est dur d'etre explicite, de dire ce que l'on a fait ?
D'essayer de cerner le pb

Spoiler :

hs
ghana en 1/8e c'est enorme :ouch:
/hs

Message édité par BaF - FlOp le 22-06-2006 à 17:59:43

ismael_007

esprit

oui j ai analysé le disque dure avec skybot,Ad-Aware SE Personal et ewido anti-malware mise a jours

Anthony10

Bonjour.

Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.

* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.

* Coche Run this program as a task.

* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK.

* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.

* Lorsque le scan termine, clique sur le bouton Remove L2M

* Un message Done Scanning apparaîtra, clique OK.

* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.

* Ton PC va maintenant s'éteindre.

* Démarre ton PC normalement.

* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt dans ta prochaine réponse.

# Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.

* Repost un nouveau log Hijackthis.

freds45

J'avais demandé un titre CLAIR, et pas de multiples !!! ou ???. Merci de faire le nécessaire

Message cité 1 fois

---------------
Filmstory : gardez trace des films que vous avez vu ! :D

Publicité

ismael_007

esprit

le rapport de Look2Me:
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 22/06/2006 18:47:03

Infected! C:\WINDOWS\system32\p6p6lg7s16.dll
Infected! C:\WINDOWS\system32\caadmin.dll
Infected! C:\WINDOWS\system32\h64mlgh1164.dll
Infected! C:\WINDOWS\system32\hfsetup.dll
Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\WINDOWS\system32\j6j6lg1s16.dll
Infected! C:\WINDOWS\system32\muwsock.dll
Infected! C:\WINDOWS\system32\p6p6lg7s16.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\p6p6lg7s16.dll
C:\WINDOWS\system32\p6p6lg7s16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\caadmin.dll
C:\WINDOWS\system32\caadmin.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h64mlgh1164.dll
C:\WINDOWS\system32\h64mlgh1164.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hfsetup.dll
C:\WINDOWS\system32\hfsetup.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j6j6lg1s16.dll
C:\WINDOWS\system32\j6j6lg1s16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\muwsock.dll
C:\WINDOWS\system32\muwsock.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p6p6lg7s16.dll
C:\WINDOWS\system32\p6p6lg7s16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{698C260D-E87F-4847-BFDA-F9EC8170765A}"
HKCR\Clsid\{698C260D-E87F-4847-BFDA-F9EC8170765A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D03F1643-D802-4403-8795-8E943AA3132F}"
HKCR\Clsid\{D03F1643-D802-4403-8795-8E943AA3132F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D185EF8C-EF06-470F-A860-D50FC01EDE22}"
HKCR\Clsid\{D185EF8C-EF06-470F-A860-D50FC01EDE22}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEFFA213-9CF8-4E32-BEDC-A79B195031CE}"
HKCR\Clsid\{FEFFA213-9CF8-4E32-BEDC-A79B195031CE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E8409C62-9614-4CDF-A43A-66C9B09C5BA9}"
HKCR\Clsid\{E8409C62-9614-4CDF-A43A-66C9B09C5BA9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFEFDB4F-8C2A-4E4A-AE4C-B6531DAB7383}"
HKCR\Clsid\{FFEFDB4F-8C2A-4E4A-AE4C-B6531DAB7383}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0224C518-111A-454F-97B9-6BE3F6035A19}"
HKCR\Clsid\{0224C518-111A-454F-97B9-6BE3F6035A19}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A64AE4CB-0F23-4BA4-99EF-721D423ECE92}"
HKCR\Clsid\{A64AE4CB-0F23-4BA4-99EF-721D423ECE92}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{91C9DFD4-1CF6-4B5D-A3AD-FDA29D005C07}"
HKCR\Clsid\{91C9DFD4-1CF6-4B5D-A3AD-FDA29D005C07}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2549E05C-05D8-4A0E-A762-1BAF87317682}"
HKCR\Clsid\{2549E05C-05D8-4A0E-A762-1BAF87317682}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6CCCC0DA-D7AC-4F9A-90DF-B390E2E68A11}"
HKCR\Clsid\{6CCCC0DA-D7AC-4F9A-90DF-B390E2E68A11}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2960FC61-0FF7-4402-AE04-B9720643213E}"
HKCR\Clsid\{2960FC61-0FF7-4402-AE04-B9720643213E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A38DBFA3-6EF6-40A3-9F47-04290240D144}"
HKCR\Clsid\{A38DBFA3-6EF6-40A3-9F47-04290240D144}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B205B57-CB7F-4646-AD70-B4F9CA69FC35}"
HKCR\Clsid\{9B205B57-CB7F-4646-AD70-B4F9CA69FC35}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C880BA33-9800-473D-B61E-1A951D81141D}"
HKCR\Clsid\{C880BA33-9800-473D-B61E-1A951D81141D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81904570-658D-455E-8B8D-0971E7FF4CE4}"
HKCR\Clsid\{81904570-658D-455E-8B8D-0971E7FF4CE4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F3492077-1CC7-474B-9637-CA351DC53E9C}"
HKCR\Clsid\{F3492077-1CC7-474B-9637-CA351DC53E9C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{943DB570-A21B-4A23-B960-8A0EA5F585B6}"
HKCR\Clsid\{943DB570-A21B-4A23-B960-8A0EA5F585B6}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{532AEE87-0C7E-4B5D-8CB0-F995AE190446}"
HKCR\Clsid\{532AEE87-0C7E-4B5D-8CB0-F995AE190446}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{832D485D-15A1-4D1B-860F-0926755FAA02}"
HKCR\Clsid\{832D485D-15A1-4D1B-860F-0926755FAA02}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4883D1FD-378A-43B3-BFDC-0121CCAD6DD3}"
HKCR\Clsid\{4883D1FD-378A-43B3-BFDC-0121CCAD6DD3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{146F8B3C-551B-4397-8E2E-EF8023D42B76}"
HKCR\Clsid\{146F8B3C-551B-4397-8E2E-EF8023D42B76}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{778B769C-B8F1-4AEC-92A6-8B9C34567598}"
HKCR\Clsid\{778B769C-B8F1-4AEC-92A6-8B9C34567598}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B7072D9-4E49-4769-8BF6-6ABA4656BAC2}"
HKCR\Clsid\{6B7072D9-4E49-4769-8BF6-6ABA4656BAC2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{746837B9-0CDB-4D20-A50E-E866D7BBC82E}"
HKCR\Clsid\{746837B9-0CDB-4D20-A50E-E866D7BBC82E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FFDFA260-B5B0-497E-88EC-18F50E1C0C7D}"
HKCR\Clsid\{FFDFA260-B5B0-497E-88EC-18F50E1C0C7D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0172D111-2644-43FD-9D7F-046986B6675B}"
HKCR\Clsid\{0172D111-2644-43FD-9D7F-046986B6675B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{95090F3E-E88D-4D7F-8048-3B0EEDE64D4F}"
HKCR\Clsid\{95090F3E-E88D-4D7F-8048-3B0EEDE64D4F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrateurs - Succeeded

rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:55:44, on 22/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\services.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Belgacom ADSL\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\40fd6e1a.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Arture\Bureau\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Belgacom ADSL\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [40fd6e1a.exe] C:\WINDOWS\System32\40fd6e1a.exe
O4 - HKLM\..\Run: [crifx.exe] C:\WINDOWS\System32\crifx.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [40fd6e1a.exe] C:\Documents and Settings\Arture\Local Settings\Application Data\40fd6e1a.exe
O4 - Startup: Reboot.exe
O4 - Startup: Reprendre l'installation de Windows Update.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3814CC-81D2-444D-9870-85EC76F39F88}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC83B7F0-5520-4C13-9C6F-B98CEA2D294E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAE364-EF29-45F5-A066-DE00067873A1}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{221C21EF-E52D-4B18-B1B5-E35BA2338942}: NameServer = 85.255.113.110 85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\logonui.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG9zbWFyb2xsZXM\command.exe
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe

freds45

Le titre à changer et les !!! à supprimer, ou on ferme.

---------------
Filmstory : gardez trace des films que vous avez vu ! :D

Wolfman

Modérateur
Lobo'tomizado

freds45 a écrit :

J'avais demandé un titre CLAIR, et pas de multiples !!! ou ???. Merci de faire le nécessaire

FORUM HardWare.fr

Windows & Software

Sécurité

multi-infections !!!

Sujets relatifs
[mozilla] multi certificats et site des impots.	Multi Bureaux / Bureaux Virtuels ?! Infos svp.
gravure multi CD ISO	ms access et multi utilisateur
Désinstaller Win XP sur un multi boot	Multi boot XP sur HDD Sata
Je cherche un navigateur internet multi fenêtre	suppression disque C (multi boot)
multi ecran adobe premiere pro 1.5	Vista optimisé Multi Core ?
Plus de sujets relatifs à : multi-infections !!!

Page générée en 0.070 secondes