Au secours Darkpoet!

tenzing -  
 tenzing -
Bonjour,
J'ai du m'absenter pendant que Malwarebytes "tournait". Lorsque je suis revenu j'ai tenté d'envoyer le rapport /log mais mon identification n'est pas reconnue et je ne reçois aucun mail de confirmation ou rappel d'identification. Que faire? Merci de votre réponse
Configuration: Windows XP
Firefox 3.0.5

26 réponses

  • 1
  • 2
  1. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    0
    1. tenzing
       
      Bonjour Darkpoet,
      En effet, j'a ifini par retrouver mon topic et t'ai envoyé les deux rapports que tu me demandais mais , à priori, tu ne les as pas reçu. Je te les joins à nouveau.

      Malwarebytes' Anti-Malware 1.32
      Version de la base de données: 1634
      Windows 5.1.2600 Service Pack 2

      10/01/2009 03:58:42
      mbam-log-2009-01-10 (03-58-42).txt

      Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
      Eléments examinés: 115642
      Temps écoulé: 48 minute(s), 50 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 23
      Valeur(s) du Registre infectée(s): 6
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 10
      Fichier(s) infecté(s): 14

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71f39c63-7943-4d78-b2c0-173bba02ecc5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{71f39c63-7943-4d78-b2c0-173bba02ecc5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{511f9316-771b-4953-a268-1c36da667fe9} (Dialer) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hizonimogi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm28282031 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\aamd532.dll (Rogue.EAntispy) -> Quarantined and deleted successfully.
      C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP708\A0117445.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP709\A0118724.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP675\A0102002.dll (Adware.Shopper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP710\A0120003.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{CE2AF215-08A1-4242-B6B6-A679472B25C5}\RP715\A0120630.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Cache\000C1AD0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Cache\001CAFFE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\BitDownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.




      SmitFraudFix v2.388

      Rapport fait à 18:09:21,98, 09/01/2009
      Executé à partir de C:\Documents and Settings\isabelle Martin\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est FAT32
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

      [HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
      @="c:\windows\system32\davagadu.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
      @="c:\windows\system32\davagadu.dll"


      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer=192.168.1.254


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

      [HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
      @="c:\windows\system32\davagadu.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
      @="c:\windows\system32\davagadu.dll"



      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  2. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    salut
    un vundo est dans la restoration fait cet manip svp
    il faut desactiver la restauration systeme le temps du redemarrage dans DEMARRER puis TOUS LES PROG
    puis ACCESOIRE puis OUTILS SYSTEME puis DANS RESTAURATION SYSTEME aller dans parametre et desactiver la restauration

    ensuite ceci
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. tenzing
       
      voici le rapport demandé:


      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : isabelle Martin ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 10/01/2009|10:56 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\Fichiers communs\WhenU
      C:\WINDOWS\iun6002.exe

      -----------\\ Extensions

      (isabelle Martin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 10/01/2009|10:57 - Option : [1]

      -----------\\ Fin du rapport a 10:57:43,45
      0
  3. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    relance toolbarsd et choisi l option 2 "suppression
    0
  4. tenzing
     
    La commande a été effectuée. Voici le rapport:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : isabelle Martin ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 10/01/2009|11:22 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\iun6002.exe
    Supprime! - C:\Program Files\Fichiers communs\WhenU

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (isabelle Martin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 10/01/2009|10:57 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 10/01/2009|11:23 - Option : [2]

    -----------\\ Fin du rapport a 11:23:41,75

    Je ne sais pas encore si les démarches que tu as faites pour moi sont terminées mais je souhaite te remercier pour tout ce que tu as déjà fait.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    Télécharge Lop S&D :

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    ▶ Double-clique dessus pour lancer l'installation

    ▶ Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

    ▶ Séléctionne la langue souhaitée

    ▶ Puis choisis l'Option 1 ( Recherche )

    ▶ Patiente jusqu'à la fin du scan

    ▶ Poste le rapport généré ( C:lopR.txt )
    0
  7. tenzing
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : isabelle Martin ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 10/01/2009|11:38 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [28/04/2005|10:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [28/04/2005|09:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [28/04/2005|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

    [01/08/2005|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [09/01/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    [09/08/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [28/04/2005|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [04/01/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [18/10/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [18/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [19/11/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [09/01/2009|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
    [16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
    [28/04/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [27/11/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [20/01/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [28/04/2005|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [29/10/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [18/10/2007|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
    [28/01/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [09/04/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

