Au secours Darkpoet!

Fermé
tenzing - 10 janv. 2009 à 05:02
 tenzing - 10 janv. 2009 à 19:45
Bonjour,
J'ai du m'absenter pendant que Malwarebytes "tournait". Lorsque je suis revenu j'ai tenté d'envoyer le rapport /log mais mon identification n'est pas reconnue et je ne reçois aucun mail de confirmation ou rappel d'identification. Que faire? Merci de votre réponse

26 réponses

darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 09:09
0
Bonjour Darkpoet,
En effet, j'a ifini par retrouver mon topic et t'ai envoyé les deux rapports que tu me demandais mais , à priori, tu ne les as pas reçu. Je te les joins à nouveau.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1634
Windows 5.1.2600 Service Pack 2

10/01/2009 03:58:42
mbam-log-2009-01-10 (03-58-42).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 115642
Temps écoulé: 48 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71f39c63-7943-4d78-b2c0-173bba02ecc5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f39c63-7943-4d78-b2c0-173bba02ecc5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{511f9316-771b-4953-a268-1c36da667fe9} (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hizonimogi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm28282031 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\aamd532.dll (Rogue.EAntispy) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP708\A0117445.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP709\A0118724.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP675\A0102002.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP710\A0120003.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP715\A0120630.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Cache\000C1AD0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Cache\001CAFFE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.




SmitFraudFix v2.388

Rapport fait à 18:09:21,98, 09/01/2009
Executé à partir de C:\Documents and Settings\isabelle Martin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\davagadu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\davagadu.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\davagadu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\davagadu.dll"



»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 10:42
salut
un vundo est dans la restoration fait cet manip svp
il faut desactiver la restauration systeme le temps du redemarrage dans DEMARRER puis TOUS LES PROG
puis ACCESOIRE puis OUTILS SYSTEME puis DANS RESTAURATION SYSTEME aller dans parametre et desactiver la restauration


ensuite ceci
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
voici le rapport demandé:


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : isabelle Martin ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 10/01/2009|10:56 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Fichiers communs\WhenU
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(isabelle Martin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 10/01/2009|10:57 - Option : [1]

-----------\\ Fin du rapport a 10:57:43,45
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 11:08
relance toolbarsd et choisi l option 2 "suppression
0
La commande a été effectuée. Voici le rapport:



-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : isabelle Martin ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 10/01/2009|11:22 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\Fichiers communs\WhenU

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(isabelle Martin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 10/01/2009|10:57 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 10/01/2009|11:23 - Option : [2]

-----------\\ Fin du rapport a 11:23:41,75


Je ne sais pas encore si les démarches que tu as faites pour moi sont terminées mais je souhaite te remercier pour tout ce que tu as déjà fait.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 11:31
Télécharge Lop S&D :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

▶ Double-clique dessus pour lancer l'installation

▶ Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

▶ Séléctionne la langue souhaitée

▶ Puis choisis l'Option 1 ( Recherche )

▶ Patiente jusqu'à la fin du scan

▶ Poste le rapport généré ( C:lopR.txt )
0
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : isabelle Martin ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 10/01/2009|11:38 )

--------------------\\ Listing des dossiers dans APPLIC~1

[28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[28/04/2005|10:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[28/04/2005|09:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/04/2005|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[01/08/2005|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/01/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[09/08/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[28/04/2005|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/01/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/10/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[18/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[19/11/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[09/01/2009|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[28/04/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[20/01/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[28/04/2005|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[29/10/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[18/10/2007|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[28/01/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/04/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[28/04/2005|09:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[28/04/2005|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/08/2008|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe
[02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeAUM
[09/08/2005|07:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM
[09/01/2009|10:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AVGTOOLBAR
[08/08/2007|08:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload
[05/02/2006|19:50] C:\DOCUME~1\ISABEL~1\APPLIC~1\Block Checker
[02/10/2005|13:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google
[26/01/2006|11:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Help
[18/10/2007|16:15] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP
[28/04/2005|10:09] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities
[18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express
[28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\InterTrust
[02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\Leadertech
[12/11/2008|14:41] C:\DOCUME~1\ISABEL~1\APPLIC~1\LimeWire
[29/04/2005|16:18] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia
[09/01/2009|17:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Malwarebytes
[24/09/2006|01:00] C:\DOCUME~1\ISABEL~1\APPLIC~1\Media Player Classic
[28/04/2005|09:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft
[29/05/2005|11:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft Web Folders
[30/10/2006|15:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\MobileAction
[27/01/2006|19:04] C:\DOCUME~1\ISABEL~1\APPLIC~1\Mozilla
[29/11/2005|12:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\MSN6
[27/11/2008|12:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Nvu
[27/10/2008|13:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\OpenOffice.org
[18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Printer Info Cache
[19/11/2008|11:03] C:\DOCUME~1\ISABEL~1\APPLIC~1\Real
[28/04/2005|10:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Sun
[28/04/2005|13:17] C:\DOCUME~1\ISABEL~1\APPLIC~1\Symantec
[27/01/2006|19:05] C:\DOCUME~1\ISABEL~1\APPLIC~1\Talkback
[09/05/2008|13:57] C:\DOCUME~1\ISABEL~1\APPLIC~1\TaoUSign
[28/04/2005|13:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Template


