Sujet Précédent Sujet Suivant

Virus qui bloque les sites antivirus

Fermé
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008 - 30 déc. 2008 à 14:45
 karaboudjan - 4 juin 2009 à 15:20
Bonjour,

J'ai visiblement chopé un méchant virus qui bloque l'accès à tous les sites d'antivirus pour mettre à jour les BD virus.
J'ai suivi les différents post précédents mais même en téléchargeant depuis un autre ordi, les différents logiciels sont bloqués.. Ils s'éteignent au bout de qq secondes de "sablier"...
Pas possible non plus de lancer un scan avec qq liens de diagnostic (genre Hijackthis) que j'ai essayé suite aux différentes lectures...
Si je peux éviter un reboot total se serait super because not an expert !!!

Merci d'avance de vos conseils précieux!

Manu
A voir également:

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 15:15
depuis ton autre ordi:
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau. puis renomme le en killfix


mets le sur ton ordi infecté sur le bureau et pas ailleurs puis

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
1
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 15:49
Hello,

Ca a l'air d'avoir fonctionné. Voilà le rapport :
ComboFix 08-12-29.02 - salomon 2008-12-30 15:38:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.503.216 [GMT 1:00]
Lancé depuis: c:\documents and settings\salomon\Bureau\KillFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\drivers\TDSSmxst.sys
c:\windows\system32\getwn32.dll
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkao.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnvuo.dll
c:\windows\system32\TDSSoitt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoqm.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\wertyu.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.

2008-12-30 14:19 . 2007-08-09 11:45 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-30 14:19 . 2007-08-09 11:45 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-30 14:19 . 2007-08-09 10:18 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-30 14:19 . 2007-08-09 11:45 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-30 14:19 . 2007-08-09 11:45 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-30 14:19 . 2007-08-09 11:45 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-30 14:19 . 2007-08-09 11:45 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-30 14:19 . 2008-12-30 14:19 <REP> d-------- c:\documents and settings\Administrateur
2008-12-30 13:01 . 2008-12-30 13:04 <REP> d-------- c:\windows\system32\NtmsData
2008-12-10 23:36 . 2008-12-10 23:36 268 --ah----- C:\sqmdata19.sqm
2008-12-10 23:36 . 2008-12-10 23:36 244 --ah----- C:\sqmnoopt19.sqm
2008-12-09 23:00 . 2008-12-09 23:00 268 --ah----- C:\sqmdata18.sqm
2008-12-09 23:00 . 2008-12-09 23:00 244 --ah----- C:\sqmnoopt18.sqm
2008-12-09 08:28 . 2008-12-09 08:28 268 --ah----- C:\sqmdata17.sqm
2008-12-09 08:28 . 2008-12-09 08:28 244 --ah----- C:\sqmnoopt17.sqm
2008-12-07 08:53 . 2008-12-07 08:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-07 08:53 . 2008-12-07 08:53 232 --ah----- C:\sqmdata16.sqm
2008-12-06 17:42 . 2008-12-06 17:42 268 --ah----- C:\sqmdata15.sqm
2008-12-06 17:42 . 2008-12-06 17:42 244 --ah----- C:\sqmnoopt15.sqm
2008-12-06 10:57 . 2008-12-06 10:57 <REP> d-------- c:\program files\Lavasoft
2008-12-06 10:57 . 2008-12-06 10:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 10:33 . 2008-12-06 10:56 <REP> d-------- c:\program files\Intelinet
2008-12-06 10:33 . 2008-12-06 10:33 0 --a------ C:\proc.id
2008-12-06 10:33 . 2008-12-06 10:33 0 --a------ C:\asdasd.asdasd
2008-12-06 10:16 . 2008-12-06 10:16 0 --a------ c:\windows\nsreg.dat
2008-12-05 17:59 . 2008-12-05 17:59 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 17:59 . 2008-12-05 18:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 22:12 . 2008-11-25 22:13 <REP> d-------- c:\program files\PhotoFiltre
2008-11-12 21:43 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:42 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 21:53 . 2008-11-11 21:53 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
2008-11-11 21:53 . 2008-11-11 21:53 <REP> d-------- c:\documents and settings\All Users\Application Data\BOONTY
2008-11-04 22:51 . 2008-11-04 22:53 <REP> d-------- c:\program files\BoontyGames
2008-11-04 22:51 . 2008-11-04 22:51 <REP> d-------- c:\program files\Boonty
2008-11-04 08:29 . 2008-11-04 08:29 268 --ah----- C:\sqmdata14.sqm
2008-11-04 08:29 . 2008-11-04 08:29 244 --ah----- C:\sqmnoopt14.sqm
2008-11-03 08:20 . 2008-11-03 08:20 268 --ah----- C:\sqmdata13.sqm
2008-11-03 08:20 . 2008-11-03 08:20 244 --ah----- C:\sqmnoopt13.sqm
2008-11-01 22:53 . 2008-11-01 22:53 268 --ah----- C:\sqmdata12.sqm
2008-11-01 22:53 . 2008-11-01 22:53 244 --ah----- C:\sqmnoopt12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 14:43 --------- d-----w c:\documents and settings\salomon\Application Data\OpenOffice.org2
2008-12-26 21:10 --------- d-----w c:\program files\eMule
2008-12-06 12:26 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-06 09:57 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\vptray.exe" [2003-12-17 90112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\salomon\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\sina\\SAP\\SAPlatform.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40654:TCP"= 40654:TCP:eMule_TCP
"46021:UDP"= 46021:UDP:eMule_UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-06-26 98488]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe [2008-12-06 861464]
.
Contenu du dossier 'Tâches planifiées'