    [28/04/2005|09:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [28/04/2005|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [21/08/2008|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe
    [02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeAUM
    [09/08/2005|07:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM
    [09/01/2009|10:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AVGTOOLBAR
    [08/08/2007|08:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload
    [05/02/2006|19:50] C:\DOCUME~1\ISABEL~1\APPLIC~1\Block Checker
    [02/10/2005|13:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google
    [26/01/2006|11:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Help
    [18/10/2007|16:15] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP
    [28/04/2005|10:09] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities
    [18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express
    [28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\InterTrust
    [02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\Leadertech
    [12/11/2008|14:41] C:\DOCUME~1\ISABEL~1\APPLIC~1\LimeWire
    [29/04/2005|16:18] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia
    [09/01/2009|17:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Malwarebytes
    [24/09/2006|01:00] C:\DOCUME~1\ISABEL~1\APPLIC~1\Media Player Classic
    [28/04/2005|09:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft
    [29/05/2005|11:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft Web Folders
    [30/10/2006|15:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\MobileAction
    [27/01/2006|19:04] C:\DOCUME~1\ISABEL~1\APPLIC~1\Mozilla
    [29/11/2005|12:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\MSN6
    [27/11/2008|12:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Nvu
    [27/10/2008|13:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\OpenOffice.org
    [18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Printer Info Cache
    [19/11/2008|11:03] C:\DOCUME~1\ISABEL~1\APPLIC~1\Real
    [28/04/2005|10:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Sun
    [28/04/2005|13:17] C:\DOCUME~1\ISABEL~1\APPLIC~1\Symantec
    [27/01/2006|19:05] C:\DOCUME~1\ISABEL~1\APPLIC~1\Talkback
    [09/05/2008|13:57] C:\DOCUME~1\ISABEL~1\APPLIC~1\TaoUSign
    [28/04/2005|13:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Template

