HijackThis résultats pour "worm.win32.netsky"

Salut, espérons quelqu'un peut m'aider. J'ai récemment infectés avec le win32.netsky ver. Ive des recherches sur le net sur la façon de se débarrasser d'elle et enfin le doigt sur "HijackThis". Im inquiet au sujet de mon ordinateur. Puis il ya quelqu'un me donner des conseils professionnels sur les fichiers à corriger ou à supprimer? Très très très apprécié. - Jordanie

Logfile de HijackThis v1.99.1
Scan sauvé à 3:48:23 PM, le 10.28.2007
Plate-forme: Windows XP SP2 (WinNT 5.01. 2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr. exécutable
C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
C: \ Program Files \ Common Files \ Symantec

Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device

Support \ bin \ AppleMobileDeviceService.exe
C: \ Program files \ Norton SystemWorks \ Norton

AntiVirus \ navapsvc. exe
C: \ Program Files \ Norton SystemWorks \ Norton

AntiVirus \ IWP \ NPFMntor.exe
C: \ PROGRA ~ 1 \ NORTON ~ 1 \ NORTON ~ 1 \ NPROTECT.EXE
C: \ PROGRA ~ 1 \ NORTON ~ 1 \ NORTON ~ 1 \ SPEEDD ~ 1 \ NOPDB.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec

Shared \ DPCC-LC \ symlcsvc.exe
C: \ WINDOWS \ system32 \ wdfmgr.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched. exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Spyware Doctor \ svcntaux.exe
C: \ Program Files \ Spyware Doctor \ swdsvc.exe
C: \ Program Files \ Spyware Doctor \ SDTrayApp.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc. exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware SE Personal \ Ad-Aware.exe
C: \ DOCUME ~ 1 \ JORDAN ~ 1 \ LOCALS ~ 1 \ Temp \ Répertoire temporaire 1 pour

HijackThis [1]. zip \ HijackThis. exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Rechercher

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet

Explorer \ Main, Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet

Explorer \ Main, Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Rechercher

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet

Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet

Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, First

Page d'accueil = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper --

(06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program

Files \ Fichiers communs \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper. dll
O2 - BHO: BetaDivX - (48BF2BC0-2945-11D8-8CAC-00080FC65465)

- C: \ WINDOWS \ system32 \ IR9V0_QCX.dll (file missing)
O2 - BHO: MSVPS System --

(6EB10F79-5E53-4F76-B146-409EFCDCB957) --

C: \ WINDOWS \ movctrlfqd.dll
O2 - BHO: SSVHelper Class --

(761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program

Files \ Java \ jre1.6.0_03 \ bin \ ssv. dll
O2 - BHO: CNavExtBho Class --

(BDF3E430-B101-42AD-A544-FADC6B084872) - C: \ Program

Files \ Norton SystemWorks \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: Norton AntiVirus --

(42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program

Files \ Norton SystemWorks \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: La nssfrch --

(DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70) --

C: \ WINDOWS \ nssfrch.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program

Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe "
O4 - HKLM \ .. \ Run: [BJCFD] C: \ Program Files \ BroadJump \ Client

Foundation \ CFD.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common

Files \ Symantec Shared \ ccapp.exe "
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor]

C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [KernelFaultCheck]

% systemroot% \ system32 \ dumprep 0-k
O4, - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program

Files \ Adobe \ Photoshop Album Starter

Edition \ 3.2 \ Apps \ apdproxy.exe "
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program

Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program

Files \ QuickTime \ qttask.exe "-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program

Files \ iTunes \ iTunesHelper.exe "
O4 - HKLM \ .. \ Run: [SDTray] "C: \ Program Files \ Spyware

Doctor \ SDTrayApp.exe "
O4 - HKLM \ .. \ Run: [AVG7_CC]

C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKCU \ .. \ Run: [Norton SystemWorks] "C: \ Program

Files \ Norton SystemWorks \ CfgWiz.exe "/ GUID

(05858CFD-5CC4-4ceb-AAAF-CF00BF39736A) / MODE CfgWiz
O4 - HKCU \ .. \ Run: [ctfmon. exe]

C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program

Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program

Files \ Microsoft Office \ Office10 \ Osa.exe
O9 - Extra button: (no name) --

(08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program

Files \ Java \ jre1.6.0_03 \ bin \ ssv. dll
O9 - Extra "Outils" menuitem: Sun Java Console --

(08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program

Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Research --

(92780B25-18CC-41C8-B9BE-3C9C571A8263) --

C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: AIM --

(AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program

Files \ AIM \ but. exe
O9 - Extra button: (no name) --

(e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network

Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra "Outils" menuitem: @ xpsp3res.dll, -20001 --

(e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network

Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger --

(E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program

Files \ Yahoo! \ Messenger \ YahooMessenger. exe
O9 - Extra "Outils" menuitem: Yahoo! Messenger --

(E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program

Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra button: Messenger --

(FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program

Files \ Messenger \ msmsgs.exe
O9 - Extra "Outils" menuitem: Windows Messenger --

(FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program

Files \ Messenger \ msmsgs. exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab)

(YInstStarter Class) - C: \ Program

Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616)

(DivXBrowserPlugin Object) --

http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: msnim --

(828030A1-22C1-4009-854F-8E305202313F) --

"C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ msgrapp. dll "(file missing)
O20 - Winlogon Notify: WgaLogon --

C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: bxsbang --

(4047618D-C6F1-4EF8-94D3-AA23A08A988E) --

C: \ WINDOWS \ bxsbang.dll
O21 - SSODL: ocgrep - (257A4DBC-23F7-4FB1-B880-660149C89DD5)

- C: \ WINDOWS \ ocgrep.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Program

Files \ Fichiers communs \ Adobe Systems

Shared \ Service \ Adobelmsvc. exe
O23 - Service: Apple Mobile Device - Apple, Inc --

C \ Program Files \ Common Files \ Apple \ Mobile Device

Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) --

GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc. exe
O23 - service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C: \ Program Files \ Common Files \ Symantec

Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) --

Symantec Corporation - C: \ Program Files \ Common

Files \ Symantec Shared \ ccPwdSvc.exe
O23 - service: Symantec Settings Manager (ccSetMgr) --

Symantec Corporation - C: \ Program Files \ Common

Files \ Symantec Shared \ ccSetMgr. exe
O23 - Service: InstallDriver Table Manager (IDriverT) --

Macrovision Corporation - C: \ Program Files \ Common

Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program

Files \ iPod \ bin \ iPodService.exe
O23 - service: Macromedia Licensing Service - Unknown propriétaire

- C: \ Program Files \ Common Files \ Macromedia

Shared \ Service \ Macromedia Licensing. exe
O23 - service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - C: \ Program Files \ Norton

SystemWorks \ Norton AntiVirus \ NAVAPSVC.EXE
O23 - service: Norton AntiVirus Firewall Monitor Service

(NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton

SystemWorks \ Norton AntiVirus \ IWP \ NPFMntor. exe
O23 - Service: Norton Unerase Protection (NProtectService) --

Symantec Corporation --

C \ PROGRA ~ 1 \ NORTON ~ 1 \ NORTON ~ 1 \ NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C: \ Program

Files \ Norton SystemWorks \ Norton AntiVirus \ SAVScan.exe
O23 - service: ScriptBlocking Service (SBService) - Symantec

Corporation --

C \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ. exe
O23 - service: PC Tools Auxiliary Service (sdAuxService) --

PC Tools -: C: \ Program Files \ Spyware Doctor \ svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) --

PC Tools -: C: \ Program Files \ Spyware Doctor \ swdsvc.exe
O23 - service: Symantec Network Drivers Service (SNDSrvc) --

Symantec Corporation - C: \ Program Files \ Common

Files \ Symantec Shared \ SNDSrvc. exe
O23 - service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C: \ Program Files \ Common Files \ Symantec

Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation --

C: \ PROGRA ~ 1 \ NORTON ~ 1 \ NORTON ~ 1 \ SPEEDD ~ 1 \ NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation --

C: \ Program Files \ Common Files \ Symantec

Shared \ DPCC-LC \ symlcsvc.exe

http://www.symantec.com/security_respon ... 99&tabid=3

Il ya les instructions de suppression de Norton que vous avez en cours d'exécution sur votre machine. Je n'aime pas Norton, mais il devrait être en mesure de traiter votre problème ou vous pouvez supprimer le virus manuellement.

Pas une journée ne se passe sans que quelqu'un ne pas poster un moyen d'aide au sujet de certains virus ou ver. Mon PC est infecté avec jamais aucune de ces choses et je n'ai même pas un anti virus en cours d'exécution. Qu'est-ce que j'ai, c'est un registre vestiaires, MJ Reg Watcher. J'ai mis à rejeter toutes les modifications apportées à la base de registre. Un virus est d'apporter des modifications à la base de registre afin de déposer elle-même dans le système d'exploitation. Il ne peut pas le faire si le registre est verrouillé. Un programme anti-virus est, après le fait. Certains PC, quelque part, a déjà été infectées. Après l'AV entreprises sont mis au courant de ce virus dans la nature, écrivent-ils un régime de protection. Thats bien si vous n'étiez pas le premier à être coincés.

Vous pouvez réduire les chances d'être infecté si vous ne cliquez jamais sur les pièces jointes que vous n'avez pas demandé. Si vous recevez une pièce jointe, même d'un ami, appelez et demandez lui si il lui a envoyé.

Si, par chance votre ordinateur est infecté de toute façon, apprendre comment fonctionne le registre et que les choses se cacher. Apprenez à utiliser msconfig et comme je l'ai mentionné avant utilisation MJ Reg Watcher ou tout ce qui verrouille la base de registre.

http://www.jacobsm.com/mjsoft.htm#rgwtchr

J'ai utilisé ce détournement, ce qui est de mon fichier log. Je voudrais vraiment apprécier toute aide.