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/01/2009 11:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[10/01/2009 05:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[03/06/2005|17:26] C:\Program Files\7-Zip
[28/04/2005|10:10] C:\Program Files\Adobe
[27/11/2008|09:31] C:\Program Files\Adobe PageMaker 7.01 - Fran‡ais
[28/04/2005|11:01] C:\Program Files\Agathe Mill‚nium Compta
[28/04/2005|11:00] C:\Program Files\Agathe Mill‚nium Gestion
[22/08/2007|08:24] C:\Program Files\Alwil Software
[30/01/2006|23:48] C:\Program Files\Astrocycle3
[27/11/2008|12:24] C:\Program Files\Audacity
[09/01/2009|10:53] C:\Program Files\AVG
[28/04/2005|10:09] C:\Program Files\AvRack
[09/08/2007|12:15] C:\Program Files\Boonty
[09/08/2007|12:15] C:\Program Files\BoontyGames
[27/11/2008|13:29] C:\Program Files\CDex
[28/04/2005|10:01] C:\Program Files\ComPlus Applications
[28/04/2005|10:12] C:\Program Files\CyberLink
[29/06/2005|19:56] C:\Program Files\directx
[27/01/2006|22:09] C:\Program Files\DivX
[29/10/2008|20:13] C:\Program Files\eMule
[28/04/2005|09:57] C:\Program Files\Fichiers communs
[05/03/2006|07:24] C:\Program Files\Foreignword
[02/10/2005|13:10] C:\Program Files\Google
[18/10/2007|16:12] C:\Program Files\Hewlett-Packard
[18/10/2007|16:08] C:\Program Files\HP
[05/03/2006|07:52] C:\Program Files\iKoneStudio
[28/04/2005|10:09] C:\Program Files\InstallShield Installation Information
[07/06/2005|09:36] C:\Program Files\InterActual
[28/04/2005|10:02] C:\Program Files\Internet Explorer
[24/11/2008|15:45] C:\Program Files\Intuisphere
[28/04/2005|10:13] C:\Program Files\Java
[21/09/2006|11:36] C:\Program Files\K-Lite Codec Pack
[28/04/2005|10:40] C:\Program Files\Logitech
[09/01/2009|17:56] C:\Program Files\Malwarebytes' Anti-Malware
[28/04/2005|10:01] C:\Program Files\Messenger
[28/04/2005|10:36] C:\Program Files\Micro Application
[07/06/2005|09:16] C:\Program Files\Microids
[22/12/2008|12:52] C:\Program Files\Microsoft ActiveSync
[28/04/2005|10:04] C:\Program Files\microsoft frontpage
[01/05/2005|10:04] C:\Program Files\Microsoft Office
[28/04/2005|10:38] C:\Program Files\Microsoft Picture It! PhotoPub
[27/11/2008|13:42] C:\Program Files\Microsoft Visual Studio
[28/04/2005|10:46] C:\Program Files\Microsoft Works
[28/04/2005|10:02] C:\Program Files\Movie Maker
[27/01/2006|19:04] C:\Program Files\Mozilla Firefox
[28/04/2005|10:00] C:\Program Files\MSN
[28/04/2005|10:01] C:\Program Files\MSN Gaming Zone
[07/10/2005|13:14] C:\Program Files\MSN Messenger
[03/07/2008|11:57] C:\Program Files\MYMA Decoder and Viewer
[09/01/2009|16:14] C:\Program Files\Navilog1
[28/04/2005|10:02] C:\Program Files\NetMeeting
[28/04/2005|10:11] C:\Program Files\NewTech Infosystems
[25/03/2006|11:33] C:\Program Files\NokiaFREE Unlock Codes Calculator
[28/04/2005|13:18] C:\Program Files\Norton AntiVirus
[15/09/2005|21:50] C:\Program Files\nutri
[27/11/2008|12:12] C:\Program Files\Nvu
[06/09/2008|16:40] C:\Program Files\OE Password Recovery
[30/05/2005|16:46] C:\Program Files\OfficeUpdate11
[28/04/2005|10:32] C:\Program Files\OLYMPUS
[28/04/2005|10:29] C:\Program Files\OLYMPUS CAMEDIASuite
[27/10/2008|13:35] C:\Program Files\OpenOffice.org 3
[28/04/2005|10:02] C:\Program Files\Outlook Express
[27/11/2008|12:43] C:\Program Files\PC Inspector File Recovery
[27/11/2008|12:45] C:\Program Files\PDF Editeur 2
[27/11/2008|12:46] C:\Program Files\PhotoFiltre
[07/11/2008|12:58] C:\Program Files\Poster Forge
[07/11/2008|12:56] C:\Program Files\POSTERIZA
