Help pour rapport Hijack!

pat2611 Messages postés 12 Statut Membre -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,

Je suis en train d'aider un ami a assainir son PC, si quelqu'un voulait bien jeter un oeil sur ce rapport Hijackthis et me dire ce qu'il en pense, je lui serait très reconnaissant! Merci d'avance pour vos réponses et bonne année à tous!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:12, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\DATA BECKER Shared\DBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 doubleclick.net
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O1 - Hosts: 69.60.111.224 ads.zdnet.com
O1 - Hosts: 69.60.111.224 ads01.focalink.com
O1 - Hosts: 69.60.111.224 ads02.focalink.com
O1 - Hosts: 69.60.111.224 ads03.focalink.com
O1 - Hosts: 69.60.111.224 ads04.focalink.com
O1 - Hosts: 69.60.111.224 ads05.focalink.com
O1 - Hosts: 69.60.111.224 ads06.focalink.com
O1 - Hosts: 69.60.111.224 ads08.focalink.com
O1 - Hosts: 69.60.111.224 ads09.focalink.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebyx - C:\WINDOWS\
O20 - Winlogon Notify: mljhfee - mljhfee.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Fichiers communs\DATA BECKER Shared\DBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 17483 bytes
Configuration: Windows XP
Firefox 3.0.5

17 réponses

  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Il y a plusieurs lignes indiquant une infection...

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste le rapport de scan après la suppression ici

    0
  2. pat2611 Messages postés 12 Statut Membre
     
    merci pour ta réponse rapide!
    Voici le rapport demandé.

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1668
    Windows 5.1.2600 Service Pack 3

    19/01/2009 19:38:55
    mbam-log-2009-01-19 (19-38-55).txt

    Type de recherche: Examen rapide
    Eléments examinés: 81360
    Temps écoulé: 11 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 23
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 21

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{208d7bcc-9857-4c9e-823b-d04e72490a67} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d38439ec-4a7f-42b4-90c2-d810d7778fdd} (Trojan.ConHook) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46a4e9d9-b30e-452a-8157-dbbec8573b03} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d797cf1-3d5e-4436-b891-0f12defbaca9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d797cf1-3d5e-4436-b891-0f12defbaca9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\AttacheMoi (Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\ZM (Trojan.Lop) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Montorgueil\14.05048 (Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\AttacheMoi\AttacheMoi.ico (Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqpqro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\KEVIN\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\KEVIN\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\KEVIN\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    +

    "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe"
    0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour continuer la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit BitDefender

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  4. pat2611 Messages postés 12 Statut Membre
     
    Je te posterai le log dès que mon ami me l'aura transmis!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pat2611 Messages postés 12 Statut Membre
     
    Et voilà le rapport!

    ComboFix 09-01-21.04 - Compaq_Propriétaire 2009-01-22 20:13:35.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.620 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
    FW: Bitdefender Firewall *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Compaq_Propriétaire\Application Data\inst.exe
    c:\documents and settings\KEVIN\Mes documents\My Documents.url
    c:\program files\HbTools
    c:\program files\HbTools\Bin\4.7.7.0\dBenderC.dll
    c:\windows\dat.txt
    c:\windows\msvrc20.dll
    c:\windows\system32\dumphive.exe
    c:\windows\system32\ehkmp.ini
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\whbeeljh.ini
    c:\windows\system32\xybeg.bak1
    c:\windows\system32\xybeg.bak2
    c:\windows\system32\xybeg.ini
    c:\windows\system32\xybeg.ini2
    c:\windows\system32\xybeg.tmp
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_OREANS32
    -------\Service_oreans32