*************************

Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 17:39:19, le 22/11/2007
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass. exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ WINDOWS \ SYSTEM32 \ bgsvcgen.exe
C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService. exe
C: \ Program Files \ Network Associates \ VirusScan \ Mcshield.exe
C: \ Program Files \ Network Associates \ VirusScan \ VsTskMgr.exe
C: \ WINDOWS \ Explorer.EXE
C \ Program Files \ Fichiers communs \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ directcd.exe
C: \ WINDOWS \ System32 \ lxsupmon.exe
C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
C: \ Program Files \ Network Associates \ VirusScan \ SHSTAT. EXE
C \ Program Files \ Network Associates \ Common Framework \ UpdaterUI.exe
C: \ WINDOWS \ System32 \ hkcmd.exe
C: \ WINDOWS \ BCMSMMSG.exe
C \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C \ WINDOWS \ vsnpstd2.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe
C \ Program Files \ QuickTime \ qttask.exe
C \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ ctfmon. exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jucheck.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C \ Program Files \ uTorrent \ utorrent.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ iPod \ bin \ iPodService. exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE. EXE

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard , ShellNext = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Microsoft Internet Explorer fourni par eircom net
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper. dll
O2 - BHO: XBTP01621 - (9EBBE90B-282E-4c39-8A7E-120749169F0F) - C: \ PROGRA ~ 1 \ BEARSH ~ 2 \ MediaBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) -: C: \ Program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.0.301.7164 \ swg. dll
O2 - BHO: XBTBPos00 Class - (E552EEFC-DE97-45D4-BA1A-F534A1B4A579) - C: \ PROGRA ~ 1 \ morphe ~ 1 \ morphe ~ 1.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - (119DBEDA-9c41-4F97-94B4-B6BCD01133CF) - C: \ Program Files \ Morpheus Toolbar \ morpheustoolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) -: C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt. dll
O3 - Toolbar: BearShare MediaBar - (B7D3E479-CC68-42B5-A338-938ECE35F419) - C: \ Program Files \ BearShare MediaBar \ MediaBar.dll (file missing)
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O3 - Toolbar: La jokwmp - (1C56ED66-9488-4D8F-B028-8BBABABB8361) - C: \ WINDOWS \ jokwmp.dll (file missing)
O4 - HKLM \ .. \ Run: [AdaptecDirectCD] "C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ DirectCD. exe "
O4 - HKLM \ .. \ Run: [LXSUPMON] C: \ WINDOWS \ System32 \ lxsupmon.exe RUN
O4 - HKLM \ .. \ Exécuter: [REGSHAVE] C \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN
O4 - HKLM \ .. \ Exécuter: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ShStatEXE] "C: \ Program Files \ Network Associates \ VirusScan \ SHSTAT.EXE" / Standalone
O4 - HKLM \ .. \ Run: [McAfeeUpdaterUI] "C: \ Program Files \ Network Associates \ Common Framework \ UpdaterUI. exe "/ StartedFromRunKey
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ System32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Exécuter: [SNPSTD2] C: \ WINDOWS \ vsnpstd2.exe
O4 - HKLM \ .. \ Exécuter: [PicasaNet] "C: \ Program Files \ Bonjour \ Hello.exe"-b
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe
O4 - HKLM \ .. \ Run: [DAEMON Tools] "C: \ Program Files \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKLM \ .. \ Run: [OM_Monitor]: C: \ Program Files \ OLYMPUS \ OLYMPUS Master \ FirstStart.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] ": C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Exécuter: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Exécuter: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [OM_Monitor] C: \ Program Files \ OLYMPUS \ OLYMPUS Maître \ Monitor.exe-NoStart
O4 - HKCU \ .. \ Exécuter: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe-AutoStart
O4 - HKLM \ .. \ Policies \ Explorer \ run: [DriverLoad] C: \ DriverLoad \ svchost.exe-dl
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [SystemDriverCheck] C: \ DriverLoad \ svchost.exe-sdc
O4 - HKLM \ .. \ Policies \ Explorer \ run: [SystemCheck] c: \ DriverLoad \ svchost.exe-sc
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [User32. dll] C: \ Program Files \ Video Access ActiveX Object \ isamntr.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C \ WINDOWS \ System32 \ CTFMON.EXE (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C \ WINDOWS \ System32 \ CTFMON.EXE (User service réseau)
O4 - HKUS \ S-1-5-18 \ .. \ Exécuter: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Exécuter: [CTFMON.EXE] C \ WINDOWS \ System32 \ CTFMON.EXE (User Default user)
O4 - Global Startup: Adobe Reader Speed Launch. lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra du menu contextuel: & Google Search -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmsearch.html
O8 - Extra du menu contextuel: & Translate English Word -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmwordtrans. html
O8 - Extra du menu contextuel: Backward Links -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra du menu contextuel: Cached Snapshot of Page -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmcache.html
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra du menu contextuel: Pages similaires -- res://c : \ program files \ google \ GoogleToolbar2. dll / cmsimilar.html
O8 - Extra du menu contextuel: Traduire la page en anglais -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmtrans.html
Ø14 - IERESET.INF: START_PAGE_URL = http://www.eircom. net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) -- http://download.divx.com/webplayer/stag ... Plugin.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsoftup ... 3308253578
O18 - Filter hijack: text / html - (no CLSID) - (pas de fichier)
O21 - SSODL: SystemCheck2 - 2225 (54645654-4455-44A1-9F4543D34546-) - C: \ WINDOWS \ System32 \ vbsys2.dll (file missing)
O21 - SSODL: rmvgor - (91937542-E146-4237-9548-1D694CC521A7) - C: \ WINDOWS \ rmvgor.dll
O21 - SSODL: sapnet - (9694747F-AEA9-4318-BA7A-D1F283D2D6FD) - C \ WINDOWS \ sapnet.dll
O22 - SharedTaskScheduler: (pas de nom) - (C569B8DA-D929-4c57-9ADD-C071C13C1FAD) - (pas de fichier)
O22 - SharedTaskScheduler: homina - (df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4) - C: \ WINDOWS \ system32 \ oyopu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - service: Bs Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C \ WINDOWS \ SYSTEM32 \ bgsvcgen.exe
O23 - service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc -: C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService.exe
O23 - service: Network Associates McShield (McShield) - Network Associates, Inc - C: \ Program Files \ Network Associates \ VirusScan \ Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc -: C: \ Program Files \ Network Associates \ VirusScan \ VsTskMgr.exe
O23 - Service: pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe

--
Fin de fichier - 10,544 octets

C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe

Cela a à faire.

Charco...ajouter la liste suivante pour les trucs que vous avez à enlever de la liste ci-dessus...



Vérifiez votre ordinateur si vous avez DELF-KR TROJAN (que je suppose que vous avez mai).

http://www.sophos.com/security/analyses/trojdelfkr.html

dire comme don, c'est une bonne idée de bloquer votre registre avec tout type de logiciel qui est capable de faire cela. il est utile, à moins que le virus, spyware etc tue par le système d'accrochage ou d'exploiter le programme. si tu ne t veulent payer pour le logiciel puis de télécharger et d'utiliser spybot le thé à rebours, qui vous dira quand un programme essaie de changer quelque chose dans votre registre.

ma meilleure recommandation est que vous obtenez "comodo firewall 3. 0 ", il est également libre et e ebest chose est que c'est un grand pare-feu" lol, mieux que la zone d'alarme »et il défend aussi votre système contre les modifications du Registre.

quelque chose qui n'a pas été fait mention dans ce forum (non pas que je sais), c'est que quand vous pouvez; t supprimer un fichier et que vous avez essayé toutes les méthodes mentionnées, vous coiuld essayer d'obtenir l'accès au système de votre ordinateur et essayer à partir de là.
système de droits sont les droits greates à un ordinateur Windows, même plus grande que les droits administrateurs, afin que vous puissiez vous débarrasser d'un grand nombre de virus, spyware, etc en obtenant les droits et les supprimer. juste faire attention, car si tu ne t savoir ce que vous faites avec le système de droits, vous pouvez tout à vis de votre ordinateur.

J'aime le nom de ce pare-feu. Comodo moyen confortable en espagnol. (accent sur le premier O)

merci pour l'aide à ce jour. j'ai essayé de corriger ces problèmes, mais pas tout a disparu. maintenant mon logfile ressemble à ceci.