2008-12-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2008-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-30 c:\windows\Tasks\User_Feed_Synchronization-{73ACAFA1-EB47-4F44-9282-6B0ABFB58455}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Intelinet - c:\program files\Intelinet\Intelinet.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?referrer=theme_ign
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites

c:\windows\Downloaded Program Files\downloader.dll - O16 -: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}
hxxp://dl.uc.sina.com/cab/downloader.cab
c:\windows\Downloaded Program Files\downloader.inf

c:\windows\Downloaded Program Files\Account.dll - O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4}
hxxps://safe.tele2.com/inc/accounthelper.cab
c:\windows\Downloaded Program Files\Account.inf
FF - ProfilePath - c:\documents and settings\salomon\Application Data\Mozilla\Firefox\Profiles\3amlzno7.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 15:43:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\windows\explorer.exe [188] 0x82017898

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\SYMANT~1\DefWatch.exe
c:\windows\system32\CBA\PDS.EXE
c:\progra~1\SYMANT~1\Rtvscan.exe
c:\windows\system32\CBA\XFR.EXE
c:\windows\system32\MSGSYS.EXE
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2008-12-30 15:46:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-30 14:46:14

Avant-CF: 12,326,596,608 octets libres
Après-CF: 12,694,913,024 octets libres

181 --- E O F --- 2008-12-30 11:11:44

Merci !!

Manu
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008 > mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:09
Est-ce que cela a résolu le pb ?

Merci,

Manu
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008 > mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:11
En tout cas les antivirus retrouvent leur update !!!
Alors encore merci!!
C'est vraiment agréable de se sentir épaulé! S'il y a qq chose que l'on peut faire pour aider cette communauté, merci de me le faire savoir!

Manu
0
Réponse 2 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 14:54
sslt as tu essayé de renommer les logiciel (hijackthis en eden par exemple ) avant de le transferer sur ton ordi?

si c'est pas le cas essaye et colle le rapport

sinon on essaiera autre chose
0
Réponse 3 / 11
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 14:56
Non...
J'essaie et te tiens au courant!
merci pour la réponse rapide!
Manu
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 15:08
Bonjour,

Ca a marché!!

Voilà le log file :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:53, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
E:\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
0
Réponse 4 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 16:15
ok parfait il l'a viré


analyse ces fichiers sur virus total et dis si infectés: https://www.virustotal.com/gui/

c:\program files\Intelinet
C:\proc.id
C:\asdasd.asdasd
c:\windows\nsreg.dat


______________________



Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:24
Ca c pour le premier fichier Intelinet: Ca n'a pas l'air très sain !