[28/05/2005|23:15] C:\Program Files\PowerPoint Viewer
[28/04/2005|10:34] C:\Program Files\QuickTime
[28/04/2005|10:41] C:\Program Files\Real
[28/04/2005|10:09] C:\Program Files\Realtek Sound Manager
[27/01/2006|22:29] C:\Program Files\RM-X Player V4
[22/07/2005|22:13] C:\Program Files\RoadRoll
[28/04/2005|10:01] C:\Program Files\Services en ligne
[10/11/2008|12:59] C:\Program Files\Shareaza
[10/11/2008|13:39] C:\Program Files\Shareaza Applications
[28/04/2005|13:17] C:\Program Files\Symantec
[07/10/2007|16:45] C:\Program Files\TELE2
[05/03/2006|07:43] C:\Program Files\Traduction-online
[28/04/2005|10:09] C:\Program Files\Uninstall Information
[13/10/2007|09:45] C:\Program Files\Windows Live Favorites
[09/04/2007|22:01] C:\Program Files\Windows Live Toolbar
[07/08/2007|17:48] C:\Program Files\Windows Media Connect 2
[28/04/2005|10:01] C:\Program Files\Windows Media Player
[28/04/2005|10:00] C:\Program Files\Windows NT
[28/04/2005|10:01] C:\Program Files\WindowsUpdate
[28/04/2005|10:04] C:\Program Files\xerox
[01/08/2005|10:51] C:\Program Files\Yahoo!
[28/04/2005|10:49] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/04/2005|10:10] C:\Program Files\Fichiers communs\Adobe
[09/08/2007|12:19] C:\Program Files\Fichiers communs\BOONTY Shared
[28/04/2005|11:00] C:\Program Files\Fichiers communs\Borland Shared
[27/11/2008|13:42] C:\Program Files\Fichiers communs\DESIGNER
[18/10/2007|16:12] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/10/2007|16:13] C:\Program Files\Fichiers communs\HP
[28/04/2005|10:09] C:\Program Files\Fichiers communs\InstallShield
[28/04/2005|10:13] C:\Program Files\Fichiers communs\Java
[28/04/2005|10:40] C:\Program Files\Fichiers communs\Logitech
[28/04/2005|09:57] C:\Program Files\Fichiers communs\Microsoft Shared
[07/08/2007|13:38] C:\Program Files\Fichiers communs\Motorola Shared
[28/04/2005|10:02] C:\Program Files\Fichiers communs\MSSoap
[28/04/2005|09:57] C:\Program Files\Fichiers communs\ODBC
[28/04/2005|10:41] C:\Program Files\Fichiers communs\Real
[28/04/2005|10:02] C:\Program Files\Fichiers communs\Services
[28/04/2005|09:57] C:\Program Files\Fichiers communs\SpeechEngines
[28/04/2005|13:17] C:\Program Files\Fichiers communs\Symantec Shared
[28/04/2005|10:02] C:\Program Files\Fichiers communs\System
[19/11/2008|11:07] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 47 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ISABEL~1\APPLIC~1\Bitdownload
C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload
C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload\Data
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@advertising[1].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.cotedazurpalace[2].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@cotedazurpalace[1].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.cotedazurpalace[2].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.32vegas[2].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.32vegas[2].txt
C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@32vegas[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 11:40:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:18][D:3]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp
[F:106][D:0]-> C:\DOCUME~1\ISABEL~1\Cookies
[F:1993][D:12]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\TEMPOR~1\content.IE5
[F:81][D:3]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|11:41 - Option : [1]