**********************
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ LEXBCES. EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C \ WINDOWS \ SYSTEM32 \ bgsvcgen.exe
C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService.exe
C \ Program Files \ Network Associates \ VirusScan \ VsTskMgr.exe
C: \ Program Files \ Fichiers communs \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C \ WINDOWS \ System32 \ svchost. exe
C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ directcd.exe
C: \ WINDOWS \ System32 \ lxsupmon.exe
C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
C \ Program Files \ Network Associates \ VirusScan \ SHSTAT.EXE
C: \ Program Files \ Network Associates \ Common Framework \ UpdaterUI.exe
C \ WINDOWS \ System32 \ hkcmd.exe
C: \ WINDOWS \ BCMSMMSG.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ WINDOWS \ vsnpstd2.exe
C: \ Program Files \ Windows Defender \ MSASCui. exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ Network Associates \ VirusScan \ McShield. exécutable
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www. google.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.eircom.net
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www. google.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.eircom.net
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Microsoft Internet Explorer fourni par eircom net
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) -: C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt. etc
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) -: C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53,707,962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3. dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C \ Program Files \ Google \ GoogleToolbarNotifier \ 2.0.301.7164 \ swg.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O3 - Toolbar: La jokwmp - (1C56ED66-9488-4D8F-B028-8BBABABB8361) - C: \ WINDOWS \ jokwmp. dll (file missing)
O4 - HKLM \ .. \ Exécuter: [AdaptecDirectCD] "C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ directcd.exe"
O4 - HKLM \ .. \ Run: [LXSUPMON] C \ WINDOWS \ System32 \ lxsupmon.exe RUN
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Exécuter: [ShStatEXE] "C: \ Program Files \ Network Associates \ VirusScan \ SHSTAT. EXE "/ Standalone
O4 - HKLM \ .. \ Run: [McAfeeUpdaterUI] "C: \ Program Files \ Network Associates \ Common Framework \ UpdaterUI.exe" / StartedFromRunKey
O4 - HKLM \ .. \ Run: [IgfxTray] C \ WINDOWS \ System32 \ igfxtray.exe
O4 - HKLM \ .. \ Exécuter: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Exécuter: [SNPSTD2] C: \ WINDOWS \ vsnpstd2. exe
O4 - HKLM \ .. \ Run: [PicasaNet] "C: \ Program Files \ Bonjour \ Hello.exe"-b
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Exécuter: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe
O4 - HKLM \ .. \ Run: [DAEMON Tools] "C: \ Program Files \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKLM \ .. \ Run: [OM_Monitor] C: \ Program Files \ OLYMPUS \ OLYMPUS Master \ FirstStart.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [OM_Monitor] C: \ Program Files \ OLYMPUS \ OLYMPUS Master \ Monitor.exe-NoStart
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer]: C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe-AutoStart
O4 - HKCU \ .. \ Exécuter: [SUPERAntiSpyware]: C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User service réseau)
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ ctfmon. EXE (utilisateur par défaut de l'utilisateur)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra du menu contextuel: & Google Search -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmsearch.html
O8 - Extra du menu contextuel: & Translate English Word -- res://c : \ program files \ google \ GoogleToolbar2. dll / cmwordtrans.html
O8 - Extra du menu contextuel: Backward Links -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra du menu contextuel: Cached Snapshot of Page -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmcache.html
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL. EXE/3000
O8 - Extra du menu contextuel: Pages similaires -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmsimilar.html
O8 - Extra du menu contextuel: Traduire la page en anglais -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper. etc
O9 - Extra "Outils" menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-48C4-47F8-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø14 - IERESET.INF: START_PAGE_URL = http://www.eircom. net
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) -- http://download.divx.com/webplayer/stag ... Plugin.cab
O16 - DPF: (6E32070A-766D-4EE6-879C, DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsoftup ... 3308253578
O18 - Filter hijack: text / html - (no CLSID) - (no file)
O21 - SSODL: sapnet - (0D0794D0-D071-4FD9-BCCD-4B946075363D) - C: \ WINDOWS \ sapnet. dll
O21 - SSODL: rmvgor - (5EF9739B-6544-4085-89B3-D91CCE08E22C) - C \ WINDOWS \ rmvgor.dll
O23 - service: Apple Mobile Device - Apple, Inc -: C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Bs Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ SYSTEM32 \ bgsvcgen. exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc - C \ WINDOWS \ system32 \ LEXBCES. EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc - C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc - C: \ Program Files \ Network Associates \ VirusScan \ Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc - C: \ Program Files \ Network Associates \ VirusScan \ VsTskMgr. exe
O23 - Service: pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe

**********************

Je pensais que tout allait bien jusqu'à ce que j'ai ouvert Internet Explorer. après un peu. Mon McAffee VirusScan me disait elle a constaté ces derniers,

puis Internet Explorer se fermer. des conseils ou des permis nécessaires

merci pour l'aide à ce jour. j'ai essayé de corriger ces problèmes, mais pas tout a disparu. maintenant mon logfile ressemble à ceci.