a-squared 4.0.0.73 2008.12.25 Riskware.FraudTool.Win32.Agent.dx!A2
AhnLab-V3 2008.12.25.0 2008.12.25 -
AntiVir 7.9.0.45 2008.12.25 PHISH/Fraud.Agent.DX
Authentium 5.1.0.4 2008.12.25 -
Avast 4.8.1281.0 2008.12.25 -
AVG 8.0.0.199 2008.12.25 -
BitDefender 7.2 2008.12.25 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.25 -
Comodo 811 2008.12.25 Application.Win32.HackTool.Agent.~U
DrWeb 4.44.0.09170 2008.12.25 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.25 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.25 FraudTool.Win32.Agent.dx
Fortinet 3.117.0.0 2008.12.25 Misc/Agent
GData 19 2008.12.25 -
Ikarus T3.1.1.45.0 2008.12.25 -
K7AntiVirus 7.10.566 2008.12.25 -
Kaspersky 7.0.0.125 2008.12.25 not-a-virus:FraudTool.Win32.Agent.dx
McAfee 5474 2008.12.24 potentially unwanted program Generic PUP
McAfee+Artemis 5474 2008.12.24 potentially unwanted program Generic PUP
Microsoft 1.4205 2008.12.25 -
NOD32 3717 2008.12.25 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.25 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.25 -
Prevx1 V2 2008.12.25 Malicious Software
Rising 21.09.32.00 2008.12.25 -
SecureWeb-Gateway 6.7.6 2008.12.25 -
Sophos 4.37.0 2008.12.25 Troj/FakeVir-IQ
Sunbelt 3.2.1809.2 2008.12.22 FraudTool.Win32.Agent.dx
Symantec 10 2008.12.25 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.25 -
VBA32 3.12.8.10 2008.12.25 -
ViRobot 2008.12.24.1534 2008.12.24 Adware.Agent.R.861464
VirusBuster 4.5.11.0 2008.12.25 -
Information additionnelle
File size: 861464 bytes
MD5...: a45727b9de964da960ce7eead9e4a7be
SHA1..: e00a399d2ab74bfad9088c415e24892a6d74bf2c
SHA256: 38f4a69743814e39751310f03045e1759d0bffbd7f530fb59cc928b252ff3fd3
SHA512: 97e5550d1d5251c347e867d11f9867fda435fa8779b0614690a09e546973d82e
a833ba9d95836f680aef27f6966f43fc5ce9c0a9f91b70f0597e28efa71058fd

ssdeep: 12288:yfdCdMJa77Tgb2l9IYEZe24EIsm9cGwfXJ6Q2zpAxZF/4Tm0SdKH/nf8x6
:yfdCCA7H9IYEZeFVcx6bzpuGiT8/f8U

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x45372f
timedatestamp.....: 0x455f3696 (Sat Nov 18 16:36:38 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.textbss 0x1000 0x50101 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x52000 0xa8fea 0xa9000 5.54 417a3df942d9f47c3ecbdc7a3a4ea8c4
.rdata 0xfb000 0x20764 0x21000 3.40 7780712e2d76ec5905c5bad7b9b03a6f
.data 0x11c000 0x4f10 0x3000 2.84 7ded3d1e669429bc02c3189e16db2889
.idata 0x121000 0x1615 0x2000 3.66 4ccf361dd4ee16e822f92d324256ae77
.rsrc 0x123000 0x326 0x1000 0.45 8537baa3a984a652925337101dc6b101

( 5 imports )
> KERNEL32.dll: LeaveCriticalSection, Thread32Next, Thread32First, CreateToolhelp32Snapshot, GetLastError, ReadFile, GetFileSize, TerminateProcess, Process32NextW, GetPriorityClass, GetCurrentProcess, Process32FirstW, Sleep, GetProcessId, CreateThread, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, WaitForMultipleObjects, CreateMutexW, EnterCriticalSection, WaitForSingleObject, ResetEvent, OutputDebugStringW, SetLastError, CreateIoCompletionPort, PostQueuedCompletionStatus, GetQueuedCompletionStatus, RaiseException, OpenEventW, GetOverlappedResult, lstrcmpiW, GetCommandLineW, DeleteCriticalSection, InitializeCriticalSection, OpenFileMappingA, GetVersion, CreateFileMappingA, MapViewOfFile, GetSystemInfo, UnmapViewOfFile, GetCurrentThread, CreateEventW, SetEvent, IsBadStringPtrW, OpenProcess, FreeLibrary, LoadLibraryW, GetProcAddress, CreateFileW, DeviceIoControl, CloseHandle, GetVersionExW, ReleaseMutex, OpenEventA, GetThreadLocale, SetEnvironmentVariableA, CompareStringW, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, InterlockedExchange, MultiByteToWideChar, InterlockedCompareExchange, RtlUnwind, WriteConsoleW, GetFileType, GetStdHandle, GetCurrentThreadId, ExitThread, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapValidate, IsBadReadPtr, DebugBreak, lstrlenA, LoadLibraryA, GetModuleFileNameA, GetModuleHandleA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoA, LCMapStringA, LCMapStringW, GetCPInfo, FatalAppExitA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetConsoleCtrlHandler, WriteFile, GetACP, GetOEMCP, OutputDebugStringA, GetConsoleCP, GetConsoleMode, SetHandleCount, SetFilePointer, FlushFileBuffers, HeapReAlloc, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTimeFormatA, GetDateFormatA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, IsValidLocale, IsValidCodePage, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, CreateFileA, GetTimeZoneInformation, SetEndOfFile, CompareStringA, ExitProcess
> USER32.dll: CallNextHookEx, MessageBoxA, wsprintfW, GetThreadDesktop, SetThreadDesktop, EnumThreadWindows, MessageBoxW
> ADVAPI32.dll: OpenThreadToken, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, SetServiceStatus, ChangeServiceConfig2W, ControlService, CreateServiceW, OpenServiceW, StartServiceW, DeleteService, QueryServiceStatus, CloseServiceHandle, OpenSCManagerW, SetThreadToken, RevertToSelf
> SHELL32.dll: CommandLineToArgvW
> PSAPI.DLL: GetModuleFileNameExW