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [10/01/2009 11:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [10/01/2009 05:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [03/06/2005|17:26] C:\Program Files\7-Zip
    [28/04/2005|10:10] C:\Program Files\Adobe
    [27/11/2008|09:31] C:\Program Files\Adobe PageMaker 7.01 - Fran‡ais
    [28/04/2005|11:01] C:\Program Files\Agathe Mill‚nium Compta
    [28/04/2005|11:00] C:\Program Files\Agathe Mill‚nium Gestion
    [22/08/2007|08:24] C:\Program Files\Alwil Software
    [30/01/2006|23:48] C:\Program Files\Astrocycle3
    [27/11/2008|12:24] C:\Program Files\Audacity
    [09/01/2009|10:53] C:\Program Files\AVG
    [28/04/2005|10:09] C:\Program Files\AvRack
    [09/08/2007|12:15] C:\Program Files\Boonty
    [09/08/2007|12:15] C:\Program Files\BoontyGames
    [27/11/2008|13:29] C:\Program Files\CDex
    [28/04/2005|10:01] C:\Program Files\ComPlus Applications
    [28/04/2005|10:12] C:\Program Files\CyberLink
    [29/06/2005|19:56] C:\Program Files\directx
    [27/01/2006|22:09] C:\Program Files\DivX
    [29/10/2008|20:13] C:\Program Files\eMule
    [28/04/2005|09:57] C:\Program Files\Fichiers communs
    [05/03/2006|07:24] C:\Program Files\Foreignword
    [02/10/2005|13:10] C:\Program Files\Google
    [18/10/2007|16:12] C:\Program Files\Hewlett-Packard
    [18/10/2007|16:08] C:\Program Files\HP
    [05/03/2006|07:52] C:\Program Files\iKoneStudio
    [28/04/2005|10:09] C:\Program Files\InstallShield Installation Information
    [07/06/2005|09:36] C:\Program Files\InterActual
    [28/04/2005|10:02] C:\Program Files\Internet Explorer
    [24/11/2008|15:45] C:\Program Files\Intuisphere
    [28/04/2005|10:13] C:\Program Files\Java
    [21/09/2006|11:36] C:\Program Files\K-Lite Codec Pack
    [28/04/2005|10:40] C:\Program Files\Logitech
    [09/01/2009|17:56] C:\Program Files\Malwarebytes' Anti-Malware
    [28/04/2005|10:01] C:\Program Files\Messenger
    [28/04/2005|10:36] C:\Program Files\Micro Application
    [07/06/2005|09:16] C:\Program Files\Microids
    [22/12/2008|12:52] C:\Program Files\Microsoft ActiveSync
    [28/04/2005|10:04] C:\Program Files\microsoft frontpage
    [01/05/2005|10:04] C:\Program Files\Microsoft Office
    [28/04/2005|10:38] C:\Program Files\Microsoft Picture It! PhotoPub
    [27/11/2008|13:42] C:\Program Files\Microsoft Visual Studio
    [28/04/2005|10:46] C:\Program Files\Microsoft Works
    [28/04/2005|10:02] C:\Program Files\Movie Maker
    [27/01/2006|19:04] C:\Program Files\Mozilla Firefox
    [28/04/2005|10:00] C:\Program Files\MSN
    [28/04/2005|10:01] C:\Program Files\MSN Gaming Zone
    [07/10/2005|13:14] C:\Program Files\MSN Messenger
    [03/07/2008|11:57] C:\Program Files\MYMA Decoder and Viewer
    [09/01/2009|16:14] C:\Program Files\Navilog1
    [28/04/2005|10:02] C:\Program Files\NetMeeting
    [28/04/2005|10:11] C:\Program Files\NewTech Infosystems
    [25/03/2006|11:33] C:\Program Files\NokiaFREE Unlock Codes Calculator
    [28/04/2005|13:18] C:\Program Files\Norton AntiVirus
    [15/09/2005|21:50] C:\Program Files\nutri
    [27/11/2008|12:12] C:\Program Files\Nvu
    [06/09/2008|16:40] C:\Program Files\OE Password Recovery
    [30/05/2005|16:46] C:\Program Files\OfficeUpdate11
    [28/04/2005|10:32] C:\Program Files\OLYMPUS
    [28/04/2005|10:29] C:\Program Files\OLYMPUS CAMEDIASuite
    [27/10/2008|13:35] C:\Program Files\OpenOffice.org 3
    [28/04/2005|10:02] C:\Program Files\Outlook Express
    [27/11/2008|12:43] C:\Program Files\PC Inspector File Recovery
    [27/11/2008|12:45] C:\Program Files\PDF Editeur 2
    [27/11/2008|12:46] C:\Program Files\PhotoFiltre
    [07/11/2008|12:58] C:\Program Files\Poster Forge
    [07/11/2008|12:56] C:\Program Files\POSTERIZA
    [28/05/2005|23:15] C:\Program Files\PowerPoint Viewer
    [28/04/2005|10:34] C:\Program Files\QuickTime
    [28/04/2005|10:41] C:\Program Files\Real
    [28/04/2005|10:09] C:\Program Files\Realtek Sound Manager
    [27/01/2006|22:29] C:\Program Files\RM-X Player V4
    [22/07/2005|22:13] C:\Program Files\RoadRoll
    [28/04/2005|10:01] C:\Program Files\Services en ligne
    [10/11/2008|12:59] C:\Program Files\Shareaza
    [10/11/2008|13:39] C:\Program Files\Shareaza Applications
    [28/04/2005|13:17] C:\Program Files\Symantec
    [07/10/2007|16:45] C:\Program Files\TELE2
    [05/03/2006|07:43] C:\Program Files\Traduction-online
    [28/04/2005|10:09] C:\Program Files\Uninstall Information
    [13/10/2007|09:45] C:\Program Files\Windows Live Favorites
    [09/04/2007|22:01] C:\Program Files\Windows Live Toolbar
    [07/08/2007|17:48] C:\Program Files\Windows Media Connect 2
    [28/04/2005|10:01] C:\Program Files\Windows Media Player
    [28/04/2005|10:00] C:\Program Files\Windows NT
    [28/04/2005|10:01] C:\Program Files\WindowsUpdate
    [28/04/2005|10:04] C:\Program Files\xerox
    [01/08/2005|10:51] C:\Program Files\Yahoo!
    [28/04/2005|10:49] C:\Program Files\Zone Labs

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/04/2005|10:10] C:\Program Files\Fichiers communs\Adobe
    [09/08/2007|12:19] C:\Program Files\Fichiers communs\BOONTY Shared
    [28/04/2005|11:00] C:\Program Files\Fichiers communs\Borland Shared
    [27/11/2008|13:42] C:\Program Files\Fichiers communs\DESIGNER
    [18/10/2007|16:12] C:\Program Files\Fichiers communs\Hewlett-Packard
    [18/10/2007|16:13] C:\Program Files\Fichiers communs\HP
    [28/04/2005|10:09] C:\Program Files\Fichiers communs\InstallShield
    [28/04/2005|10:13] C:\Program Files\Fichiers communs\Java
    [28/04/2005|10:40] C:\Program Files\Fichiers communs\Logitech
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/08/2007|13:38] C:\Program Files\Fichiers communs\Motorola Shared
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\MSSoap
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\ODBC
    [28/04/2005|10:41] C:\Program Files\Fichiers communs\Real
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\Services
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\SpeechEngines
    [28/04/2005|13:17] C:\Program Files\Fichiers communs\Symantec Shared
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\System
    [19/11/2008|11:07] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 47 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ISABEL~1\APPLIC~1\Bitdownload
    C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload
    C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload\Data
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@advertising[1].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@cotedazurpalace[1].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.cotedazurpalace[2].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.32vegas[2].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.32vegas[2].txt
    C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@32vegas[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-10 11:40:26
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:18][D:3]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp
    [F:106][D:0]-> C:\DOCUME~1\ISABEL~1\Cookies
    [F:1993][D:12]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\TEMPOR~1\content.IE5
    [F:81][D:3]-> C:\Recycled