**********************
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ LEXBCES. EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C \ WINDOWS \ SYSTEM32 \ bgsvcgen.exe
C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService.exe
C \ Program Files \ Network Associates \ VirusScan \ VsTskMgr.exe
C: \ Program Files \ Fichiers communs \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C \ WINDOWS \ System32 \ svchost. exe
C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ directcd.exe
C: \ WINDOWS \ System32 \ lxsupmon.exe
C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
C \ Program Files \ Network Associates \ VirusScan \ SHSTAT.EXE
C: \ Program Files \ Network Associates \ Common Framework \ UpdaterUI.exe
C \ WINDOWS \ System32 \ hkcmd.exe
C: \ WINDOWS \ BCMSMMSG.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ WINDOWS \ vsnpstd2.exe
C: \ Program Files \ Windows Defender \ MSASCui. exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ Network Associates \ VirusScan \ McShield. exécutable
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www. google.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.eircom.net
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www. google.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.eircom.net
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Microsoft Internet Explorer fourni par eircom net
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) -: C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt. etc
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) -: C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53,707,962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3. dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C \ Program Files \ Google \ GoogleToolbarNotifier \ 2.0.301.7164 \ swg.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O3 - Toolbar: La jokwmp - (1C56ED66-9488-4D8F-B028-8BBABABB8361) - C: \ WINDOWS \ jokwmp. dll (file missing)
O4 - HKLM \ .. \ Exécuter: [AdaptecDirectCD] "C: \ Program Files \ Roxio \ Easy CD Creator 5 \ DirectCD \ directcd.exe"
O4 - HKLM \ .. \ Run: [LXSUPMON] C \ WINDOWS \ System32 \ lxsupmon.exe RUN
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Exécuter: [ShStatEXE] "C: \ Program Files \ Network Associates \ VirusScan \ SHSTAT. EXE "/ Standalone
O4 - HKLM \ .. \ Run: [McAfeeUpdaterUI] "C: \ Program Files \ Network Associates \ Common Framework \ UpdaterUI.exe" / StartedFromRunKey
O4 - HKLM \ .. \ Run: [IgfxTray] C \ WINDOWS \ System32 \ igfxtray.exe
O4 - HKLM \ .. \ Exécuter: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Exécuter: [SNPSTD2] C: \ WINDOWS \ vsnpstd2. exe
O4 - HKLM \ .. \ Run: [PicasaNet] "C: \ Program Files \ Bonjour \ Hello.exe"-b
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Exécuter: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe
O4 - HKLM \ .. \ Run: [DAEMON Tools] "C: \ Program Files \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKLM \ .. \ Run: [OM_Monitor] C: \ Program Files \ OLYMPUS \ OLYMPUS Master \ FirstStart.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [OM_Monitor] C: \ Program Files \ OLYMPUS \ OLYMPUS Master \ Monitor.exe-NoStart
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer]: C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [catsrv] C: \ Documents and Settings \ Ciaran \ Policies \ catsrv.exe-AutoStart
O4 - HKCU \ .. \ Exécuter: [SUPERAntiSpyware]: C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User service réseau)
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ ctfmon. EXE (utilisateur par défaut de l'utilisateur)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra du menu contextuel: & Google Search -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmsearch.html
O8 - Extra du menu contextuel: & Translate English Word -- res://c : \ program files \ google \ GoogleToolbar2. dll / cmwordtrans.html
O8 - Extra du menu contextuel: Backward Links -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra du menu contextuel: Cached Snapshot of Page -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmcache.html
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel -- res://C : \ PROGRA ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL. EXE/3000
O8 - Extra du menu contextuel: Pages similaires -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmsimilar.html
O8 - Extra du menu contextuel: Traduire la page en anglais -- res://c : \ program files \ google \ GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper. etc
O9 - Extra "Outils" menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-48C4-47F8-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø14 - IERESET.INF: START_PAGE_URL = http://www.eircom. net
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) -- http://download.divx.com/webplayer/stag ... rPlugin.ca b
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsoftup ... /x86/clien t / muweb_site.cab? 1133308253578
O18 - Filter hijack: text / html - (no CLSID) - (no file)
O21 - SSODL: sapnet - (0D0794D0-D071-4FD9-BCCD-4B946075363D) - C: \ WINDOWS \ sapnet. dll
O21 - SSODL: rmvgor - (5EF9739B-6544-4085-89B3-D91CCE08E22C) - C \ WINDOWS \ rmvgor.dll
O23 - service: Apple Mobile Device - Apple, Inc -: C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Bs Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ SYSTEM32 \ bgsvcgen. exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc - C \ WINDOWS \ system32 \ LEXBCES. EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc - C: \ Program Files \ Network Associates \ Common Framework \ FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc - C: \ Program Files \ Network Associates \ VirusScan \ Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc - C: \ Program Files \ Network Associates \ VirusScan \ VsTskMgr. exe
O23 - Service: pml Driver HPZ12 - HP - C \ WINDOWS \ system32 \ HPZipm12.exe

**********************

Je pensais que tout allait bien jusqu'à ce que j'ai ouvert Internet Explorer. après un peu. Mon McAffee VirusScan me disait, il a trouvé ces,
ac8zt2 AdClicker-fc
ac8zt2 Puper
ac8zt2 génériques
puis Internet Explorer se fermer. des conseils ou des permis nécessaires

Démarrez en mode sans échec et fixer les éléments suivants:

OUCH I GOT DAMN WORM NetSky CE TROP THING HELP! Toute aide sera appréciée HERES MY LOG HIJACK

Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 6:06:37 PM, le 3.5.2008
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass. exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
c: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc. exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Adobe \ Photoshop Elements 5.0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
C: \ WINDOWS \ arservice.exe
C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc. exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ eHome \ ehrecvr.exe
C \ WINDOWS \ eHome \ ehSched.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
C \ WINDOWS \ system32 \ nvsvc32.exe
C \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ PnkBstrB.exe
C: \ WINDOWS \ ehome \ RMSvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ dllhost. exe
C \ WINDOWS \ ehome \ ehtray.exe
C: \ WINDOWS \ eHome \ ehmsas.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ ARPWRMSG.EXE
C: \ Program Files \ HP DigitalMedia Archive \ DMAScheduler.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C \ Program Files \ Common Files \ AOL \ 1166555938 \ ee \ AOLSoftware.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Program Files \ HP \ HP Software Update \ HPwuSchd2. exe
C: \ Program Files \ Verizon \ Servicepoint \ VerizonServicepoint.exe
C: \ PROGRA ~ 1 \ Verizon \ SMARTB ~ 1 \ MotiveSB.exe
C: \ Program Files \ Kuma Games \ hcsystray \ hc_tray.exe
C: \ Program Files \ Zune \ ZuneLauncher.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C \ Program Files \ Adobe \ Photoshop Elements 5.0 \ apdproxy.exe
C \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIALA.EXE
C: \ Program Files \ Microsoft Xbox 360 Accessories \ XboxStat.exe
C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ jusched. exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ DISC \ DISCover.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
C \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe
C \ Program Files \ DNA \ btdna.exe
C \ Program Files \ DISC \ DiscStreamHub. exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Common Files \ Ahead \ Lib \ NMIndexingService.exe
C: \ Program Files \ Common Files \ Ahead \ Lib \ NMIndexStoreSvr.exe
C: \ WINDOWS \ ehome \ RMSysTry.exe
c: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ HP \ KBD \ KBD.EXE
c: \ windows \ system \ hpsysdrv.exe
C \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore. exe
c: \ Program Files \ Fichiers communs \ Microsoft Shared \ Works Shared \ wkcalrem.exe
C \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis. exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...pf = desktop
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...pf = desktop
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=...pf = desktop
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
R3 - URLSearchHook: (no name) - (9CB65206-402c-89C4-BA80-02D8C59F9B1D) -: C: \ Program Files \ AskTBar \ SrchAstt \ 1.bin \ A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - (00A6FAF6-072E-44cf-8957-5838F569A31D) - (no file)
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt. dll
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) -: C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - (4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D) - C: \ WINDOWS \ downlo ~ 1 \ vzbb.dll (file missing)
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C, B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll
O2 - BHO: Ask Search Assistant BHO - (9CB65201-89C4-402c-BA80-02D8C59F9B1D) - C: \ Program Files \ AskTBar \ SrchAstt \ 1.bin \ A5SRCHAS.DLL
O2 - BHO: CNavExtBho Class - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt. dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar2.dll
O2 - BHO: hpWebHelper Class - (AAAE832A-5FFF-4661-9C8F-369692D1DCB9) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ plugin \ WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.0.1121.2472 \ swg. dll
O2 - BHO: Ask Toolbar BHO - (FE063DB1-4EC0-403e-8DD8-394C54984B2C) - C: \ Program Files \ AskTBar \ bar \ 1.bin \ ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn0 \ yt.dll
O3 - Toolbar: Norton AntiVirus - (C4069E3A-68F1-403E-B40E-20066696354B) - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt. etc
O3 - Toolbar: Verizon Broadband Toolbar - (4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D) - C \ WINDOWS \ downlo ~ 1 \ vzbb.dll (file missing)
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - (FE063DB9-4EC0-403e-8DD8-394C54984B2C) - C: \ Program Files \ AskTBar \ bar \ 1.bin \ ASKTBAR.DLL
O3 - Toolbar: emotigt - (72B445FA-2456-4718-8580-3D963E4CCB5A) - C: \ WINDOWS \ emotigt.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [ftutil2] rundll32.exe ftutil2.dll, SetWriteCacheMode
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Exécuter: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [DMAScheduler] "c: \ Program Files \ HP DigitalMedia Archive \ DMAScheduler.exe"
O4 - HKLM \ .. \ Run: [Recguard] C \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ccApp] c: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe "
O4 - HKLM \ .. \ Exécuter: [HPBootOp] "C: \ Program Files \ Hewlett-Packard \ HP Boot Optimizer \ HPBootOp.exe" / run
O4 - HKLM \ .. \ Exécuter: [Reminder] "C: \ Windows \ Creator \ Remind_XP.exe"
O4 - HKLM \ .. \ Run: [HostManager] C: \ Program Files \ Common Files \ AOL \ 1166555938 \ ee \ AOLSoftware.exe
O4 - HKLM \ .. \ Exécuter: [AOL Spyware Protection] "C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPwuSchd2.exe
O4 - HKLM \ .. \ Run: [VerizonServicepoint.exe] C: \ Program Files \ Verizon \ Servicepoint \ VerizonServicepoint.exe
O4 - HKLM \ .. \ Exécuter: [Motive SmartBridge] C: \ PROGRA ~ 1 \ Verizon \ SMARTB ~ 1 \ MotiveSB.exe
O4 - HKLM \ .. \ Run: [hcsystray]: C: \ Program Files \ Kuma Games \ hcsystray \ hc_tray.exe
O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe"
O4 - HKLM \ .. \ Run: [VF0060 stisvc] Rundll32.exe V0060Pin.dll, RunDLL32EP 513