--------------------\\ Fin du rapport a 11:41:18
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 12:02
▶ Relance Lop S&D

▶ Choisis cette fois ci l'Option 2 ( Suppression )

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 12:04
post un nouvel hijackthis svp
0
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : isabelle Martin ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/01/2009|12:11 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload\Data
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@advertising[1].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.32vegas[2].txt
Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@32vegas[1].txt
Supprime! - C:\DOCUME~1\ISABEL~1\APPLIC~1\Bitdownload

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[28/04/2005|10:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[28/04/2005|09:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/04/2005|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[01/08/2005|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/01/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[09/08/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[28/04/2005|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/01/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/10/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[18/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[19/11/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[09/01/2009|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[28/04/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[20/01/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[28/04/2005|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[29/10/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[18/10/2007|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[28/01/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/04/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[28/04/2005|09:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[28/04/2005|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/08/2008|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe
[02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeAUM
[09/08/2005|07:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM
[09/01/2009|10:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AVGTOOLBAR
[05/02/2006|19:50] C:\DOCUME~1\ISABEL~1\APPLIC~1\Block Checker
[02/10/2005|13:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google
[26/01/2006|11:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Help
[18/10/2007|16:15] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP
[28/04/2005|10:09] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities
[18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express
[28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\InterTrust
[02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\Leadertech
[12/11/2008|14:41] C:\DOCUME~1\ISABEL~1\APPLIC~1\LimeWire
[29/04/2005|16:18] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia
[09/01/2009|17:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Malwarebytes
[24/09/2006|01:00] C:\DOCUME~1\ISABEL~1\APPLIC~1\Media Player Classic
[28/04/2005|09:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft
[29/05/2005|11:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft Web Folders
[30/10/2006|15:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\MobileAction
[27/01/2006|19:04] C:\DOCUME~1\ISABEL~1\APPLIC~1\Mozilla
[29/11/2005|12:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\MSN6
[27/11/2008|12:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Nvu
[27/10/2008|13:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\OpenOffice.org
[18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Printer Info Cache
[19/11/2008|11:03] C:\DOCUME~1\ISABEL~1\APPLIC~1\Real
[28/04/2005|10:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Sun
[28/04/2005|13:17] C:\DOCUME~1\ISABEL~1\APPLIC~1\Symantec
[27/01/2006|19:05] C:\DOCUME~1\ISABEL~1\APPLIC~1\Talkback
[09/05/2008|13:57] C:\DOCUME~1\ISABEL~1\APPLIC~1\TaoUSign
[28/04/2005|13:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Template


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/01/2009 11:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[10/01/2009 05:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[03/06/2005|17:26] C:\Program Files\7-Zip
[28/04/2005|10:10] C:\Program Files\Adobe
[27/11/2008|09:31] C:\Program Files\Adobe PageMaker 7.01 - Fran‡ais
[28/04/2005|11:01] C:\Program Files\Agathe Mill‚nium Compta
[28/04/2005|11:00] C:\Program Files\Agathe Mill‚nium Gestion
[22/08/2007|08:24] C:\Program Files\Alwil Software
[30/01/2006|23:48] C:\Program Files\Astrocycle3
[27/11/2008|12:24] C:\Program Files\Audacity
[09/01/2009|10:53] C:\Program Files\AVG
[28/04/2005|10:09] C:\Program Files\AvRack
[09/08/2007|12:15] C:\Program Files\Boonty
[09/08/2007|12:15] C:\Program Files\BoontyGames
[27/11/2008|13:29] C:\Program Files\CDex
[28/04/2005|10:01] C:\Program Files\ComPlus Applications
[28/04/2005|10:12] C:\Program Files\CyberLink
[29/06/2005|19:56] C:\Program Files\directx
[27/01/2006|22:09] C:\Program Files\DivX
[29/10/2008|20:13] C:\Program Files\eMule
[28/04/2005|09:57] C:\Program Files\Fichiers communs
[05/03/2006|07:24] C:\Program Files\Foreignword
[02/10/2005|13:10] C:\Program Files\Google
[18/10/2007|16:12] C:\Program Files\Hewlett-Packard
[18/10/2007|16:08] C:\Program Files\HP
[05/03/2006|07:52] C:\Program Files\iKoneStudio
[28/04/2005|10:09] C:\Program Files\InstallShield Installation Information
[07/06/2005|09:36] C:\Program Files\InterActual
[28/04/2005|10:02] C:\Program Files\Internet Explorer
[24/11/2008|15:45] C:\Program Files\Intuisphere
[28/04/2005|10:13] C:\Program Files\Java
[21/09/2006|11:36] C:\Program Files\K-Lite Codec Pack
[28/04/2005|10:40] C:\Program Files\Logitech
[09/01/2009|17:56] C:\Program Files\Malwarebytes' Anti-Malware
[28/04/2005|10:01] C:\Program Files\Messenger
[28/04/2005|10:36] C:\Program Files\Micro Application
[07/06/2005|09:16] C:\Program Files\Microids
[22/12/2008|12:52] C:\Program Files\Microsoft ActiveSync
[28/04/2005|10:04] C:\Program Files\microsoft frontpage
[01/05/2005|10:04] C:\Program Files\Microsoft Office
[28/04/2005|10:38] C:\Program Files\Microsoft Picture It! PhotoPub
[27/11/2008|13:42] C:\Program Files\Microsoft Visual Studio
[28/04/2005|10:46] C:\Program Files\Microsoft Works
[28/04/2005|10:02] C:\Program Files\Movie Maker
[27/01/2006|19:04] C:\Program Files\Mozilla Firefox
[28/04/2005|10:00] C:\Program Files\MSN
[28/04/2005|10:01] C:\Program Files\MSN Gaming Zone
[07/10/2005|13:14] C:\Program Files\MSN Messenger
[03/07/2008|11:57] C:\Program Files\MYMA Decoder and Viewer
[09/01/2009|16:14] C:\Program Files\Navilog1
[28/04/2005|10:02] C:\Program Files\NetMeeting
[28/04/2005|10:11] C:\Program Files\NewTech Infosystems
[25/03/2006|11:33] C:\Program Files\NokiaFREE Unlock Codes Calculator
[28/04/2005|13:18] C:\Program Files\Norton AntiVirus
[15/09/2005|21:50] C:\Program Files\nutri
[27/11/2008|12:12] C:\Program Files\Nvu
[06/09/2008|16:40] C:\Program Files\OE Password Recovery
[30/05/2005|16:46] C:\Program Files\OfficeUpdate11
[28/04/2005|10:32] C:\Program Files\OLYMPUS
[28/04/2005|10:29] C:\Program Files\OLYMPUS CAMEDIASuite
[27/10/2008|13:35] C:\Program Files\OpenOffice.org 3
[28/04/2005|10:02] C:\Program Files\Outlook Express
[27/11/2008|12:43] C:\Program Files\PC Inspector File Recovery
[27/11/2008|12:45] C:\Program Files\PDF Editeur 2
[27/11/2008|12:46] C:\Program Files\PhotoFiltre
[07/11/2008|12:58] C:\Program Files\Poster Forge
[07/11/2008|12:56] C:\Program Files\POSTERIZA
[28/05/2005|23:15] C:\Program Files\PowerPoint Viewer
[28/04/2005|10:34] C:\Program Files\QuickTime
[28/04/2005|10:41] C:\Program Files\Real
[28/04/2005|10:09] C:\Program Files\Realtek Sound Manager
[27/01/2006|22:29] C:\Program Files\RM-X Player V4
[22/07/2005|22:13] C:\Program Files\RoadRoll
[28/04/2005|10:01] C:\Program Files\Services en ligne
[10/11/2008|12:59] C:\Program Files\Shareaza
[10/11/2008|13:39] C:\Program Files\Shareaza Applications
[28/04/2005|13:17] C:\Program Files\Symantec
[07/10/2007|16:45] C:\Program Files\TELE2
[05/03/2006|07:43] C:\Program Files\Traduction-online
[28/04/2005|10:09] C:\Program Files\Uninstall Information
[13/10/2007|09:45] C:\Program Files\Windows Live Favorites
[09/04/2007|22:01] C:\Program Files\Windows Live Toolbar
[07/08/2007|17:48] C:\Program Files\Windows Media Connect 2
[28/04/2005|10:01] C:\Program Files\Windows Media Player
[28/04/2005|10:00] C:\Program Files\Windows NT
[28/04/2005|10:01] C:\Program Files\WindowsUpdate
[28/04/2005|10:04] C:\Program Files\xerox
[01/08/2005|10:51] C:\Program Files\Yahoo!
[28/04/2005|10:49] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/04/2005|10:10] C:\Program Files\Fichiers communs\Adobe
[09/08/2007|12:19] C:\Program Files\Fichiers communs\BOONTY Shared
[28/04/2005|11:00] C:\Program Files\Fichiers communs\Borland Shared
[27/11/2008|13:42] C:\Program Files\Fichiers communs\DESIGNER
[18/10/2007|16:12] C:\Program Files\Fichiers communs\Hewlett-Packard
[18/10/2007|16:13] C:\Program Files\Fichiers communs\HP
[28/04/2005|10:09] C:\Program Files\Fichiers communs\InstallShield
[28/04/2005|10:13] C:\Program Files\Fichiers communs\Java
[28/04/2005|10:40] C:\Program Files\Fichiers communs\Logitech
[28/04/2005|09:57] C:\Program Files\Fichiers communs\Microsoft Shared
[07/08/2007|13:38] C:\Program Files\Fichiers communs\Motorola Shared
[28/04/2005|10:02] C:\Program Files\Fichiers communs\MSSoap
[28/04/2005|09:57] C:\Program Files\Fichiers communs\ODBC
[28/04/2005|10:41] C:\Program Files\Fichiers communs\Real
[28/04/2005|10:02] C:\Program Files\Fichiers communs\Services
[28/04/2005|09:57] C:\Program Files\Fichiers communs\SpeechEngines
[28/04/2005|13:17] C:\Program Files\Fichiers communs\Symantec Shared
[28/04/2005|10:02] C:\Program Files\Fichiers communs\System
[19/11/2008|11:07] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 12:13:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:17][D:3]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp
[F:99][D:0]-> C:\DOCUME~1\ISABEL~1\Cookies
[F:1991][D:12]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\TEMPOR~1\content.IE5
[F:81][D:3]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|11:41 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/01/2009|12:14 - Option : [2]

--------------------\\ Fin du rapport a 12:14:06
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 12:16
ok le hijack svp
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:43, on 10/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\isabelle Martin\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [hizonimogi] Rundll32.exe "C:\WINDOWS\system32\mupojuwe.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.cbainfo.fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\ramuzovi.dll,C:\WINDOWS\system32\foromogu.dll,c:\windows\system32\davagadu.dll,avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 12:21
? Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

? Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
? Double-clique sur l'icône Ad-remover située sur ton Bureau.
? Au menu principal, choisis l'option "A".
? Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.




puis

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

? Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

? Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)

? Puis choisis S, le programme va travailler.

? Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\


0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 12:25
post les deux rapport precedant et fait ceci

- Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip

- Décompresse-le (clic droit >> Extraire ici).

- Double-clique sur le fichier MSNFix.bat.

- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.

0
------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

# START AT: 12:39:22 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 44

+--------------------| Boonty/Boonty Games Elements found :

.
Service: "Boonty Games"
.
HKCR\boontybox
HKCU\SOFTWARE\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\SYSTEM\ControlSet001\Services\Boonty Games
HKLM\SYSTEM\CurrentControlSet\Services\Boonty Games
HKLM\SYSTEM\ControlSet003\Services\Boonty Games
.
C:\Program Files\Boonty
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\magicball3.exe
C:\Program Files\BoontyGames\Components
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B4C9A000.dat

+--------------------| Eorezo Elements found :

.
.

+--------------------| Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\whfgu1t2.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Google"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.11 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page : hxxp://www.01net.com/\0http

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/
Start Page : hxxp://www.01net.com/\0http

+---------------------------------------------------------------------------+

[~3121 bytes] - "C:\AD-report-Scan-10.01.2009.log"

# END at: 12:40:13 | 10/01/2009 - Time elapsed: 50.6 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 72 lines ]
+---------------------------------------------------------------------------+
0
Pb: le rapport après suppression n'apparait pas même après avoir cherché sur le disque dur Ad-report.log....
En effet tous les fichiers auxquels tu faisais référence sont apprus et supprimés mais pas de rapport!
0
Dois je effectuer d'autres manoeuvres au sujet de Ad-raport.log pour le récupérer et te l'expédier ou celà n'est il pas nécessaire?
Merci de ta réponse
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 13:27
refait adremover option 1 pour verifiez svp
0
voilà le rapport:

------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

# START AT: 13:41:33 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 45

+--------------------| Boonty/Boonty Games Elements found :

.
Service: "Boonty Games"
.
HKCR\boontybox
HKCU\SOFTWARE\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\SYSTEM\ControlSet001\Services\Boonty Games
HKLM\SYSTEM\CurrentControlSet\Services\Boonty Games
HKLM\SYSTEM\ControlSet003\Services\Boonty Games
.
C:\Program Files\Boonty
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\magicball3.exe
C:\Program Files\BoontyGames\Components
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B4C9A000.dat

+--------------------| Eorezo Elements found :

.
.

+--------------------| Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\whfgu1t2.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Google"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.11 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page : hxxp://www.01net.com/\0http

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/
Start Page : hxxp://www.01net.com/\0http

+---------------------------------------------------------------------------+

[~3121 bytes] - "C:\AD-report-Scan-10.01.2009.log"

# END at: 13:42:25 | 10/01/2009 - Time elapsed: 52.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 72 lines ]
+---------------------------------------------------------------------------+
0
Je viens de comprendre ce qui s'est passé: en fait rien n'était supprimé parce que j'ai entré "s" en minuscule... Après avoir retenté en entrant "S" majuscule, AD remover a supprimé les fichiers en question. Je te joins le rapport:


------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START AT: 13:47:01 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 45

(!) ---- IE start pages reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
Service: "Boonty Games"
.
HKCR\boontybox
HKCU\SOFTWARE\Boonty
HKLM\Software\Boonty
HKLM\SYSTEM\ControlSet003\Services\Boonty Games
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users\Application Data\BOONTY

+--------------------| Eorezo Elements Deleted :

.
.

+--------------------| Everest Poker Elements Deleted :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
.

+--------------------| It's TV Elements Deleted :

.

+--------------------| Sweetim Elements Deleted :

.
.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\whfgu1t2.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Google"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
* Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.11 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page : hxxp://www.01net.com/\0http

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/
Start Page : hxxp://www.01net.com/\0http

+---------------------------------------------------------------------------+

[~3455 bytes] - "C:\AD-report-Scan-10.01.2009.log"
[~2683 bytes] - "C:\AD-report-Clean-10.01.2009.log"

# END at: 13:48:14 | 10/01/2009 - Time elapsed: 73.2 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 69 lines ]
+---------------------------------------------------------------------------+
0
Est ce terminé?
Je dois repartir à mon job d'ici environ 1 heure, pardon si je t'ai dérangé pour rien: il semble que ma bécane fonctionne à nouveau normalement!
Si le travail est terminé et que nous ne sommes plus en contact ( j'imagine que tu es overbooké) , je te remercie vivement de ta précieuse assistance et te fais part de mon admiration quant à tes connaissances dans cette sombre science qu'est l'informatique...
Bien à toi
0
darkpoet Messages postés 1654 Date d'inscription jeudi 29 mai 2008 Statut Contributeur sécurité Dernière intervention 10 mars 2014 62
10 janv. 2009 à 15:47
non je pense que vundo est encore la

attention ce programme est tres puissant et a manipuler en respectant rigoureusement les consignes bien regarder les tuto pas de fausse manip

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

-----------------------------------------------------

installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)

Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:

https://support.microsoft.com/en-us/help/310994

descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.

enregistre le sur ton bureau.

0