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=06ADFB6518EF04AD253B0D88703F7000FAB7B7E9
CWSandbox info: http://research.sunbelt-software.com/...
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:32
Les autres sont vides...
Pas de rapport !
Je m'attaque à Ad-R...

Manu
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008 > mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:39
Hello,

Voilà le rapport Ad-Remover:


--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

# START at: 16:36:48 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: XW4100 | USER: salomon ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.11

--------- [ RUNNING PROCESSES: 28 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
.
[04/11/2008 22:51] C:\Program Files\Boonty
[04/11/2008 22:51] C:\Program Files\Boonty\Components
[04/11/2008 22:53] C:\Program Files\BoontyGames
[04/11/2008 22:53] C:\Program Files\BoontyGames\Components
[11/11/2008 21:53] C:\Program Files\BoontyGames\Governor of Poker
[04/11/2008 22:53] C:\Program Files\BoontyGames\governorofpoker{355916}.exe
[27/10/2003 15:07] C:\Program Files\BoontyGames\Components\Joystick.ico
[26/12/2005 12:41] C:\Program Files\BoontyGames\Components\start.url
[06/10/2004 16:49] C:\Program Files\BoontyGames\Governor of Poker\Fenetre.bmp
[06/10/2004 16:49] C:\Program Files\BoontyGames\Governor of Poker\fenetrepop.bmp
[02/07/2008 11:05] C:\Program Files\BoontyGames\Governor of Poker\FLEXnet Activation Service Installer.dll
[20/06/2008 17:48] C:\Program Files\BoontyGames\Governor of Poker\GOP_Web_FR.swf
[02/07/2008 11:05] C:\Program Files\BoontyGames\Governor of Poker\GovernorofPoker.exe
[13/11/2008 20:09] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SpMU.lnk
[13/11/2008 20:09] C:\Program Files\BoontyGames\Governor of Poker\trial.ini
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\unins000.dat
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\unins000.exe
[25/02/2005 11:34] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\buy_connectionrequired.html
[25/02/2005 11:42] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\connectionrequired.html
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\js
[23/06/2005 12:29] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\manualtransaction.html
[25/02/2005 11:39] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\pageerror.html
[03/11/2004 17:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\pleasewait.html
[07/12/2005 17:10] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\repairstart.html
[25/02/2005 11:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\thankyou.html
[25/02/2005 11:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\transfailure.html
[11/03/2005 00:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialexit.html
[07/12/2005 17:09] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialexpired.html
[07/12/2005 17:08] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialstart.html
[03/11/2004 17:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\~pleasewait.html
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_br.css
[28/02/2005 17:52] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_de.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_en.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_fr.css
[28/02/2005 18:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_it.css
[28/02/2005 18:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_nb.css
[28/02/2005 18:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_nl.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_po.css
[28/02/2005 18:06] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_sp.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_us.css
[29/07/2004 09:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bg_nomjeu.gif
[29/07/2004 09:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bg_table.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Right.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBkg.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftC.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftCN.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftCR.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocCoinCadenas.gif
[03/01/2005 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocError.gif
[13/10/2004 09:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocExpiredTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocJouezMiddle.gif
[18/10/2004 11:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocJouezTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\boontysecure.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Bottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeftEast.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeftNorth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRightNorth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRightWest.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterMiddle.gif
[28/02/2005 12:40] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerMiddle.gif
[28/02/2005 17:50] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerRight.gif
[03/01/2005 14:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtnBuyExit.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_acheter.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_fermer.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_infos.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_jouer.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_nomjeu2.gif
[28/09/2004 10:32] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_reactiver.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_reduc.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_suivant.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_suivant2.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowQuestion.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CacheImgJeu.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\caddie.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\cadenas.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CloseOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CloseOn.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\fleche.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\flechetrial.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\greypoint.gif
[01/07/2008 15:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\jeu.jpg
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\jouer_gratuitement.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Left.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MaximizeOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MaximizeOn.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MinimizeOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MinimizeOn.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Right.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\scroll.gif
[18/10/2004 11:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\scroll_bkg.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separator2.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorEnd.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorStart.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_03.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_06.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_08.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_09.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\spacer.gif
[03/01/2005 14:51] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\test.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Top.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopLeftSouth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopRightWest.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\transp.gif
[07/06/2005 15:56] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\wait.gif
[05/07/2006 11:51] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\js\ShellScripts.js
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared\Service
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
[11/11/2008 21:53] C:\Documents and Settings\All Users\Application Data\BOONTY
[11/11/2008 21:53] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
[13/11/2008 20:09] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B5AFD000.dat
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\ Jeux … t‚l‚charger.url
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker\ Jouer.lnk
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker\ Site Web.url