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 5.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Exécuter: [EPSON Stylus CX5800F Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIALA. EXE / P27 "EPSON Stylus CX5800F Series" / O6 "USB002" / M "Stylus CX5800F"
O4 - HKLM \ .. \ Exécuter: [XboxStat] "C: \ Program Files \ Microsoft Xbox 360 Accessories \ XboxStat.exe" silentrun
O4 - HKLM \ .. \ Exécuter: [SunJavaUpdateSched]: C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ jusched.exe "
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] ": C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser
O4 - HKLM \ .. \ Run: [Discover] C: \ Program Files \ DISC \ DISCover.exe nogui
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Ahead \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Exécuter: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [MyWebSearch Email Plugin] C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ mwsoemon.exe
O4 - HKLM \ .. \ Run: [My Web Search Bar] rundll32 C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1. bin \ MWSBAR.DLL, S
O4 - HKLM \ .. \ Run: [ALUAlert] C: \ Program Files \ Symantec \ LiveUpdate \ ALUNOTIFY.EXE
O4 - HKLM \ .. \ RunOnce: [Index Washer] C: \ Program Files \ Webroot \ Washer \ WashIdx.exe "HP_Administrator"
O4 - HKCU \ .. \ Run: [Window Washer]: C: \ Program Files \ Webroot \ Washer \ wwDisp.exe / startup
O4 - HKCU \ .. \ Run: [EA Core] ": C: \ Program Files \ Electronic Arts \ EA Link \ Core.exe" silencieux
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [BgMonitor_ (79662E04-7C6C-84C7-4d9f-88D8A56B10AA)]: "C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe"
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ ADN \ btdna.exe"
O4 - HKCU \ .. \ Exécuter: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [MyWebSearch Email Plugin] C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1. bin \ mwsoemon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Exécuter: [AVG7_Run] C \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User LOCAL SERVICE)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User service réseau)
O4 - HKUS \ S-1-5-18 \ .. \ Exécuter: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (utilisateur "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Exécuter: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (utilisateur par défaut de l'utilisateur)
O4 -. DEFAULT User Startup: Pin.lnk = C: \ hp \ bin \ CLOAKER. EXE (utilisateur par défaut de l'utilisateur)
O4 -. DEFAULT User Startup: PinMcLnk.lnk C =: \ hp \ bin \ cloaker.exe (User utilisateur par défaut)
O4 - Startup: Kuma_Tray.lnk = C: \ Program Files \ Jeux Kuma \ kgsystray \ Kuma_tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C: \ WINDOWS \ ehome \ RMSysTry.exe
O8 - Extra du menu contextuel: & Search -? P = ZNfox000
O8 - Extra du menu contextuel: & Yahoo! Search - file: / / / c: \ Program Files \ Yahoo! \ Common / ycsrch.htm
O8 - Extra du menu contextuel: Yahoo! & Dictionary - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O8 - Extra du menu contextuel: Yahoo! & Maps - file: / / / C: \ Program Files \ Yahoo! \ Common / ycmap.htm
O8 - Extra du menu contextuel: Yahoo! & SMS - file: / / / c: \ Program Files \ Yahoo! \ Common / ycsms.htm
O9 - Extra button: (pas de nom) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) -: C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv. etc
O9 - Extra "Outils" menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - DFB852A3 (-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper. etc
O9 - Extra "Outils" menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-48C4-47F8-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support. htm
O9 - Extra "Outils" menuitem: Internet Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ IEButton \ support.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra "Outils" menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) -: C: \ Program Files \ Messenger \ msmsgs. exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Class) -- http://messenger.zone.msn.com/binary/ms...b56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary/ZI...b56649. cabine
O16 - DPF: (C3F79A2B-B9B4, 4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary/Me...b56907.cab
O21 - SSODL: admgcx - (360ABEC7-4FF9-4720-9B51-) 9D2447F60949 - C: \ WINDOWS \ admgcx.dll
O21 - SSODL: bdmanager - (EE4D61DA-6CE7-440D-AC14-04DDF63CCBC4) - C: \ WINDOWS \ bdmanager.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 5.0 \ PhotoshopElementsFileAgent. exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ aluschedulersvc.exe
O23 - service: AVG Anti-Spyware Garde - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc. exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation -, c: \ Program Files \ Norton Internet Security \ ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccProxy. exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google -: C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1. EXE
O23 - Service: MSCamSvc - Unknown owner - C: \ Program Files \ Microsoft LifeCam \ MSCamS32.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NAVAPSVC.EXE
O23 - Service: NBService - Nero AG -: C: \ Program Files \ Nero \ Nero 7 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Ahead \ Lib \ NMIndexingService. exe
O23 - service: Norton Protection Center Service (NSCService) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ Security Console d'\ NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Display Service (NVSvc) - NVIDIA Corporation - C \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA. exe
O23 - Service: PnkBstrB - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrB.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -, c: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc. exe
O23 - service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -, c: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ DPCC-LC \ symlcsvc.exe
O24 - Desktop Composante 0: Privacy Protection - file: / / / C: \ WINDOWS \ privacy_danger \ index.htm

--
Fin de fichier - 17,578 octets

Supprimer le texte suivant dans un HijackThis...


Il y avait d'autres que je n'étais pas si sûr...

EDIT: NM, j'ai commencé un nouveau thread.