    1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|11:41 - Option : [1]

    --------------------\\ Fin du rapport a 11:41:18
    0
  8. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    ▶ Relance Lop S&D

    ▶ Choisis cette fois ci l'Option 2 ( Suppression )

    ▶ Ne ferme pas la fenêtre lors de la suppression !

    ▶ Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

    Nouvelle tâche, tape explorer.exe et valide )
    0
  9. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    post un nouvel hijackthis svp
    0
  10. tenzing
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : isabelle Martin ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1296 [VPS 090109-0] 4.8.1296 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total:111 Go (Free:97 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 10/01/2009|12:11 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ISABEL~1\APPLIC~1\BitDownload\Data
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@advertising[1].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@cotedazurpalace[1].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@banner.32vegas[2].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@www.32vegas[2].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\Cookies\isabelle_martin@32vegas[1].txt
    Supprime! - C:\DOCUME~1\ISABEL~1\APPLIC~1\Bitdownload

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [28/04/2005|10:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [28/04/2005|10:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [28/04/2005|09:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [28/04/2005|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

    [01/08/2005|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [09/01/2009|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    [09/08/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [28/04/2005|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [04/01/2007|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [18/10/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [18/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [19/11/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
    [09/01/2009|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
    [16/07/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
    [28/04/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [27/11/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [20/01/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [28/04/2005|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [29/10/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [18/10/2007|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
    [28/01/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [09/04/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

    [28/04/2005|09:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [28/04/2005|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [21/08/2008|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

    [28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe
    [02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeAUM
    [09/08/2005|07:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM
    [09/01/2009|10:54] C:\DOCUME~1\ISABEL~1\APPLIC~1\AVGTOOLBAR
    [05/02/2006|19:50] C:\DOCUME~1\ISABEL~1\APPLIC~1\Block Checker
    [02/10/2005|13:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google
    [26/01/2006|11:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Help
    [18/10/2007|16:15] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP
    [28/04/2005|10:09] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities
    [18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express
    [28/04/2005|10:10] C:\DOCUME~1\ISABEL~1\APPLIC~1\InterTrust
    [02/10/2005|12:36] C:\DOCUME~1\ISABEL~1\APPLIC~1\Leadertech
    [12/11/2008|14:41] C:\DOCUME~1\ISABEL~1\APPLIC~1\LimeWire
    [29/04/2005|16:18] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia
    [09/01/2009|17:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Malwarebytes
    [24/09/2006|01:00] C:\DOCUME~1\ISABEL~1\APPLIC~1\Media Player Classic
    [28/04/2005|09:56] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft
    [29/05/2005|11:08] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft Web Folders
    [30/10/2006|15:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\MobileAction
    [27/01/2006|19:04] C:\DOCUME~1\ISABEL~1\APPLIC~1\Mozilla
    [29/11/2005|12:11] C:\DOCUME~1\ISABEL~1\APPLIC~1\MSN6
    [27/11/2008|12:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Nvu
    [27/10/2008|13:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\OpenOffice.org
    [18/10/2007|16:28] C:\DOCUME~1\ISABEL~1\APPLIC~1\Printer Info Cache
    [19/11/2008|11:03] C:\DOCUME~1\ISABEL~1\APPLIC~1\Real
    [28/04/2005|10:13] C:\DOCUME~1\ISABEL~1\APPLIC~1\Sun
    [28/04/2005|13:17] C:\DOCUME~1\ISABEL~1\APPLIC~1\Symantec
    [27/01/2006|19:05] C:\DOCUME~1\ISABEL~1\APPLIC~1\Talkback
    [09/05/2008|13:57] C:\DOCUME~1\ISABEL~1\APPLIC~1\TaoUSign
    [28/04/2005|13:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Template