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.
[09/08/2007 13:17] C:\WINDOWS\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\ARPPRODUCTICON.exe
[22/08/2008 12:09] C:\WINDOWS\Installer\{BAF5914B-5730-4373-B038-9F436AC6A0D6}\ARPPRODUCTICON.exe

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\3amlzno7.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~


+--+ +--+ +--+ +--+
.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

vptray REG_SZ C:\PROGRA~1\SYMANT~1\vptray.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.google.fr/ig?referrer=theme_ign

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-30.12.2008.log" (~23022 bytes)

# END at: 16:37:13 | 30/12/2008 - Time elapsed: 25.1 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 266 lines ]
+---------------------------------------------------------------------------+

Merci again,
m
0
Réponse 6 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 16:42
relance ad remover choisi l'option B et tape les chiffres correspondant a sweetim et boonty et supprime et colle le rapport


puis remets un rapport hijakchits


a plus
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:50
Pas l'impression que la suppression ait fonctionné...

Le rapport :

--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

# START at: 16:48:23 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: XW4100 | USER: salomon ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.11

--------- [ RUNNING PROCESSES: 30 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
.
[04/11/2008 22:51] C:\Program Files\Boonty
[04/11/2008 22:51] C:\Program Files\Boonty\Components
[04/11/2008 22:53] C:\Program Files\BoontyGames
[04/11/2008 22:53] C:\Program Files\BoontyGames\Components
[11/11/2008 21:53] C:\Program Files\BoontyGames\Governor of Poker
[04/11/2008 22:53] C:\Program Files\BoontyGames\governorofpoker{355916}.exe
[27/10/2003 15:07] C:\Program Files\BoontyGames\Components\Joystick.ico
[26/12/2005 12:41] C:\Program Files\BoontyGames\Components\start.url
[06/10/2004 16:49] C:\Program Files\BoontyGames\Governor of Poker\Fenetre.bmp
[06/10/2004 16:49] C:\Program Files\BoontyGames\Governor of Poker\fenetrepop.bmp
[02/07/2008 11:05] C:\Program Files\BoontyGames\Governor of Poker\FLEXnet Activation Service Installer.dll
[20/06/2008 17:48] C:\Program Files\BoontyGames\Governor of Poker\GOP_Web_FR.swf
[02/07/2008 11:05] C:\Program Files\BoontyGames\Governor of Poker\GovernorofPoker.exe
[13/11/2008 20:09] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SpMU.lnk
[13/11/2008 20:09] C:\Program Files\BoontyGames\Governor of Poker\trial.ini
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\unins000.dat
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\unins000.exe
[25/02/2005 11:34] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\buy_connectionrequired.html
[25/02/2005 11:42] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\connectionrequired.html
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images
[04/11/2008 22:53] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\js
[23/06/2005 12:29] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\manualtransaction.html
[25/02/2005 11:39] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\pageerror.html
[03/11/2004 17:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\pleasewait.html
[07/12/2005 17:10] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\repairstart.html
[25/02/2005 11:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\thankyou.html
[25/02/2005 11:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\transfailure.html
[11/03/2005 00:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialexit.html
[07/12/2005 17:09] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialexpired.html
[07/12/2005 17:08] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\trialstart.html
[03/11/2004 17:31] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\~pleasewait.html
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_br.css
[28/02/2005 17:52] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_de.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_en.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_fr.css
[28/02/2005 18:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_it.css
[28/02/2005 18:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_nb.css
[28/02/2005 18:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_nl.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_po.css
[28/02/2005 18:06] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_sp.css
[18/10/2004 11:02] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\css\ShellStyle_us.css
[29/07/2004 09:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bg_nomjeu.gif
[29/07/2004 09:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bg_table.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgERROR_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgOK_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgREDUC_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSECURE_Right.gif
[05/10/2004 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Bottom.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Coin.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Left.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Right.gif
[06/10/2004 08:45] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBkg.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftC.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftCN.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomLeftCR.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocBottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocCoinCadenas.gif
[03/01/2005 15:17] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocError.gif
[13/10/2004 09:37] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocExpiredTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocJouezMiddle.gif
