Zlob, smitfraud, pop ups, les changements de papier peint rouge

**guccijana** · #1 28th Sep 2007, 17:13

Mon nom est im Tatjana et désespérée de l'aide, a essayé presque tous les virus outthere, mais pas de chance. J'ai essayé de télécharger smitfraud fix, mais il ne pouvait pas être Safed, parce que la source n'a pas pu être trouvé "ou" erreur inconnue s'est produite ".. même problème exact que ce gars-là" Eh bien, je reçois stupide pop ups dire mon pc est sous menace via la barre des tâches / barre d'outils, et une grande croix rouge qui clignote dans la barre des tâches et mon fond d'écran sur le bureau des changements à un fond rouge un grand symbole de l'image, et de voir ce cant Norton, l'un des bulles pop up de la barre des tâches / barre d'outils selon son trojan32.looksky, et aussi ma page d'accueil sur IE a changé de ucleaner.com ultime nettoyant 2007, whicjh est un faux spyware chose scanner / remover "
S'il vous plaît, aidez-moi!
mon journal

Logfile de HijackThis v1.99.1
Scan sauvé à 7:26:18 PM, le 9.28.2007
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe
C: \ Program Files \ Yahoo! \ Antivirus \ cavrid.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeperUI.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
C: \ Program Files \ Eset \ nod32krn.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ spysweeper.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ ssu.exe
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "engine: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsshld.exe
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe"
O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Program Files \ Yahoo! \ Antivirus \ cavrid.exe"
O4 - HKLM \ .. \ Run: [OJ] "C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe" / autostart
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Program Files \ Eset \ nod32kui.exe" / WAITSERVICE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeperUI.exe" / startintray
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fichier manquant)
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C: \ WINDOWS \ SYSTEM32 \ WRLogonNTF.dll
O21 - SSODL: mssql - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Program Files \ Eset \ nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc - C: \ Program Files \ Webroot \ Spy Sweeper \ spysweeper.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ SYSTEM32 \ YPCSER ~ 1.EXE

**evilfantasy** · #2 28th Sep 2007, 17:55

Tatjana Salut, bienvenue au TCF.

* Important *
Renommez le fichier Hijackthis.exe à Analyze.exe. Cela est important parce que de nouvelles formes de logiciels malveillants peuvent se cacher des HijackThis.exe. Clic droit sur le fichier HijackThis.exe dans C: \ Program Files \ HijackThis et choisir renommer. Type de Analyze.exe et appuyez sur la touche Entrée.
Clic droit sur le fichier et l'envoyer Analyze.exe de bureau pour créer un raccourci.
============================
Il semble que vous avez plus d'un antivirus installé. Si tel est le cas s'il vous plaît aller à ajouter ou supprimer des programmes et de désinstaller tous sauf un.
Ayant plus d'un antivirus est inutile et peut causer des conflits.
============================
Désactiver TeaTimer de Spybot.
Alors que TeaTimer est un excellent outil pour la prévention des logiciels espions, il peut parfois empêcher nos outils de fixation de certaines choses.
S'il vous plaît désactiver TeaTimer pour l'instant jusqu'à ce que vous sont propres. TeaTimer peut être ré-activé une fois que vos logs sont propres.
* Ouvert Spybot Search & Destroy.
* Dans le menu, cliquez sur Mode "Advanced mode"S'il n'est pas déjà sélectionné.
* Choisir "Oui"Attention à l'invite.
* Développer la "Outils"Menu.
* Cliquez sur "Resident».
* Désactivez la "Résident "TeaTimer" (Protection de l'ensemble des paramètres du système) active."Box.
* Dans le menu Fichier, cliquez sur "Exit"À la sortie de Spybot Search & Destroy.
+ Vous pouvez réactiver TeaTimer quand nous avons fini.
=============================
S'il vous plaît télécharger ATF Cleaner par Atribune. Cela aidera tout scans courir plus vite. ATF CLEANER.EXE Ce programme ne nécessite pas d'installation. L'exécutable fait exécute le programme.

REMARQUE: ATF Cleaner supprime tous les fichiers de points qui sont contrôlés de façon si vous avez des cookies, vous souhaitez enregistrer. S'il vous plaît les déplacer vers un autre répertoire en premier.
* Double-cliquez sur ATF-CLEANER.EXE pour exécuter le programme.
* En vertu principale de choisir: Sélectionner tout
* Cliquez sur le Empty Selected bouton.

Si vous utilisez Firefox navigateur
* Cliquez sur Firefox en haut et choisir: Sélectionner tout
* Cliquez sur le Vide Bouton sélectionné.
REMARQUE: Si vous souhaitez conserver vos mots de passe, cliquez s'il vous plaît Non à l'invite.

Si vous utilisez Opera navigateur
* Cliquez sur Opera au sommet et à choisir: Sélectionner tout
* Cliquez sur le Empty Selected bouton.
REMARQUE: Si vous souhaitez conserver vos mots de passe, cliquez s'il vous plaît Non à l'invite.

Cliquez sur Exit sur le menu principal ATF Cleaner pour fermer le programme.
===============================
1. Télécharger ce fichier combofix.exe
2. Double-cliquez sur combofix.exe et suivre les instructions.
3. Lorsque vous avez terminé, il est tenu de produire un journal pour vous. Publier ce fichier dans votre prochaine réponse.

Note:
Ne pas combofix clic de souris, alors que la fenêtre de son fonctionnement. Cela mai à cause de décrochage.
=====================================

Dans le prochain message s'il vous plaît, ajouter:
Combofix log
Un nouveau log HijackThis et rebaptisé

**evilfantasy** · #3 28th Sep 2007, 18:31

Aussi:
Permettez-moi de savoir comment sont les choses maintenant.

**guccijana** · #4 29e Sep 2007, 22:23

Salut evilfantasy-thx pour la réponse rapide .. mon ordinateur est très lent et il a pris cette heure détachement .. i vous avez fait ce que m'a dit de désinstallé nod32-antivirus, Spysweeper, yahoo et protection en ligne ..

i ci-joint le log combofix et voici le journal HijackThis.

Logfile de HijackThis v1.99.1
Scan sauvé à 1:11:41 AM, le 9.30.2007
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "engine: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fichier manquant)
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: mssql - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (D5B03680-8880-4BC8-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (file missing)
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #5 30e Sep 2007, 00:49

Ouvert HijackThis et sélectionnez "Est-ce que seulement un système de balayage"Et le placer une coche à côté de ces entrées.
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fichier manquant)
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
Fermez toutes les fenêtres du navigateur, y compris celui-ci puis cliquez sur "Fix vérifié"
Redémarrez l'ordinateur et poste un nouveau log HijackThis.

Dites-moi comment sont les choses maintenant.

**guccijana** · #6 30e Sep 2007, 08:16

helllo, ahh enfin mon ordinateur ne possède pas les fenêtres pop up gênantes avertissements, et les trois virus les icônes qui ont été installés sur l'ordinateur sont également disparu, Yeeeah ..

On dirait que tout est revenu à la normale, le fond rouge est également révolue. Voici le journal.

Logfile de HijackThis v1.99.1
Scan sauvé à 11:03:37 AM, le 9.30.2007
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "engine: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-833C-4EA8-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll
O21 - SSODL: mssql - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

**evilfantasy** · #7 30e Sep 2007, 08:35

Glad choses sont meilleures. Mais il ya encore quelques épineux à résoudre.

Supprimer la copie de Combofix que vous avez et de télécharger une nouvelle copie.
Combofix constamment mises à jour de sorte qu'il est toujours bon d'obtenir une nouvelle copie.

1. Télécharger ce fichier combofix.exe
2. Double-cliquez sur combofix.exe et suivre les instructions.
3. Lorsque vous avez terminé, il est tenu de produire un journal pour vous. Publier ce fichier dans votre prochaine réponse.

Note:
Ne pas combofix clic de souris, alors que la fenêtre de son fonctionnement. Cela mai à cause de décrochage.

Dans le prochain message s'il vous plaît ajouter en pièces jointes. Vous pouvez ajouter plus d'une pièce jointe, il suffit de répéter les étapes:
Combofix log
Fresh log HJT

**guccijana** · #8 30e Sep 2007, 09:03

Bonjour, j'ai essayé combofix.exe cliquant sur le lien, mais c'est ce qui a eu
404 Not Found

L'URL '/ SUBS / combofix.exe "n'a pas été trouvée sur ce serveur.

**evilfantasy** · #9 30e Sep 2007, 09:12

Merci. J'ai révisé mon lien.

Voici un bon téléchargement. Combofix.exe

**guccijana** · #10 30e Sep 2007, 12:50

Bonjour, oui ce lien fonctionne, je vous remercie ... le fond d'écran rouge revient: (et aussi que les icônes et les pop ups .. de toute façon ici, c'est le combofix et HJT log.

Logfile de HijackThis v1.99.1
Scan sauvé à 3:37:03 PM, le 9.30.2007
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ CIFPFiltering \ FilterService.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Tablet.exe
C: \ WINDOWS \ wanmpsvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe
C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe
C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe
C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe
C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HijackThis \ Analyze.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = 127.0.0.1:8080
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blazevic \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "engine: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana BLAZEVIC \ Application Data \ Mozilla \ Profiles \ default \ mhiwv3o3.slt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: MSVPS System - (0D5227BF-0C5B-833C-4EA8-FE09F1496F39) - C: \ WINDOWS \ div32.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file)
O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file)
O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ vso \ mcvsshl.dll
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe"
O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe"
O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Event Monitor \ IntelMEM.exe"
O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r
O4 - HKLM \ .. \ Run: [P17Helper] Rundll32 P17.dll, P17Helper
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ pcmservice.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe"
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Music Engine \ ymetray.exe"
O4 - HKLM \ .. \ Run: [EPSON Stylus Photo R340 Series] "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON Stylus Photo R340 Series" / O6 "USB002 "/ M" Stylus Photo R340 "
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ypager.exe"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Fichiers communs \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe
O4 - Global Startup: APC UPS Status.lnk =?
O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe
O4 - Global Startup: TabUserW.exe.lnk = C: \ WINDOWS \ SYSTEM32 \ WTablet \ TabUserW.exe
O9 - Extra button: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) --
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: mssql - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll
O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll
O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (file missing)
O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA ~ 1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp - C: \ WINDOWS \ system32 \ Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe

PS J'ai essayé de joindre HJT log, mais il ne serait pas joindre, désolé!

Similar Threads
Fil	Thread Starter	Forum	Réponses	Last Post
Détection de Trojan.Zlob.G - Urgent - Aide S'il vous plaît!	teenee23	Virus, Spyware et sécurité	14	19 Mar 2009 07:45
Quels problèmes avez-vous avec Trojan.Zlob	hopthwoks	Virus, Spyware et sécurité	1	10 Mar 2009 11:45
Smitfraud-C Il ne veut pas mourir!	PlatSpin	Virus, Spyware et sécurité	13	19 août 2008 10:24
Virus Smitfraud	PK28	Virus, Spyware et sécurité	12	5 fév 2008 16:17
Smitfraud-c.msvps	guccijana	Virus, Spyware et sécurité	158	30 Jan 2008 20:07