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [10/01/2009 11:12][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [10/01/2009 05:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [03/06/2005|17:26] C:\Program Files\7-Zip
    [28/04/2005|10:10] C:\Program Files\Adobe
    [27/11/2008|09:31] C:\Program Files\Adobe PageMaker 7.01 - Fran‡ais
    [28/04/2005|11:01] C:\Program Files\Agathe Mill‚nium Compta
    [28/04/2005|11:00] C:\Program Files\Agathe Mill‚nium Gestion
    [22/08/2007|08:24] C:\Program Files\Alwil Software
    [30/01/2006|23:48] C:\Program Files\Astrocycle3
    [27/11/2008|12:24] C:\Program Files\Audacity
    [09/01/2009|10:53] C:\Program Files\AVG
    [28/04/2005|10:09] C:\Program Files\AvRack
    [09/08/2007|12:15] C:\Program Files\Boonty
    [09/08/2007|12:15] C:\Program Files\BoontyGames
    [27/11/2008|13:29] C:\Program Files\CDex
    [28/04/2005|10:01] C:\Program Files\ComPlus Applications
    [28/04/2005|10:12] C:\Program Files\CyberLink
    [29/06/2005|19:56] C:\Program Files\directx
    [27/01/2006|22:09] C:\Program Files\DivX
    [29/10/2008|20:13] C:\Program Files\eMule
    [28/04/2005|09:57] C:\Program Files\Fichiers communs
    [05/03/2006|07:24] C:\Program Files\Foreignword
    [02/10/2005|13:10] C:\Program Files\Google
    [18/10/2007|16:12] C:\Program Files\Hewlett-Packard
    [18/10/2007|16:08] C:\Program Files\HP
    [05/03/2006|07:52] C:\Program Files\iKoneStudio
    [28/04/2005|10:09] C:\Program Files\InstallShield Installation Information
    [07/06/2005|09:36] C:\Program Files\InterActual
    [28/04/2005|10:02] C:\Program Files\Internet Explorer
    [24/11/2008|15:45] C:\Program Files\Intuisphere
    [28/04/2005|10:13] C:\Program Files\Java
    [21/09/2006|11:36] C:\Program Files\K-Lite Codec Pack
    [28/04/2005|10:40] C:\Program Files\Logitech
    [09/01/2009|17:56] C:\Program Files\Malwarebytes' Anti-Malware
    [28/04/2005|10:01] C:\Program Files\Messenger
    [28/04/2005|10:36] C:\Program Files\Micro Application
    [07/06/2005|09:16] C:\Program Files\Microids
    [22/12/2008|12:52] C:\Program Files\Microsoft ActiveSync
    [28/04/2005|10:04] C:\Program Files\microsoft frontpage
    [01/05/2005|10:04] C:\Program Files\Microsoft Office
    [28/04/2005|10:38] C:\Program Files\Microsoft Picture It! PhotoPub
    [27/11/2008|13:42] C:\Program Files\Microsoft Visual Studio
    [28/04/2005|10:46] C:\Program Files\Microsoft Works
    [28/04/2005|10:02] C:\Program Files\Movie Maker
    [27/01/2006|19:04] C:\Program Files\Mozilla Firefox
    [28/04/2005|10:00] C:\Program Files\MSN
    [28/04/2005|10:01] C:\Program Files\MSN Gaming Zone
    [07/10/2005|13:14] C:\Program Files\MSN Messenger
    [03/07/2008|11:57] C:\Program Files\MYMA Decoder and Viewer
    [09/01/2009|16:14] C:\Program Files\Navilog1
    [28/04/2005|10:02] C:\Program Files\NetMeeting
    [28/04/2005|10:11] C:\Program Files\NewTech Infosystems
    [25/03/2006|11:33] C:\Program Files\NokiaFREE Unlock Codes Calculator
    [28/04/2005|13:18] C:\Program Files\Norton AntiVirus
    [15/09/2005|21:50] C:\Program Files\nutri
    [27/11/2008|12:12] C:\Program Files\Nvu
    [06/09/2008|16:40] C:\Program Files\OE Password Recovery
    [30/05/2005|16:46] C:\Program Files\OfficeUpdate11
    [28/04/2005|10:32] C:\Program Files\OLYMPUS
    [28/04/2005|10:29] C:\Program Files\OLYMPUS CAMEDIASuite
    [27/10/2008|13:35] C:\Program Files\OpenOffice.org 3
    [28/04/2005|10:02] C:\Program Files\Outlook Express
    [27/11/2008|12:43] C:\Program Files\PC Inspector File Recovery
    [27/11/2008|12:45] C:\Program Files\PDF Editeur 2
    [27/11/2008|12:46] C:\Program Files\PhotoFiltre
    [07/11/2008|12:58] C:\Program Files\Poster Forge
    [07/11/2008|12:56] C:\Program Files\POSTERIZA
    [28/05/2005|23:15] C:\Program Files\PowerPoint Viewer
    [28/04/2005|10:34] C:\Program Files\QuickTime
    [28/04/2005|10:41] C:\Program Files\Real
    [28/04/2005|10:09] C:\Program Files\Realtek Sound Manager
    [27/01/2006|22:29] C:\Program Files\RM-X Player V4
    [22/07/2005|22:13] C:\Program Files\RoadRoll
    [28/04/2005|10:01] C:\Program Files\Services en ligne
    [10/11/2008|12:59] C:\Program Files\Shareaza
    [10/11/2008|13:39] C:\Program Files\Shareaza Applications
    [28/04/2005|13:17] C:\Program Files\Symantec
    [07/10/2007|16:45] C:\Program Files\TELE2
    [05/03/2006|07:43] C:\Program Files\Traduction-online
    [28/04/2005|10:09] C:\Program Files\Uninstall Information
    [13/10/2007|09:45] C:\Program Files\Windows Live Favorites
    [09/04/2007|22:01] C:\Program Files\Windows Live Toolbar
    [07/08/2007|17:48] C:\Program Files\Windows Media Connect 2
    [28/04/2005|10:01] C:\Program Files\Windows Media Player
    [28/04/2005|10:00] C:\Program Files\Windows NT
    [28/04/2005|10:01] C:\Program Files\WindowsUpdate
    [28/04/2005|10:04] C:\Program Files\xerox
    [01/08/2005|10:51] C:\Program Files\Yahoo!
    [28/04/2005|10:49] C:\Program Files\Zone Labs