[18/10/2004 11:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocJouezTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\blocTopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\boontysecure.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Bottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeftEast.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomLeftNorth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRightNorth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BottomRightWest.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterMiddle.gif
[28/02/2005 12:40] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btAcheterRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtBlueRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerMiddle.gif
[28/02/2005 17:50] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btJouerRight.gif
[03/01/2005 14:58] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtnBuyExit.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_acheter.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_fermer.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_infos.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_jouer.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_nomjeu2.gif
[28/09/2004 10:32] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_reactiver.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_reduc.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_suivant.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\btn_suivant2.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowQuestion.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\BtYellowRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_Off.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_On.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CacheImgJeu.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\caddie.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\cadenas.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CloseOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\CloseOn.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\fleche.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\flechetrial.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\greypoint.gif
[01/07/2008 15:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\jeu.jpg
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\jouer_gratuitement.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Left.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MaximizeOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MaximizeOn.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MinimizeOff.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\MinimizeOn.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottom.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottomLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopBottomRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTop.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\PopTopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Right.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\scroll.gif
[18/10/2004 11:01] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\scroll_bkg.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separator2.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorEnd.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorMiddle.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\separatorStart.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_03.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_06.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_08.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Shell_popup_09.gif
[29/07/2004 09:59] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\spacer.gif
[03/01/2005 14:51] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\test.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\Top.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopLeft.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopLeftSouth.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopRight.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\TopRightWest.gif
[04/10/2004 16:18] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\transp.gif
[07/06/2005 15:56] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\Images\wait.gif
[05/07/2006 11:51] C:\Program Files\BoontyGames\Governor of Poker\SHELL_DEFAULT_HTML\js\ShellScripts.js
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared\Service
[11/11/2008 21:53] C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
[11/11/2008 21:53] C:\Documents and Settings\All Users\Application Data\BOONTY
[11/11/2008 21:53] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
[13/11/2008 20:09] C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B5AFD000.dat
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\ Jeux … t‚l‚charger.url
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker\ Jouer.lnk
[04/11/2008 22:53] C:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\BoontyGames\Governor of Poker\ Site Web.url

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.
[09/08/2007 13:17] C:\WINDOWS\Installer\{896D642C-7125-44F0-AC49-A23ABF82209C}\ARPPRODUCTICON.exe
[22/08/2008 12:09] C:\WINDOWS\Installer\{BAF5914B-5730-4373-B038-9F436AC6A0D6}\ARPPRODUCTICON.exe

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\3amlzno7.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~


+--+ +--+ +--+ +--+
.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

vptray REG_SZ C:\PROGRA~1\SYMANT~1\vptray.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.google.fr/ig?referrer=theme_ign

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-30.12.2008.log" (~23153 bytes)

# END at: 16:48:48 | 30/12/2008 - Time elapsed: 24.6 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 268 lines ]
+---------------------------------------------------------------------------+