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-22 19:16 . 2009-01-22 19:16 33 --a------ c:\windows\Multimedia manager.INI
    2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
    2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
    2009-01-20 00:42 . 2009-01-20 00:42 <REP> d-------- c:\program files\Microsoft Private Folder 1.0
    2009-01-20 00:15 . 2009-01-20 00:15 <REP> d-------- c:\program files\My Lockbox
    2009-01-20 00:15 . 2007-12-13 20:13 17,264 --a------ c:\windows\system32\drivers\mprifl.sys
    2009-01-19 19:57 . 2009-01-22 18:53 <REP> d-------- c:\documents and settings\KEVIN\Application Data\gtk-2.0
    2009-01-19 19:57 . 2009-01-19 19:57 <REP> d-------- c:\documents and settings\KEVIN\.thumbnails
    2009-01-19 19:55 . 2009-01-22 18:54 <REP> d-------- c:\documents and settings\KEVIN\.gimp-2.6
    2009-01-19 19:55 . 2009-01-19 19:55 <REP> d-------- c:\documents and settings\KEVIN\.gegl-0.0
    2009-01-19 19:25 . 2009-01-19 19:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2009-01-19 19:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 19:24 . 2009-01-19 19:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 19:24 . 2009-01-19 19:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 01:31 . 2003-08-27 22:22 389,632 --a------ c:\windows\system32\mspd.exe
    2009-01-19 01:29 . 2009-01-19 01:29 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\InstallShield Installation Information
    2009-01-19 01:12 . 2009-01-19 01:48 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-19 01:12 . 2009-01-19 01:12 1,409 --a------ c:\windows\QTFont.for
    2009-01-18 17:58 . 2009-01-18 17:58 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Media Player Classic
    2009-01-18 17:57 . 2009-01-18 17:57 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-18 17:57 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-01-18 17:57 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
    2009-01-18 17:57 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-18 17:57 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
    2009-01-18 17:57 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
    2009-01-18 17:57 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
    2009-01-18 17:57 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
    2009-01-18 17:11 . 2009-01-18 17:11 <REP> d-------- c:\program files\GIMP-2.0
    2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
    2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
    2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
    2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
    2009-01-16 02:19 . 2009-01-16 02:19 203,776 --a------ c:\windows\system32\mspd.FRA
    2009-01-16 00:04 . 2009-01-16 00:04 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-14 00:39 . 2009-01-14 00:39 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org
    2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\OpenOffice.org 3
    2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\JRE
    2009-01-12 00:21 . 2006-10-05 14:46 2,935,673 --a------ C:\MAJ_7219.exe
    2008-12-31 01:59 . 2008-12-31 01:59 5,632 --ahs---- c:\windows\Thumbs.db
    2008-12-31 01:59 . 2008-12-31 01:59 5,120 --ahs---- c:\documents and settings\Thumbs.db
    2008-12-26 17:55 . 2008-12-26 17:55 151 --a------ c:\windows\PhotoSnapViewer.INI
    2008-12-26 17:52 . 2008-12-26 17:57 <REP> dr------- c:\documents and settings\BIBI\Mes documents
    2008-12-26 17:03 . 2008-12-26 17:03 <REP> d-------- C:\Autre utilisateur
    2008-12-25 19:36 . 2008-12-25 19:36 <REP> d-------- c:\documents and settings\BIBI\Application Data\BitDefender
    2008-12-25 19:35 . 2008-12-25 19:35 <REP> dr------- c:\documents and settings\BIBI\Favoris

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-22 18:41 --------- d-----w c:\program files\Wanadoo
    2009-01-22 18:09 --------- d-----w c:\program files\Microsoft Digital Image 10
    2009-01-22 17:44 --------- d-----w c:\program files\Orbitdownloader
    2009-01-19 18:51 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2009-01-19 18:38 --------- d-----w c:\program files\Applications
    2009-01-19 13:28 --------- d-----w c:\program files\Google
    2009-01-19 00:31 --------- d-----w c:\program files\WMV9_VCM
    2009-01-18 19:04 --------- d-----w c:\program files\eMule
    2009-01-18 18:50 --------- d-----w c:\program files\Fichiers communs\MainConcept
    2009-01-18 16:57 --------- d-----w c:\program files\ffdshow
    2009-01-16 23:32 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\uTorrent
    2009-01-16 18:33 --------- d-----w c:\documents and settings\KEVIN\Application Data\Orbit
    2009-01-16 18:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Orbit
    2009-01-16 13:12 --------- d-----w c:\program files\Wakfu
    2009-01-15 23:04 --------- d-----w c:\program files\Java
    2009-01-11 15:23 --------- d-----w c:\documents and settings\KEVIN\Application Data\Corel
    2009-01-04 01:19 --------- d-----w c:\program files\MediaCoder
    2009-01-01 14:21 --------- d-----w c:\program files\Dofus
    2008-12-31 00:59 --------- d-----w c:\program files\CDBurnerXP
    2008-12-17 01:27 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\ProtectDisc
    2008-12-16 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\DATA BECKER Downloads
    2008-12-16 01:52 --------- d-----w c:\program files\ProtectDisc Driver Installer
    2008-12-16 01:52 --------- d-----w c:\program files\DATA BECKER
    2008-12-16 01:04 --------- d-----w c:\program files\Xi
    2008-12-15 02:04 --------- d-----w c:\program files\WinPcap
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-11-30 02:48 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Ahead
    2008-11-29 19:33 --------- d-----w c:\program files\Fichiers communs\Ahead
    2008-11-29 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
    2008-11-29 19:31 --------- d-----w c:\program files\Nero
    2008-11-29 15:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Corel
    2008-11-29 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
    2008-11-29 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2008-11-29 02:42 --------- d-----w c:\program files\Windows Sidebar
    2008-11-29 01:08 --------- d---a-w c:\program files\Fichiers communs\LightScribe
    2008-11-28 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Nero(2)
    2007-12-14 10:47 8,224 ----a-w c:\documents and settings\KEVIN\Application Data\GDIPFONTCACHEV1.DAT
    2007-06-18 16:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
    2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
    2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
    2006-08-05 01:59 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2
    2006-03-25 18:52 0 -c--a-w c:\documents and settings\KEVIN\Application Data\wklnhst.dat
    2006-01-15 15:47 0 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2008-12-16 16:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
    2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
    2007-04-17 22:18 88 -csh--r c:\windows\system32\7B36EF86F7.sys
    2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
    2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
    2007-06-13 22:24 56 -csh--r c:\windows\system32\F786EF367B.sys
    2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
    2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-05 5566464]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-10 368640]
    "mspd"="c:\windows\system32\mspd.exe" [2003-08-27 389632]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
    "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
    "VIDC.mjpg"= mcmjpg32.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2007-07-02 11:27 219520 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2008-10-10 00:43 368640 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
    --a------ 2007-10-09 15:46 61440 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    --a------ 2006-08-04 10:00 462336 c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-12-16 17:46 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a--c--- 2004-08-20 22:55 155648 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 13:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-06-16 13:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2003-02-11 20:02 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    --a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]
    --a------ 2003-08-27 22:22 389632 c:\windows\system32\mspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a--c--- 2005-03-05 11:26 5566464 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    --a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
    --a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-05-08 14:22 155648 c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a--c--- 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    --a------ 2002-09-27 14:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a------ 2004-08-23 13:50 122880 c:\program files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a------ 2004-06-29 17:06 88363 c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --a------ 2004-09-07 12:47 57344 c:\windows\Alcxmntr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a--c--- 2005-03-05 11:26 1495040 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    --a--c--- 2004-09-24 09:49 49152 c:\windows\system32\SiSPower.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\KEVIN\\Mes documents\\incredimail_install.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-01-20 17264]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-03 28544]
    R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-04-27 2944]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792]
    R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
    R4 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-06 29744]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2007-07-06 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2008-06-19 c:\windows\Tasks\Connexion facile à Internet.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

    2007-07-06 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2008-06-19 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Notify-gebyx - (no file)
    Notify-mljhfee - mljhfee.dll
    MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
    MSConfigStartUp-CloneDVDElbyDelay - c:\program files\CloneDVD\ElbyCheck.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    mSearch Bar = hxxp://www.google.com/ie
    mWindow Title = SOS Connexion - Le web en toute simplicité
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: Ouvrir avec Enregistreur Vidéo Internet - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
    IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
    IE: { - c:\program files\Messenger\msmsgs.exe
    IE: {{1CDBF24A-9516-4A7A-9EB4-663A774547AA}
    IE: {{7829298C-26F7-4C9D-9D92-EC037E727D06} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: {{91BEE9A8-52BB-4566-8DC3-E112A24090A9} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: {{A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433}
    IE: {{AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    TCP: {CAA8D435-03DA-443E-8029-0D43D7BB59B2} = 192.168.1.1
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\hy645xve.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast2.com/index.php?rvs=hompag
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-22 20:20:38
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
    06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
    06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*]
    "N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
    6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}*]
    "N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
    6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="B81F6795465875305CC6F3B42751B85632267D4BEC8324D22987591E6E0C88C42B59D2A8A33089632C6D4CB0014E4EEED317761C62A0BCF62A93172187CDC9EEDDC1E2C118C5569392275E99C5F4A21D4750D7F6724544C4C7EF6B4CE9ECBE1BAEDF20E6B18F99A9756304815D3111E69D43EA9BFAF05A01DB3332AB111EE7E9DE1016122399D14020611A7051023E86C93400408137DFA0A148C94096AB0AAD930256B0417F472BC0B5046152F90EE8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D679422ACB55E203CBD0991773ED70EBF50F101E4102E3DB6ECE111A4DC1EA0E86275311394AA9D56A5F12A86932DE4A8FE3648665333DEF3C2818790332B26C727055B964D5C1210204C7BC0E037CDC44A6D4D6D437389E8EF904E33EBF7ACDD12441F5E871AAA0109A00EB21EA950A1333CBF8DCA4EBBB734F05EC40532CD004171DCE5EFFD38D281AACA3CC92B975CFAFB332AD9979B9413B8134D7CF8C6189B7FDBFD3917B3C4EFDB009365D6F129A8BA9E7D619870C7D2B32F2C56647824C597C3C994E5B4287BD66140773A53CF833ADE17D70CA52C7F5FD39599FA66342E9422C03EE17A6294F7059F08DA512A9DEF31D6B922CB34E6EE0B0F54BABA6D858569AF7073657068C764E226AE27A9C684B974057E16621DC742F49394C20B3FADEDB4EBF97CDD6E095E0D63A0B44F165701773BBA5DCFF90648F36BECEDD79106E9C5F6466A4EDF2FB579D40F7BB36478F03F64611CA89777520FF31ED1B67BB87AA8599F7BF63A649053144DA382512D5A7C0A73F2ACD41EF71FC874A89CBBA621F9DE3FA124BB83F81BBEA3F6F93E70EF36BB642632563137CD0A30CD915661C32A5953F3326D1D5DA6774A65EC516EC7458C9C1E9E019BEE985B88C13515B3A9FB1D7E2B9516F5129E627401C4F409DFD79178E4EF03F964D36324AA37811502888256A6D0C3874AFEAA41817A5756166FE5462C364921BEA5CE2151DC6EB7DE396664E502477DA2997D4A411FEA9F2E622A4C469586160C894C10A2806D7EB3CFA9A79156B43819128B993FD4E4E1CE5AFDC02DC5B394BBCC9076AE8ED880DB5F3111718EE74D8FE10C2E9E523F4E84D38AD0FA938B89A21453CDAA87CB8A92506487F402FB844DD5377BA565BA4CBD22F79C70E00C99F8D44F826F83269A7B5EB0E4AD9C52D9FA8D4B67BFEAD573CE6AF7B6701EF819DB5AC3757A280DE41A970777D05910FE297F0ACDFBD6D9136EA6BA298457DA144A4275FB6C35E75059615C00B84D9E57C974397E8C314FAAB82577EDD7A7F9C82902AC5E0A7BE27906732935E29CACFB3208A23B4A9404F02C066A77B9BD68A8425D335BBCDEEEB0"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(2960)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
    c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
    c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO860un71.dll
    c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
    c:\windows\system32\PFLib.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\FTRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\oodag.exe
    c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2008\vsserv.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-22 20:24:37 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-22 19:24:31

    Avant-CF: 30 076 903 424 octets libres
    Après-CF: 30,689,869,824 octets libres

    390 --- E O F --- 2009-01-14 23:31:50
    0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bien, on avance :)

    Il reste à finir la désinfection (avec les deux étapes suivantes), puis à finir le nettoyage et sécuriser l'ordinateur (c'est pourquoi j'ai besoin d'un nouveau rapport hijackthis ensuite)

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour pat2611, il n'est pas transposable sur un autre ordinateur !

    Toujours avec toutes les protections désactivées, fais ceci :

    • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    • Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    c:\windows\system32\mspd.exe
    c:\windows\system32\mspd.FRA

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mspd"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]

    ------------------------------------------------------------------

    • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    • Quitte le Bloc Notes

    • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
    • Double clique dessus pour le lancer
    • Une fenêtre "Start Flash Disinfector" va apparaître --> branche tous tes disques amovibles et clique sur OK.
    • Tes icônes vont disparaitre, c'est normal, ne touche à rien pendant la désinfection.
    • Lorsque le message "Finish" apparaît, clique sur OK.

    Puis redémarre ton ordinateur, et poste un nouveau rapport hijackthis stp

    0
  8. pat2611 Messages postés 12 Statut Membre
     
    Le premier rapport de combofix:

    ComboFix 09-01-21.04 - Compaq_Propriétaire 2009-01-23 20:20:48.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.633 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt.txt
    AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
    FW: Bitdefender Firewall *disabled*
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\mspd.exe
    c:\windows\system32\mspd.FRA
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\mspd.exe
    c:\windows\system32\mspd.FRA

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-22 19:16 . 2009-01-22 19:16 33 --a------ c:\windows\Multimedia manager.INI
    2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
    2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
    2009-01-20 00:42 . 2009-01-20 00:42 <REP> d-------- c:\program files\Microsoft Private Folder 1.0
    2009-01-20 00:15 . 2009-01-20 00:15 <REP> d-------- c:\program files\My Lockbox
    2009-01-20 00:15 . 2007-12-13 20:13 17,264 --a------ c:\windows\system32\drivers\mprifl.sys
    2009-01-19 19:57 . 2009-01-22 18:53 <REP> d-------- c:\documents and settings\KEVIN\Application Data\gtk-2.0
    2009-01-19 19:57 . 2009-01-19 19:57 <REP> d-------- c:\documents and settings\KEVIN\.thumbnails
    2009-01-19 19:55 . 2009-01-22 18:54 <REP> d-------- c:\documents and settings\KEVIN\.gimp-2.6
    2009-01-19 19:55 . 2009-01-19 19:55 <REP> d-------- c:\documents and settings\KEVIN\.gegl-0.0
    2009-01-19 19:25 . 2009-01-19 19:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2009-01-19 19:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 19:24 . 2009-01-19 19:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 19:24 . 2009-01-19 19:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 01:29 . 2009-01-19 01:29 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\InstallShield Installation Information
    2009-01-19 01:12 . 2009-01-19 01:48 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-19 01:12 . 2009-01-19 01:12 1,409 --a------ c:\windows\QTFont.for
    2009-01-18 17:58 . 2009-01-18 17:58 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Media Player Classic
    2009-01-18 17:57 . 2009-01-18 17:57 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-18 17:57 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-01-18 17:57 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
    2009-01-18 17:57 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-18 17:57 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
    2009-01-18 17:57 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
    2009-01-18 17:57 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
    2009-01-18 17:57 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
    2009-01-18 17:11 . 2009-01-18 17:11 <REP> d-------- c:\program files\GIMP-2.0
    2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
    2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
    2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
    2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
    2009-01-16 00:04 . 2009-01-16 00:04 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-14 00:39 . 2009-01-14 00:39 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org
    2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\OpenOffice.org 3
    2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\JRE
    2009-01-12 00:21 . 2006-10-05 14:46 2,935,673 --a------ C:\MAJ_7219.exe
    2008-12-31 01:59 . 2008-12-31 01:59 5,632 --ahs---- c:\windows\Thumbs.db
    2008-12-31 01:59 . 2008-12-31 01:59 5,120 --ahs---- c:\documents and settings\Thumbs.db
    2008-12-26 17:55 . 2008-12-26 17:55 151 --a------ c:\windows\PhotoSnapViewer.INI
    2008-12-26 17:52 . 2008-12-26 17:57 <REP> dr------- c:\documents and settings\BIBI\Mes documents
    2008-12-26 17:03 . 2008-12-26 17:03 <REP> d-------- C:\Autre utilisateur
    2008-12-25 19:36 . 2008-12-25 19:36 <REP> d-------- c:\documents and settings\BIBI\Application Data\BitDefender
    2008-12-25 19:35 . 2008-12-25 19:35 <REP> dr------- c:\documents and settings\BIBI\Favoris

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 19:23 81,984 ----a-w c:\windows\system32\bdod.bin
    2009-01-23 19:16 --------- d-----w c:\program files\Wanadoo
    2009-01-23 15:43 --------- d-----w c:\program files\Orbitdownloader
    2009-01-22 18:09 --------- d-----w c:\program files\Microsoft Digital Image 10
    2009-01-19 18:51 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2009-01-19 18:38 --------- d-----w c:\program files\Applications
    2009-01-19 13:28 --------- d-----w c:\program files\Google
    2009-01-19 00:31 --------- d-----w c:\program files\WMV9_VCM
    2009-01-18 19:04 --------- d-----w c:\program files\eMule
    2009-01-18 18:50 --------- d-----w c:\program files\Fichiers communs\MainConcept
    2009-01-18 16:57 --------- d-----w c:\program files\ffdshow
    2009-01-16 23:32 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\uTorrent
    2009-01-16 18:33 --------- d-----w c:\documents and settings\KEVIN\Application Data\Orbit
    2009-01-16 18:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Orbit
    2009-01-16 13:12 --------- d-----w c:\program files\Wakfu
    2009-01-15 23:04 --------- d-----w c:\program files\Java
    2009-01-11 15:23 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
    2009-01-11 15:23 --------- d-----w c:\documents and settings\KEVIN\Application Data\Corel
    2009-01-04 01:19 --------- d-----w c:\program files\MediaCoder
    2009-01-01 14:21 --------- d-----w c:\program files\Dofus
    2008-12-31 00:59 --------- d-----w c:\program files\CDBurnerXP
    2008-12-17 01:27 1,868,944 ----a-w c:\windows\system32\RSA32_16.DLL
    2008-12-17 01:27 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\ProtectDisc
    2008-12-16 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\DATA BECKER Downloads
    2008-12-16 01:52 --------- d-----w c:\program files\ProtectDisc Driver Installer
    2008-12-16 01:52 --------- d-----w c:\program files\DATA BECKER
    2008-12-16 01:04 --------- d-----w c:\program files\Xi
    2008-12-15 02:04 --------- d-----w c:\program files\WinPcap
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
    2008-11-30 02:48 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Ahead
    2008-11-29 19:33 --------- d-----w c:\program files\Fichiers communs\Ahead
    2008-11-29 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
    2008-11-29 19:31 --------- d-----w c:\program files\Nero
    2008-11-29 15:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Corel
    2008-11-29 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
    2008-11-29 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2008-11-29 02:42 --------- d-----w c:\program files\Windows Sidebar
    2008-11-29 01:08 --------- d---a-w c:\program files\Fichiers communs\LightScribe
    2008-11-28 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Nero(2)
    2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:33 684,032 ----a-w c:\windows\system32\divx.dll
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2007-12-14 10:47 8,224 ----a-w c:\documents and settings\KEVIN\Application Data\GDIPFONTCACHEV1.DAT
    2007-06-18 16:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
    2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
    2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
    2006-08-05 01:59 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2
    2006-03-25 18:52 0 -c--a-w c:\documents and settings\KEVIN\Application Data\wklnhst.dat
    2006-01-15 15:47 0 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2008-12-16 16:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
    2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
    2007-04-17 22:18 88 -csh--r c:\windows\system32\7B36EF86F7.sys
    2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
    2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
    2007-06-13 22:24 56 -csh--r c:\windows\system32\F786EF367B.sys
    2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
    2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-22_20.23.41.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-23 18:55:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1c0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-05 5566464]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-10 368640]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
    "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
    "VIDC.mjpg"= mcmjpg32.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2007-07-02 11:27 219520 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2008-10-10 00:43 368640 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
    --a------ 2007-10-09 15:46 61440 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    --a------ 2006-08-04 10:00 462336 c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-12-16 17:46 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a--c--- 2004-08-20 22:55 155648 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 13:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-06-16 13:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2003-02-11 20:02 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    --a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a--c--- 2005-03-05 11:26 5566464 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    --a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
    --a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-05-08 14:22 155648 c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a--c--- 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    --a------ 2002-09-27 14:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a------ 2004-08-23 13:50 122880 c:\program files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a------ 2004-06-29 17:06 88363 c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --a------ 2004-09-07 12:47 57344 c:\windows\Alcxmntr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a--c--- 2005-03-05 11:26 1495040 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    --a--c--- 2004-09-24 09:49 49152 c:\windows\system32\SiSPower.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\KEVIN\\Mes documents\\incredimail_install.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-01-20 17264]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-03 28544]
    R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-04-27 2944]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792]
    R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
    R4 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-06 29744]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2007-07-06 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2008-06-19 c:\windows\Tasks\Connexion facile à Internet.job
    - c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

    2007-07-06 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

    2008-06-19 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=desktop
    mSearch Bar = hxxp://www.google.com/ie
    mWindow Title = SOS Connexion - Le web en toute simplicité
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: Ouvrir avec Enregistreur Vidéo Internet - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
    IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
    IE: { - c:\program files\Messenger\msmsgs.exe
    IE: {{1CDBF24A-9516-4A7A-9EB4-663A774547AA}
    IE: {{7829298C-26F7-4C9D-9D92-EC037E727D06} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: {{91BEE9A8-52BB-4566-8DC3-E112A24090A9} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    IE: {{A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433}
    IE: {{AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    TCP: {CAA8D435-03DA-443E-8029-0D43D7BB59B2} = 192.168.1.1
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\hy645xve.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast2.com/index.php?rvs=hompag
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 20:23:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
    06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
    06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*]
    "N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
    6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}*]
    "N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
    6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="B81F6795465875305CC6F3B42751B85632267D4BEC8324D22987591E6E0C88C42B59D2A8A33089632C6D4CB0014E4EEED317761C62A0BCF62A93172187CDC9EEDDC1E2C118C5569392275E99C5F4A21D4750D7F6724544C4C7EF6B4CE9ECBE1BAEDF20E6B18F99A9756304815D3111E69D43EA9BFAF05A01DB3332AB111EE7E9DE1016122399D14020611A7051023E86C93400408137DFA0A148C94096AB0AAD930256B0417F472BC0B5046152F90EE8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D679422ACB55E203CBD0991773ED70EBF50F101E4102E3DB6ECE111A4DC1EA0E86275311394AA9D56A5F12A86932DE4A8FE3648665333DEF3C2818790332B26C727055B964D5C1210204C7BC0E037CDC44A6D4D6D437389E8EF904E33EBF7ACDD12441F5E871AAA0109A00EB21EA950A1333CBF8DCA4EBBB734F05EC40532CD004171DCE5EFFD38D281AACA3CC92B975CFAFB332AD9979B9413B8134D7CF8C6189B7FDBFD3917B3C4EFDB009365D6F129A8BA9E7D619870C7D2B32F2C56647824C597C3C994E5B4287BD66140773A53CF833ADE17D70CA52C7F5FD39599FA66342E9422C03EE17A6294F7059F08DA512A9DEF31D6B922CB34E6EE0B0F54BABA6D858569AF7073657068C764E226AE27A9C684B974057E16621DC742F49394C20B3FADEDB4EBF97CDD6E095E0D63A0B44F165701773BBA5DCFF90648F36BECEDD79106E9C5F6466A4EDF2FB579D40F7BB36478F03F64611CA89777520FF31ED1B67BB87AA8599F7BF63A649053144DA382512D5A7C0A73F2ACD41EF71FC874A89CBBA621F9DE3FA124BB83F81BBEA3F6F93E70EF36BB642632563137CD0A30CD915661C32A5953F3326D1D5DA6774A65EC516EC7458C9C1E9E019BEE985B88C13515B3A9FB1D7E2B9516F5129E627401C4F409DFD79178E4EF03F964D36324AA37811502888256A6D0C3874AFEAA41817A5756166FE5462C364921BEA5CE2151DC6EB7DE396664E502477DA2997D4A411FEA9F2E622A4C469586160C894C10A2806D7EB3CFA9A79156B43819128B993FD4E4E1CE5AFDC02DC5B394BBCC9076AE8ED880DB5F3111718EE74D8FE10C2E9E523F4E84D38AD0FA938B89A21453CDAA87CB8A92506487F402FB844DD5377BA565BA4CBD22F79C70E00C99F8D44F826F83269A7B5EB0E4AD9C52D9FA8D4B67BFEAD573CE6AF7B6701EF819DB5AC3757A280DE41A970777D05910FE297F0ACDFBD6D9136EA6BA298457DA144A4275FB6C35E75059615C00B84D9E57C974397E8C314FAAB82577EDD7A7F9C82902AC5E0A7BE27906732935E29CACFB3208A23B4A9404F02C066A77B9BD68A8425D335BBCDEEEB0"
    .
    Heure de fin: 2009-01-23 20:25:53
    ComboFix-quarantined-files.txt 2009-01-23 19:25:22
    ComboFix2.txt 2009-01-22 19:24:38

    Avant-CF: 30 634 631 168 octets libres
    Après-CF: 30,646,906,880 octets libres

    341 --- E O F --- 2009-01-14 23:31:50

    Et le rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:44:56, on 23/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\My Lockbox\flockbox.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  9. pat2611 Messages postés 12 Statut Membre
     
    up!!!
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Désolé pour le délai de réponse.

    Un petit oubli (une barre d'outil néfaste) :

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    • Lance l'installation du programme en exécutant le fichier téléchargé.
    • Double-clique maintenant sur le raccourci de Toolbar-S&D.
    • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    • Poste le rapport généré. (C:\TB.txt)

    0
  11. pat2611 Messages postés 12 Statut Membre
     
    Désolé d'avoir tardé!

    Voici le rapport:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : Bitdefender Firewall 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:228 Go (Free:19 Go)
    D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 01/02/2009|19:42 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar
    C:\Program Files\AskTBar\PopSwatr
    C:\Program Files\AskTBar\bar\3.bin
    C:\Program Files\AskTBar\bar\Cache
    C:\Program Files\AskTBar\bar\History
    C:\Program Files\AskTBar\bar\Settings
    C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL
    C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
    C:\Program Files\AskTBar\bar\Cache\00061C25
    C:\Program Files\AskTBar\bar\Cache\00083E69.bin
    C:\Program Files\AskTBar\bar\Cache\0008404E.bin
    C:\Program Files\AskTBar\bar\Cache\000841A5.bin
    C:\Program Files\AskTBar\bar\Cache\0154C628
    C:\Program Files\AskTBar\bar\Cache\01F8D1B4.bin
    C:\Program Files\AskTBar\bar\Cache\files.ini
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
    C:\Program Files\AskTBar\PopSwatr\History
    C:\Program Files\AskTBar\PopSwatr\History\allowed
    C:\Program Files\AskTBar\PopSwatr\History\notallow
    C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@mysearch[1].txt
    C:\WINDOWS\iun6002.exe

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

    (KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg

    1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]

    -----------\\ Fin du rapport a 19:43:35,89

    Merci encore!!!
    0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok :)

    • Relance Toolbar-S&D en double-cliquant sur le raccourci.
    • Tape sur "2" puis valide en appuyant sur "Entrée".
    • Ne ferme pas la fenêtre lors de la suppression !
    • Un rapport sera généré, poste son contenu ici.

    0
  13. pat2611 Messages postés 12 Statut Membre
     
    Voila le rapport!

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : Bitdefender Firewall 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:228 Go (Free:18 Go)
    D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)
    Q:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 04/02/2009|19:36 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskTBar\bar
    Supprime! - C:\Program Files\AskTBar\PopSwatr
    Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@mysearch[1].txt
    Supprime! - C:\WINDOWS\iun6002.exe
    Supprime! - C:\Program Files\AskTBar

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

    (KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg

    1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]
    5 - "C:\ToolBar SD\TB_5.txt" - 04/02/2009|19:39 - Option : [2]

    -----------\\ Fin du rapport a 19:39:38,34

    Merci d'avance et bonne journée!
    0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Redémarre ton ordinateur et poste un dernier rapport hijackthis stp :)

    0
  15. pat2611 Messages postés 12 Statut Membre
     
    Et voila le rapport Hijack!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:59:46, on 09/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\My Lockbox\flockbox.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
    O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1AD463B7-D83F-4B19-BCEF-5E10FE8A1E76} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  16. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    La barre d'outil néfaste (AskBar) a été supprimée, mais tu as installé une nouvelle infection depuis (MyWebSearch)
    Je ne sais pas ce que tu fais avec ton ordinateur, mais si tu continues comme ça, on ne s'en sortira jamais...

    Relance ToolbarS&D et choisis l'option 1 (Recherche) puis poste le rapport.

    0
  17. pat2611 Messages postés 12 Statut Membre
     
    Désolé pour le délai!

    Voici le rapport:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Compaq_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : Bitdefender Firewall 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:228 Go (Free:43 Go)
    D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 19/02/2009|19:53 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    [Service] MyWebSearchService
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver
    C:\Program Files\FunWebProducts\Shared
    C:\Program Files\FunWebProducts\ScreenSaver\Images
    C:\Program Files\FunWebProducts\ScreenSaver\Images\000959FB.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0015DEF0.urr
    C:\Program Files\FunWebProducts\Shared\00062107.dat
    C:\Program Files\FunWebProducts\Shared\Cache
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\SrchAstt
    C:\Program Files\MyWebSearch\bar\1.bin
    C:\Program Files\MyWebSearch\bar\2.bin
    C:\Program Files\MyWebSearch\bar\Avatar
    C:\Program Files\MyWebSearch\bar\Cache
    C:\Program Files\MyWebSearch\bar\Game
    C:\Program Files\MyWebSearch\bar\History
    C:\Program Files\MyWebSearch\bar\icons
    C:\Program Files\MyWebSearch\bar\Message
    C:\Program Files\MyWebSearch\bar\Notifier
    C:\Program Files\MyWebSearch\bar\Settings
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\00022E2A
    C:\Program Files\MyWebSearch\bar\Cache\00024F00
    C:\Program Files\MyWebSearch\bar\Cache\00025C10.bin
    C:\Program Files\MyWebSearch\bar\Cache\000266CE.bin
    C:\Program Files\MyWebSearch\bar\Cache\0002717D.bin
    C:\Program Files\MyWebSearch\bar\Cache\000274C8.bin
    C:\Program Files\MyWebSearch\bar\Cache\0002C5B7.bin
    C:\Program Files\MyWebSearch\bar\Cache\0002C7DA.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search3
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin
    C:\Program Files\MyWebSearch\SrchAstt\2.bin
    C:\WINDOWS\System32\f3PSSavr.scr
    C:\Program Files\Internet Explorer\msimg32.dll
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
    (Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

    (KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
    C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg

    1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]
    5 - "C:\ToolBar SD\TB_5.txt" - 04/02/2009|19:39 - Option : [2]
    6 - "C:\ToolBar SD\TB_6.txt" - 19/02/2009|19:55 - Option : [1]

    -----------\\ Fin du rapport a 19:55:41,45
    0
  18. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    • Relance Toolbar-S&D en double-cliquant sur le raccourci.
    • Tape sur "2" puis valide en appuyant sur "Entrée".
    • Ne ferme pas la fenêtre lors de la suppression !
    • Un rapport sera généré, poste son contenu ici.

    Puis redémarre ton ordinateur et poste un nouveau rapport hijackthis stp

    0