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/04/2005|10:10] C:\Program Files\Fichiers communs\Adobe
    [09/08/2007|12:19] C:\Program Files\Fichiers communs\BOONTY Shared
    [28/04/2005|11:00] C:\Program Files\Fichiers communs\Borland Shared
    [27/11/2008|13:42] C:\Program Files\Fichiers communs\DESIGNER
    [18/10/2007|16:12] C:\Program Files\Fichiers communs\Hewlett-Packard
    [18/10/2007|16:13] C:\Program Files\Fichiers communs\HP
    [28/04/2005|10:09] C:\Program Files\Fichiers communs\InstallShield
    [28/04/2005|10:13] C:\Program Files\Fichiers communs\Java
    [28/04/2005|10:40] C:\Program Files\Fichiers communs\Logitech
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/08/2007|13:38] C:\Program Files\Fichiers communs\Motorola Shared
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\MSSoap
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\ODBC
    [28/04/2005|10:41] C:\Program Files\Fichiers communs\Real
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\Services
    [28/04/2005|09:57] C:\Program Files\Fichiers communs\SpeechEngines
    [28/04/2005|13:17] C:\Program Files\Fichiers communs\Symantec Shared
    [28/04/2005|10:02] C:\Program Files\Fichiers communs\System
    [19/11/2008|11:07] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 45 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-10 12:13:25
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:17][D:3]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp
    [F:99][D:0]-> C:\DOCUME~1\ISABEL~1\Cookies
    [F:1991][D:12]-> C:\DOCUME~1\ISABEL~1\LOCALS~1\TEMPOR~1\content.IE5
    [F:81][D:3]-> C:\Recycled

    1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|11:41 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 10/01/2009|12:14 - Option : [2]

    --------------------\\ Fin du rapport a 12:14:06
    0
  11. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    ok le hijack svp
    0
  12. tenzing
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:16:43, on 10/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgscanx.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\isabelle Martin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [hizonimogi] Rundll32.exe "C:\WINDOWS\system32\mupojuwe.dll",s (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.cbainfo.fr/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer = 192.168.1.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{252E059A-6BEF-4D0D-A7A0-9A116219E277}: NameServer = 192.168.1.254
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\ramuzovi.dll,C:\WINDOWS\system32\foromogu.dll,c:\windows\system32\davagadu.dll,avgrsstx.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    0
  13. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    ? Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    ? Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    ? Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ? Au menu principal, choisis l'option "A".
    ? Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    puis

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    ? Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

    ? Coche à l'écran de sélection :
    http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

    Suppression Boonty/BoontyGames (Si trouvé)
    Suppression Eorezo (Si trouvé)
    Suppression Everest Poker (Si trouvé)
    Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
    Suppression Messenger Skinner (Si trouvé)
    Suppression Sweetim (Si trouvé)

    ? Puis choisis S, le programme va travailler.

    ? Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report.log)

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

    0
  14. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    post les deux rapport precedant et fait ceci

    - Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
    http://sosvirus.changelog.fr/MSNFix.zip

    - Décompresse-le (clic droit >> Extraire ici).

    - Double-clique sur le fichier MSNFix.bat.

    - Exécute l'option R.
    Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

    Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.

    0
  15. tenzing
     
    ------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

    # START AT: 12:39:22 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
    # BOOT MODE: Normal
    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    # PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
    # DRIVE(S):
    - C:\ (File System: FAT32)
    # System Drive: C:\
    # Windows Directory: C:\WINDOWS\
    # System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 44

    +--------------------| Boonty/Boonty Games Elements found :

    .
    Service: "Boonty Games"
    .
    HKCR\boontybox
    HKCU\SOFTWARE\Boonty
    HKLM\Software\Boonty
    HKLM\Software\Classes\boontybox
    HKLM\SYSTEM\ControlSet001\Services\Boonty Games
    HKLM\SYSTEM\CurrentControlSet\Services\Boonty Games
    HKLM\SYSTEM\ControlSet003\Services\Boonty Games
    .
    C:\Program Files\Boonty
    C:\Program Files\Boonty\Components
    C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
    C:\Program Files\BoontyGames
    C:\Program Files\BoontyGames\magicball3.exe
    C:\Program Files\BoontyGames\Components
    C:\Program Files\BoontyGames\Components\Joystick.ico
    C:\Program Files\BoontyGames\Components\bureau.url
    C:\Program Files\BoontyGames\Components\start.url
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
    C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B4C9A000.dat

    +--------------------| Eorezo Elements found :

    .
    .

    +--------------------| Everest Poker Elements found :

    .
    .

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    .
    HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
    .

    +--------------------| It's TV Elements found :

    .

    +--------------------| Sweetim Elements found :

    .
    .

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\whfgu1t2.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    * Browser Search Default Engine: "Google"
    * Browser Search Selected Engine: "Live Search"
    * Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
    * Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.11 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Start Page : hxxp://www.01net.com/\0http

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.msn.com/
    Start Page : hxxp://www.01net.com/\0http

    +---------------------------------------------------------------------------+

    [~3121 bytes] - "C:\AD-report-Scan-10.01.2009.log"

    # END at: 12:40:13 | 10/01/2009 - Time elapsed: 50.6 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 72 lines ]
    +---------------------------------------------------------------------------+
    0
  16. tenzing
     
    Pb: le rapport après suppression n'apparait pas même après avoir cherché sur le disque dur Ad-report.log....
    En effet tous les fichiers auxquels tu faisais référence sont apprus et supprimés mais pas de rapport!
    0
  17. tenzing
     
    Dois je effectuer d'autres manoeuvres au sujet de Ad-raport.log pour le récupérer et te l'expédier ou celà n'est il pas nécessaire?
    Merci de ta réponse
    0
  18. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    refait adremover option 1 pour verifiez svp
    0
    1. tenzing
       
      voilà le rapport:

      ------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

      # START AT: 13:41:33 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
      # BOOT MODE: Normal
      # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
      # PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
      # DRIVE(S):
      - C:\ (File System: FAT32)
      # System Drive: C:\
      # Windows Directory: C:\WINDOWS\
      # System Directory: C:\WINDOWS\system32\

      --- RUNNING PROCESSES: 45

      +--------------------| Boonty/Boonty Games Elements found :

      .
      Service: "Boonty Games"
      .
      HKCR\boontybox
      HKCU\SOFTWARE\Boonty
      HKLM\Software\Boonty
      HKLM\Software\Classes\boontybox
      HKLM\SYSTEM\ControlSet001\Services\Boonty Games
      HKLM\SYSTEM\CurrentControlSet\Services\Boonty Games
      HKLM\SYSTEM\ControlSet003\Services\Boonty Games
      .
      C:\Program Files\Boonty
      C:\Program Files\Boonty\Components
      C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe
      C:\Program Files\BoontyGames
      C:\Program Files\BoontyGames\magicball3.exe
      C:\Program Files\BoontyGames\Components
      C:\Program Files\BoontyGames\Components\Joystick.ico
      C:\Program Files\BoontyGames\Components\bureau.url
      C:\Program Files\BoontyGames\Components\start.url
      C:\Program Files\Fichiers communs\BOONTY Shared
      C:\Program Files\Fichiers communs\BOONTY Shared\Service
      C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      C:\Documents and Settings\All Users\Application Data\BOONTY
      C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
      C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B4C9A000.dat

      +--------------------| Eorezo Elements found :

      .
      .

      +--------------------| Everest Poker Elements found :

      .
      .

      +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

      .
      HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
      .

      +--------------------| It's TV Elements found :

      .

      +--------------------| Sweetim Elements found :

      .
      .

      +--------------------| ADDED SCAN :


      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ..\whfgu1t2.default\prefs.js :

      ~~~~ Mozilla FireFox version 3.0.5 ~~~~

      * Browser Search Default Engine: "Google"
      * Browser Search Selected Engine: "Live Search"
      * Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
      * Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

      .

      +---------------------------------------------------------------------------+


      ~~~~ Internet Explorer version 7.0.5730.11 ~~~~

      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Start Page : hxxp://www.01net.com/\0http

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.msn.com/
      Start Page : hxxp://www.01net.com/\0http

      +---------------------------------------------------------------------------+

      [~3121 bytes] - "C:\AD-report-Scan-10.01.2009.log"

      # END at: 13:42:25 | 10/01/2009 - Time elapsed: 52.0 seconds

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 72 lines ]
      +---------------------------------------------------------------------------+
      0
  19. tenzing
     
    Je viens de comprendre ce qui s'est passé: en fait rien n'était supprimé parce que j'ai entré "s" en minuscule... Après avoir retenté en entrant "S" majuscule, AD remover a supprimé les fichiers en question. Je te joins le rapport:

    ------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

    *** Limited to ***

    Boonty/BoontyGames
    Eorezo
    Everest Poker
    Funwebproduct/MyWay/MyWebsearch
    It's TV
    Sweetim

    ******************

    # START AT: 13:47:01 | Sam 10/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
    # BOOT MODE: Normal
    # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    # PC: OEM-1O6ETRT0V8N | USER: isabelle Martin ( Current user is an administrator)
    # DRIVE(S):
    - C:\ (File System: FAT32)
    # System Drive: C:\
    # Windows Directory: C:\WINDOWS\
    # System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 45

    (!) ---- IE start pages reset

    +--------------------| Boonty/Boonty Games Elements Deleted :

    .
    Service: "Boonty Games"
    .
    HKCR\boontybox
    HKCU\SOFTWARE\Boonty
    HKLM\Software\Boonty
    HKLM\SYSTEM\ControlSet003\Services\Boonty Games
    .
    C:\Program Files\Boonty
    C:\Program Files\BoontyGames
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\BOONTY

    +--------------------| Eorezo Elements Deleted :

    .
    .

    +--------------------| Everest Poker Elements Deleted :

    .
    .

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
    .

    +--------------------| It's TV Elements Deleted :

    .

    +--------------------| Sweetim Elements Deleted :

    .
    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\whfgu1t2.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    * Browser Search Default Engine: "Google"
    * Browser Search Selected Engine: "Live Search"
    * Browser Search Default Url: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
    * Browser Startup HomePage: "http://search.shareazaweb.com/fr/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.11 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Start Page : hxxp://www.01net.com/\0http

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/
    Start Page : hxxp://www.01net.com/\0http

    +---------------------------------------------------------------------------+

    [~3455 bytes] - "C:\AD-report-Scan-10.01.2009.log"
    [~2683 bytes] - "C:\AD-report-Clean-10.01.2009.log"

    # END at: 13:48:14 | 10/01/2009 - Time elapsed: 73.2 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 69 lines ]
    +---------------------------------------------------------------------------+
    0
  20. tenzing
     
    Est ce terminé?
    Je dois repartir à mon job d'ici environ 1 heure, pardon si je t'ai dérangé pour rien: il semble que ma bécane fonctionne à nouveau normalement!
    Si le travail est terminé et que nous ne sommes plus en contact ( j'imagine que tu es overbooké) , je te remercie vivement de ta précieuse assistance et te fais part de mon admiration quant à tes connaissances dans cette sombre science qu'est l'informatique...
    Bien à toi
    0
  21. darkpoet Messages postés 1696 Statut Contributeur sécurité 62
     
    non je pense que vundo est encore la

    attention ce programme est tres puissant et a manipuler en respectant rigoureusement les consignes bien regarder les tuto pas de fausse manip

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    **Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
    deconnecte toi d'internet,ferme tout les programmes

    Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    ne touche plus à rien, même pas ta souris!!
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    Copie/colle un nouveau rapport HiJackThis avec.

    -----------------------------------------------------

    installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)

    Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:

    https://support.microsoft.com/en-us/help/310994

    descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
    **note: pour le SP3 charge le Service Pack 2
    pour Windows XP Media Center charge XP Pro Service Pack 2.

    enregistre le sur ton bureau.

    0
  • 1
  • 2