Je lance Hijack!
A +,
M
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008 > mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 16:52
Le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:09, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
E:\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
0
Réponse 7 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 18:04
ok c'est bon



vire ces 3 fichiers manuellement: contenu dans poste de travail puis C:

c:\program files\Intelinet
C:\proc.id
C:\asdasd.asdasd


____________


vire ad aware qui est dépassé et mets malwarebyte a la place:

et colle un rapport avec:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 19:03
Hello,

Voilà le rapport avec Malwarebytes:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1577
Windows 5.1.2600 Service Pack 3

30/12/2008 19:01:24
mbam-log-2008-12-30 (19-01-18).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 100251
Temps écoulé: 32 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelinetSecure (Rogue.Intelinet) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\av.dat.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnvuo.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoitt.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvoqm.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmxst.sys.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0032932.sys (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0032933.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0032934.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0032935.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0032936.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{EE2A2E0B-FBF1-4142-8388-969A45AE7331}\RP332\A0033163.exe (Rogue.Intelinet) -> No action taken.


Faut-il que je les supprime avec Malwarebytes ?

Merci,

M
0
Réponse 8 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 19:54
non laisse , si tu as viré supprime ce qui est en quarantaine dans malwarebyte


puis vire ce qui est dans le dossier quarantine en allant dans poste de travail puis

C:\Qoobox\Quarantine\


et pour virer le reste désactive ta restauration puis redemarre ton ordi puis réactive là comme ceci:

https://www.informatruc.com



_______________


encore des soucis???
0
mama1969 Messages postés 13 Date d'inscription mardi 30 décembre 2008 Statut Membre Dernière intervention 30 décembre 2008
30 déc. 2008 à 20:21
Ca m'a l'air tout clair !!!

Merci beaucoup pour l'aide... Cela aura été un plaisir pour terminer l'année de voir que on peut trouver un soutien inespéré !!

Merci et meilleur voeux pour l'année qui arrivent!

M
0
Réponse 9 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 déc. 2008 à 20:32
garde malwarebyte en complement de tes protections


et pour virer le reste utilisé lance tools cleaner:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
0
Réponse 10 / 11
karaboudjan
4 juin 2009 à 15:11
Bonjour,

J'ai le même problème que le problème initial de ce message, à une différence près, j'ai pu télécharger et exécuter Hijackthis, qui a donné le rapport suivant : 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:16, on 04/06/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\RDS.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Program Files\HP\Cissesrv\cissesrv.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caloggerd.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caauthd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\WINDOWS\System32\svchost.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LQServer.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LDBServer.exe
C:\Program Files\CA\BrightStor ARCserve Backup\asalert.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\NCU\cpqteam.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oreb.local
O17 - HKLM\Software\..\Telephony: DomainName = oreb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{83FBA563-82EF-4BEC-957A-FE5EDED6DD4E}: NameServer = 129.0.80.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oreb.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oreb.local
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\bin\hpapp.dll
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Moteur de bases de données CA BrightStor (CASDBEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: Service de découverte BrightStor de CA (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: Moteur de jobs CA BrightStor (CASJobEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: Moteur de messages CA BrightStor (CASMsgEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: Contrôleur de service CA Brightstor (CASSvcControlSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: Moteur de bandes CA BrightStor (CASTapeEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: Serveur de domaine CA BrightStor (CASUnivDomainSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: Serveur d'appel de procédure distante CA (CATIRPC) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: HP Smart Array SAS/SATA Event Notification Service (Cissesrv) - Hewlett-Packard Company - C:\Program Files\HP\Cissesrv\cissesrv.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: ESET RA HTTP Server (ERA_HTTP_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe
O23 - Service: ESET Remote Administrator Server (ERA_SERVER) - ESET - C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn Service (LogMeIn) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe

--
End of file - 9239 bytes


Dois-je suivre la même deuxième étape ? (de mémoire killfix ou un truc du genre ?)

D'avance, merci pour vos réponses.
0
Réponse 11 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 juin 2009 à 15:13
slt il est préferable que tu crée ton propre message, cela sera plus clair pour tous
0
karaboudjan
4 juin 2009 à 15:20
OK, merci.
Je m'en vais de ce pas faire un nouveau message alors.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
'Votre colis est dans le site de livraison qui dessert votre adresse' que faire
relakztek82 -
Unemeuf -

25 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses