Sujet Précédent Sujet Suivant

Help pour rapport Hijack!

Fermé
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009 - 19 janv. 2009 à 15:04
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 21 févr. 2009 à 09:53
Bonjour,

Je suis en train d'aider un ami a assainir son PC, si quelqu'un voulait bien jeter un oeil sur ce rapport Hijackthis et me dire ce qu'il en pense, je lui serait très reconnaissant! Merci d'avance pour vos réponses et bonne année à tous!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:12, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\DATA BECKER Shared\DBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 doubleclick.net
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O1 - Hosts: 69.60.111.224 ads.zdnet.com
O1 - Hosts: 69.60.111.224 ads01.focalink.com
O1 - Hosts: 69.60.111.224 ads02.focalink.com
O1 - Hosts: 69.60.111.224 ads03.focalink.com
O1 - Hosts: 69.60.111.224 ads04.focalink.com
O1 - Hosts: 69.60.111.224 ads05.focalink.com
O1 - Hosts: 69.60.111.224 ads06.focalink.com
O1 - Hosts: 69.60.111.224 ads08.focalink.com
O1 - Hosts: 69.60.111.224 ads09.focalink.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebyx - C:\WINDOWS\
O20 - Winlogon Notify: mljhfee - mljhfee.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Fichiers communs\DATA BECKER Shared\DBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

17 réponses

Réponse 1 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 janv. 2009 à 15:11
Bonjour,


Il y a plusieurs lignes indiquant une infection...


• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste le rapport de scan après la suppression ici

0
Réponse 2 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
19 janv. 2009 à 22:06
merci pour ta réponse rapide!
Voici le rapport demandé.

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 3

19/01/2009 19:38:55
mbam-log-2009-01-19 (19-38-55).txt

Type de recherche: Examen rapide
Eléments examinés: 81360
Temps écoulé: 11 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{208d7bcc-9857-4c9e-823b-d04e72490a67} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d38439ec-4a7f-42b4-90c2-d810d7778fdd} (Trojan.ConHook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46a4e9d9-b30e-452a-8157-dbbec8573b03} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d797cf1-3d5e-4436-b891-0f12defbaca9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74dd705d-6834-439c-a735-a6dbe2677452} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d797cf1-3d5e-4436-b891-0f12defbaca9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\AttacheMoi (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\ZM (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Montorgueil\14.05048 (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\AttacheMoi\AttacheMoi.ico (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpqro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
+


"C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe"
0
Réponse 3 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
20 janv. 2009 à 20:44
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


On va utiliser Combofix pour continuer la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

Dans ton cas, il s'agit BitDefender

==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------


Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

0
Réponse 4 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
22 janv. 2009 à 16:12
Je te posterai le log dès que mon ami me l'aura transmis!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
22 janv. 2009 à 20:40
Et voilà le rapport!

ComboFix 09-01-21.04 - Compaq_Propriétaire 2009-01-22 20:13:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.620 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Propriétaire\Application Data\inst.exe
c:\documents and settings\KEVIN\Mes documents\My Documents.url
c:\program files\HbTools
c:\program files\HbTools\Bin\4.7.7.0\dBenderC.dll
c:\windows\dat.txt
c:\windows\msvrc20.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ehkmp.ini
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\whbeeljh.ini
c:\windows\system32\xybeg.bak1
c:\windows\system32\xybeg.bak2
c:\windows\system32\xybeg.ini
c:\windows\system32\xybeg.ini2
c:\windows\system32\xybeg.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
.

2009-01-22 19:16 . 2009-01-22 19:16 33 --a------ c:\windows\Multimedia manager.INI
2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
2009-01-20 00:42 . 2009-01-20 00:42 <REP> d-------- c:\program files\Microsoft Private Folder 1.0
2009-01-20 00:15 . 2009-01-20 00:15 <REP> d-------- c:\program files\My Lockbox
2009-01-20 00:15 . 2007-12-13 20:13 17,264 --a------ c:\windows\system32\drivers\mprifl.sys
2009-01-19 19:57 . 2009-01-22 18:53 <REP> d-------- c:\documents and settings\KEVIN\Application Data\gtk-2.0
2009-01-19 19:57 . 2009-01-19 19:57 <REP> d-------- c:\documents and settings\KEVIN\.thumbnails
2009-01-19 19:55 . 2009-01-22 18:54 <REP> d-------- c:\documents and settings\KEVIN\.gimp-2.6
2009-01-19 19:55 . 2009-01-19 19:55 <REP> d-------- c:\documents and settings\KEVIN\.gegl-0.0
2009-01-19 19:25 . 2009-01-19 19:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2009-01-19 19:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 19:24 . 2009-01-19 19:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 19:24 . 2009-01-19 19:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 01:31 . 2003-08-27 22:22 389,632 --a------ c:\windows\system32\mspd.exe
2009-01-19 01:29 . 2009-01-19 01:29 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\InstallShield Installation Information
2009-01-19 01:12 . 2009-01-19 01:48 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-19 01:12 . 2009-01-19 01:12 1,409 --a------ c:\windows\QTFont.for
2009-01-18 17:58 . 2009-01-18 17:58 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Media Player Classic
2009-01-18 17:57 . 2009-01-18 17:57 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-18 17:57 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-18 17:57 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-18 17:57 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-18 17:57 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-18 17:57 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-18 17:57 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-18 17:57 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-18 17:11 . 2009-01-18 17:11 <REP> d-------- c:\program files\GIMP-2.0
2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
2009-01-16 02:19 . 2009-01-16 02:19 203,776 --a------ c:\windows\system32\mspd.FRA
2009-01-16 00:04 . 2009-01-16 00:04 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 00:39 . 2009-01-14 00:39 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org
2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\JRE
2009-01-12 00:21 . 2006-10-05 14:46 2,935,673 --a------ C:\MAJ_7219.exe
2008-12-31 01:59 . 2008-12-31 01:59 5,632 --ahs---- c:\windows\Thumbs.db
2008-12-31 01:59 . 2008-12-31 01:59 5,120 --ahs---- c:\documents and settings\Thumbs.db
2008-12-26 17:55 . 2008-12-26 17:55 151 --a------ c:\windows\PhotoSnapViewer.INI
2008-12-26 17:52 . 2008-12-26 17:57 <REP> dr------- c:\documents and settings\BIBI\Mes documents
2008-12-26 17:03 . 2008-12-26 17:03 <REP> d-------- C:\Autre utilisateur
2008-12-25 19:36 . 2008-12-25 19:36 <REP> d-------- c:\documents and settings\BIBI\Application Data\BitDefender
2008-12-25 19:35 . 2008-12-25 19:35 <REP> dr------- c:\documents and settings\BIBI\Favoris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 18:41 --------- d-----w c:\program files\Wanadoo
2009-01-22 18:09 --------- d-----w c:\program files\Microsoft Digital Image 10
2009-01-22 17:44 --------- d-----w c:\program files\Orbitdownloader
2009-01-19 18:51 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\gtk-2.0
2009-01-19 18:38 --------- d-----w c:\program files\Applications
2009-01-19 13:28 --------- d-----w c:\program files\Google
2009-01-19 00:31 --------- d-----w c:\program files\WMV9_VCM
2009-01-18 19:04 --------- d-----w c:\program files\eMule
2009-01-18 18:50 --------- d-----w c:\program files\Fichiers communs\MainConcept
2009-01-18 16:57 --------- d-----w c:\program files\ffdshow
2009-01-16 23:32 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\uTorrent
2009-01-16 18:33 --------- d-----w c:\documents and settings\KEVIN\Application Data\Orbit
2009-01-16 18:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Orbit
2009-01-16 13:12 --------- d-----w c:\program files\Wakfu
2009-01-15 23:04 --------- d-----w c:\program files\Java
2009-01-11 15:23 --------- d-----w c:\documents and settings\KEVIN\Application Data\Corel
2009-01-04 01:19 --------- d-----w c:\program files\MediaCoder
2009-01-01 14:21 --------- d-----w c:\program files\Dofus
2008-12-31 00:59 --------- d-----w c:\program files\CDBurnerXP
2008-12-17 01:27 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\ProtectDisc
2008-12-16 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\DATA BECKER Downloads
2008-12-16 01:52 --------- d-----w c:\program files\ProtectDisc Driver Installer
2008-12-16 01:52 --------- d-----w c:\program files\DATA BECKER
2008-12-16 01:04 --------- d-----w c:\program files\Xi
2008-12-15 02:04 --------- d-----w c:\program files\WinPcap
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-30 02:48 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Ahead
2008-11-29 19:33 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-11-29 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-29 19:31 --------- d-----w c:\program files\Nero
2008-11-29 15:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Corel
2008-11-29 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2008-11-29 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-29 02:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-29 01:08 --------- d---a-w c:\program files\Fichiers communs\LightScribe
2008-11-28 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Nero(2)
2007-12-14 10:47 8,224 ----a-w c:\documents and settings\KEVIN\Application Data\GDIPFONTCACHEV1.DAT
2007-06-18 16:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
2006-08-05 01:59 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2
2006-03-25 18:52 0 -c--a-w c:\documents and settings\KEVIN\Application Data\wklnhst.dat
2006-01-15 15:47 0 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-12-16 16:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
2007-04-17 22:18 88 -csh--r c:\windows\system32\7B36EF86F7.sys
2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
2007-06-13 22:24 56 -csh--r c:\windows\system32\F786EF367B.sys
2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-05 5566464]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-10 368640]
"mspd"="c:\windows\system32\mspd.exe" [2003-08-27 389632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
"VIDC.mjpg"= mcmjpg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 11:27 219520 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-10-10 00:43 368640 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-04 10:00 462336 c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-12-16 17:46 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 22:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 13:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 13:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]
--a------ 2003-08-27 22:22 389632 c:\windows\system32\mspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2005-03-05 11:26 5566464 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-08 14:22 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2002-09-27 14:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 13:50 122880 c:\program files\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 17:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 12:47 57344 c:\windows\Alcxmntr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-03-05 11:26 1495040 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2004-09-24 09:49 49152 c:\windows\system32\SiSPower.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\KEVIN\\Mes documents\\incredimail_install.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-01-20 17264]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-03 28544]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-04-27 2944]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792]
R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
R4 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-06 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2007-07-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-06-19 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

2007-07-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-06-19 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-gebyx - (no file)
Notify-mljhfee - mljhfee.dll
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-CloneDVDElbyDelay - c:\program files\CloneDVD\ElbyCheck.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = SOS Connexion - Le web en toute simplicité
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: Ouvrir avec Enregistreur Vidéo Internet - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{1CDBF24A-9516-4A7A-9EB4-663A774547AA}
IE: {{7829298C-26F7-4C9D-9D92-EC037E727D06} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: {{91BEE9A8-52BB-4566-8DC3-E112A24090A9} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: {{A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433}
IE: {{AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
TCP: {CAA8D435-03DA-443E-8029-0D43D7BB59B2} = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\hy645xve.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast2.com/index.php?rvs=hompag
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:20:38
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="B81F6795465875305CC6F3B42751B85632267D4BEC8324D22987591E6E0C88C42B59D2A8A33089632C6D4CB0014E4EEED317761C62A0BCF62A93172187CDC9EEDDC1E2C118C5569392275E99C5F4A21D4750D7F6724544C4C7EF6B4CE9ECBE1BAEDF20E6B18F99A9756304815D3111E69D43EA9BFAF05A01DB3332AB111EE7E9DE1016122399D14020611A7051023E86C93400408137DFA0A148C94096AB0AAD930256B0417F472BC0B5046152F90EE8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D679422ACB55E203CBD0991773ED70EBF50F101E4102E3DB6ECE111A4DC1EA0E86275311394AA9D56A5F12A86932DE4A8FE3648665333DEF3C2818790332B26C727055B964D5C1210204C7BC0E037CDC44A6D4D6D437389E8EF904E33EBF7ACDD12441F5E871AAA0109A00EB21EA950A1333CBF8DCA4EBBB734F05EC40532CD004171DCE5EFFD38D281AACA3CC92B975CFAFB332AD9979B9413B8134D7CF8C6189B7FDBFD3917B3C4EFDB009365D6F129A8BA9E7D619870C7D2B32F2C56647824C597C3C994E5B4287BD66140773A53CF833ADE17D70CA52C7F5FD39599FA66342E9422C03EE17A6294F7059F08DA512A9DEF31D6B922CB34E6EE0B0F54BABA6D858569AF7073657068C764E226AE27A9C684B974057E16621DC742F49394C20B3FADEDB4EBF97CDD6E095E0D63A0B44F165701773BBA5DCFF90648F36BECEDD79106E9C5F6466A4EDF2FB579D40F7BB36478F03F64611CA89777520FF31ED1B67BB87AA8599F7BF63A649053144DA382512D5A7C0A73F2ACD41EF71FC874A89CBBA621F9DE3FA124BB83F81BBEA3F6F93E70EF36BB642632563137CD0A30CD915661C32A5953F3326D1D5DA6774A65EC516EC7458C9C1E9E019BEE985B88C13515B3A9FB1D7E2B9516F5129E627401C4F409DFD79178E4EF03F964D36324AA37811502888256A6D0C3874AFEAA41817A5756166FE5462C364921BEA5CE2151DC6EB7DE396664E502477DA2997D4A411FEA9F2E622A4C469586160C894C10A2806D7EB3CFA9A79156B43819128B993FD4E4E1CE5AFDC02DC5B394BBCC9076AE8ED880DB5F3111718EE74D8FE10C2E9E523F4E84D38AD0FA938B89A21453CDAA87CB8A92506487F402FB844DD5377BA565BA4CBD22F79C70E00C99F8D44F826F83269A7B5EB0E4AD9C52D9FA8D4B67BFEAD573CE6AF7B6701EF819DB5AC3757A280DE41A970777D05910FE297F0ACDFBD6D9136EA6BA298457DA144A4275FB6C35E75059615C00B84D9E57C974397E8C314FAAB82577EDD7A7F9C82902AC5E0A7BE27906732935E29CACFB3208A23B4A9404F02C066A77B9BD68A8425D335BBCDEEEB0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2960)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\pchealth\helpctr\binaries\helpsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-22 20:24:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-22 19:24:31

Avant-CF: 30 076 903 424 octets libres
Après-CF: 30,689,869,824 octets libres

390 --- E O F --- 2009-01-14 23:31:50
0
Réponse 6 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
23 janv. 2009 à 02:52
Bien, on avance :)

Il reste à finir la désinfection (avec les deux étapes suivantes), puis à finir le nettoyage et sécuriser l'ordinateur (c'est pourquoi j'ai besoin d'un nouveau rapport hijackthis ensuite)



/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour pat2611, il n'est pas transposable sur un autre ordinateur !


Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\windows\system32\mspd.exe
c:\windows\system32\mspd.FRA

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mspd"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspd]

------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt





Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
• Double clique dessus pour le lancer
• Une fenêtre "Start Flash Disinfector" va apparaître --> branche tous tes disques amovibles et clique sur OK.
• Tes icônes vont disparaitre, c'est normal, ne touche à rien pendant la désinfection.
• Lorsque le message "Finish" apparaît, clique sur OK.



Puis redémarre ton ordinateur, et poste un nouveau rapport hijackthis stp

0
Réponse 7 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
23 janv. 2009 à 22:25
Le premier rapport de combofix:

ComboFix 09-01-21.04 - Compaq_Propriétaire 2009-01-23 20:20:48.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.633 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire\Bureau\CFScript.txt.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\mspd.exe
c:\windows\system32\mspd.FRA
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mspd.exe
c:\windows\system32\mspd.FRA

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

2009-01-22 19:16 . 2009-01-22 19:16 33 --a------ c:\windows\Multimedia manager.INI
2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
2009-01-20 00:48 . 2009-01-20 00:50 <REP> dr------- c:\documents and settings\Compaq_Propriétaire\My Private Folder
2009-01-20 00:42 . 2009-01-20 00:42 <REP> d-------- c:\program files\Microsoft Private Folder 1.0
2009-01-20 00:15 . 2009-01-20 00:15 <REP> d-------- c:\program files\My Lockbox
2009-01-20 00:15 . 2007-12-13 20:13 17,264 --a------ c:\windows\system32\drivers\mprifl.sys
2009-01-19 19:57 . 2009-01-22 18:53 <REP> d-------- c:\documents and settings\KEVIN\Application Data\gtk-2.0
2009-01-19 19:57 . 2009-01-19 19:57 <REP> d-------- c:\documents and settings\KEVIN\.thumbnails
2009-01-19 19:55 . 2009-01-22 18:54 <REP> d-------- c:\documents and settings\KEVIN\.gimp-2.6
2009-01-19 19:55 . 2009-01-19 19:55 <REP> d-------- c:\documents and settings\KEVIN\.gegl-0.0
2009-01-19 19:25 . 2009-01-19 19:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2009-01-19 19:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 19:24 . 2009-01-19 19:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 19:24 . 2009-01-19 19:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 01:29 . 2009-01-19 01:29 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\InstallShield Installation Information
2009-01-19 01:12 . 2009-01-19 01:48 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-19 01:12 . 2009-01-19 01:12 1,409 --a------ c:\windows\QTFont.for
2009-01-18 17:58 . 2009-01-18 17:58 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Media Player Classic
2009-01-18 17:57 . 2009-01-18 17:57 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-18 17:57 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-18 17:57 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-18 17:57 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-18 17:57 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-18 17:57 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-18 17:57 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-18 17:57 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-18 17:11 . 2009-01-18 17:11 <REP> d-------- c:\program files\GIMP-2.0
2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
2009-01-18 17:02 . 2009-01-19 19:54 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gimp-2.6
2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
2009-01-18 17:02 . 2009-01-18 17:02 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\.gegl-0.0
2009-01-16 00:04 . 2009-01-16 00:04 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 00:39 . 2009-01-14 00:39 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\OpenOffice.org
2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-14 00:37 . 2009-01-14 00:37 <REP> d-------- c:\program files\JRE
2009-01-12 00:21 . 2006-10-05 14:46 2,935,673 --a------ C:\MAJ_7219.exe
2008-12-31 01:59 . 2008-12-31 01:59 5,632 --ahs---- c:\windows\Thumbs.db
2008-12-31 01:59 . 2008-12-31 01:59 5,120 --ahs---- c:\documents and settings\Thumbs.db
2008-12-26 17:55 . 2008-12-26 17:55 151 --a------ c:\windows\PhotoSnapViewer.INI
2008-12-26 17:52 . 2008-12-26 17:57 <REP> dr------- c:\documents and settings\BIBI\Mes documents
2008-12-26 17:03 . 2008-12-26 17:03 <REP> d-------- C:\Autre utilisateur
2008-12-25 19:36 . 2008-12-25 19:36 <REP> d-------- c:\documents and settings\BIBI\Application Data\BitDefender
2008-12-25 19:35 . 2008-12-25 19:35 <REP> dr------- c:\documents and settings\BIBI\Favoris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 19:23 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-23 19:16 --------- d-----w c:\program files\Wanadoo
2009-01-23 15:43 --------- d-----w c:\program files\Orbitdownloader
2009-01-22 18:09 --------- d-----w c:\program files\Microsoft Digital Image 10
2009-01-19 18:51 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\gtk-2.0
2009-01-19 18:38 --------- d-----w c:\program files\Applications
2009-01-19 13:28 --------- d-----w c:\program files\Google
2009-01-19 00:31 --------- d-----w c:\program files\WMV9_VCM
2009-01-18 19:04 --------- d-----w c:\program files\eMule
2009-01-18 18:50 --------- d-----w c:\program files\Fichiers communs\MainConcept
2009-01-18 16:57 --------- d-----w c:\program files\ffdshow
2009-01-16 23:32 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\uTorrent
2009-01-16 18:33 --------- d-----w c:\documents and settings\KEVIN\Application Data\Orbit
2009-01-16 18:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Orbit
2009-01-16 13:12 --------- d-----w c:\program files\Wakfu
2009-01-15 23:04 --------- d-----w c:\program files\Java
2009-01-11 15:23 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
2009-01-11 15:23 --------- d-----w c:\documents and settings\KEVIN\Application Data\Corel
2009-01-04 01:19 --------- d-----w c:\program files\MediaCoder
2009-01-01 14:21 --------- d-----w c:\program files\Dofus
2008-12-31 00:59 --------- d-----w c:\program files\CDBurnerXP
2008-12-17 01:27 1,868,944 ----a-w c:\windows\system32\RSA32_16.DLL
2008-12-17 01:27 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\ProtectDisc
2008-12-16 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\DATA BECKER Downloads
2008-12-16 01:52 --------- d-----w c:\program files\ProtectDisc Driver Installer
2008-12-16 01:52 --------- d-----w c:\program files\DATA BECKER
2008-12-16 01:04 --------- d-----w c:\program files\Xi
2008-12-15 02:04 --------- d-----w c:\program files\WinPcap
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-11-30 02:48 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Ahead
2008-11-29 19:33 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-11-29 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-29 19:31 --------- d-----w c:\program files\Nero
2008-11-29 15:33 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Corel
2008-11-29 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2008-11-29 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-29 02:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-29 01:08 --------- d---a-w c:\program files\Fichiers communs\LightScribe
2008-11-28 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Nero(2)
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2007-12-14 10:47 8,224 ----a-w c:\documents and settings\KEVIN\Application Data\GDIPFONTCACHEV1.DAT
2007-06-18 16:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
2006-10-21 07:48 1,029,402,091 -c--a-w c:\documents and settings\Compaq_Propriétaire\Les 2 Minutes Du Peuple - Francois Perusse 921 Scketches en format mp3.zip
2006-08-05 01:59 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2
2006-03-25 18:52 0 -c--a-w c:\documents and settings\KEVIN\Application Data\wklnhst.dat
2006-01-15 15:47 0 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-12-16 16:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-05-13 15:12 217,073 -csha-r c:\windows\meta4.exe
2005-10-24 09:13 66,560 -csha-r c:\windows\MOTA113.exe
2007-04-17 22:18 88 -csh--r c:\windows\system32\7B36EF86F7.sys
2005-06-26 13:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-21 20:37 45,568 -csha-r c:\windows\system32\cygz.dll
2007-06-13 22:24 56 -csh--r c:\windows\system32\F786EF367B.sys
2004-01-24 22:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2005-02-28 11:16 240,128 -csha-r c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_20.23.41.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-23 18:55:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1c0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-05 5566464]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-10 368640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
"VIDC.mjpg"= mcmjpg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 11:27 219520 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-10-10 00:43 368640 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-04 10:00 462336 c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-12-16 17:46 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 22:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 13:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 13:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2005-03-05 11:26 5566464 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-08 14:22 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2002-09-27 14:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 13:50 122880 c:\program files\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 17:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 12:47 57344 c:\windows\Alcxmntr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-03-05 11:26 1495040 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2004-09-24 09:49 49152 c:\windows\system32\SiSPower.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\KEVIN\\Mes documents\\incredimail_install.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-01-20 17264]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-03 28544]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-04-27 2944]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792]
R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
R4 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-06 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2007-07-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-06-19 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]

2007-07-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-06-19 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = SOS Connexion - Le web en toute simplicité
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: Ouvrir avec Enregistreur Vidéo Internet - file://c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{1CDBF24A-9516-4A7A-9EB4-663A774547AA}
IE: {{7829298C-26F7-4C9D-9D92-EC037E727D06} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: {{91BEE9A8-52BB-4566-8DC3-E112A24090A9} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
IE: {{A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433}
IE: {{AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - c:\documents%20and%20settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
TCP: {CAA8D435-03DA-443E-8029-0D43D7BB59B2} = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\hy645xve.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast2.com/index.php?rvs=hompag
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 20:23:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a5,39,6e,
06,e5,04,d7,3f,79,c2,6a,6d,fb,0e,26,9f,51,85,fb,e6,2c,1c,cb,41,79,c2,c0,9d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="B81F6795465875305CC6F3B42751B85632267D4BEC8324D22987591E6E0C88C42B59D2A8A33089632C6D4CB0014E4EEED317761C62A0BCF62A93172187CDC9EEDDC1E2C118C5569392275E99C5F4A21D4750D7F6724544C4C7EF6B4CE9ECBE1BAEDF20E6B18F99A9756304815D3111E69D43EA9BFAF05A01DB3332AB111EE7E9DE1016122399D14020611A7051023E86C93400408137DFA0A148C94096AB0AAD930256B0417F472BC0B5046152F90EE8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D679422ACB55E203CBD0991773ED70EBF50F101E4102E3DB6ECE111A4DC1EA0E86275311394AA9D56A5F12A86932DE4A8FE3648665333DEF3C2818790332B26C727055B964D5C1210204C7BC0E037CDC44A6D4D6D437389E8EF904E33EBF7ACDD12441F5E871AAA0109A00EB21EA950A1333CBF8DCA4EBBB734F05EC40532CD004171DCE5EFFD38D281AACA3CC92B975CFAFB332AD9979B9413B8134D7CF8C6189B7FDBFD3917B3C4EFDB009365D6F129A8BA9E7D619870C7D2B32F2C56647824C597C3C994E5B4287BD66140773A53CF833ADE17D70CA52C7F5FD39599FA66342E9422C03EE17A6294F7059F08DA512A9DEF31D6B922CB34E6EE0B0F54BABA6D858569AF7073657068C764E226AE27A9C684B974057E16621DC742F49394C20B3FADEDB4EBF97CDD6E095E0D63A0B44F165701773BBA5DCFF90648F36BECEDD79106E9C5F6466A4EDF2FB579D40F7BB36478F03F64611CA89777520FF31ED1B67BB87AA8599F7BF63A649053144DA382512D5A7C0A73F2ACD41EF71FC874A89CBBA621F9DE3FA124BB83F81BBEA3F6F93E70EF36BB642632563137CD0A30CD915661C32A5953F3326D1D5DA6774A65EC516EC7458C9C1E9E019BEE985B88C13515B3A9FB1D7E2B9516F5129E627401C4F409DFD79178E4EF03F964D36324AA37811502888256A6D0C3874AFEAA41817A5756166FE5462C364921BEA5CE2151DC6EB7DE396664E502477DA2997D4A411FEA9F2E622A4C469586160C894C10A2806D7EB3CFA9A79156B43819128B993FD4E4E1CE5AFDC02DC5B394BBCC9076AE8ED880DB5F3111718EE74D8FE10C2E9E523F4E84D38AD0FA938B89A21453CDAA87CB8A92506487F402FB844DD5377BA565BA4CBD22F79C70E00C99F8D44F826F83269A7B5EB0E4AD9C52D9FA8D4B67BFEAD573CE6AF7B6701EF819DB5AC3757A280DE41A970777D05910FE297F0ACDFBD6D9136EA6BA298457DA144A4275FB6C35E75059615C00B84D9E57C974397E8C314FAAB82577EDD7A7F9C82902AC5E0A7BE27906732935E29CACFB3208A23B4A9404F02C066A77B9BD68A8425D335BBCDEEEB0"
.
Heure de fin: 2009-01-23 20:25:53
ComboFix-quarantined-files.txt 2009-01-23 19:25:22
ComboFix2.txt 2009-01-22 19:24:38

Avant-CF: 30 634 631 168 octets libres
Après-CF: 30,646,906,880 octets libres

341 --- E O F --- 2009-01-14 23:31:50


Et le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:56, on 23/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 8 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
25 janv. 2009 à 11:22
up!!!
0
Réponse 9 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 janv. 2009 à 14:45
Re,


Désolé pour le délai de réponse.


Un petit oubli (une barre d'outil néfaste) :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)


0
Réponse 10 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
1 févr. 2009 à 22:23
Désolé d'avoir tardé!

Voici le rapport:


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
Firewall : Bitdefender Firewall 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:228 Go (Free:19 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 01/02/2009|19:42 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\bar\3.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\00061C25
C:\Program Files\AskTBar\bar\Cache\00083E69.bin
C:\Program Files\AskTBar\bar\Cache\0008404E.bin
C:\Program Files\AskTBar\bar\Cache\000841A5.bin
C:\Program Files\AskTBar\bar\Cache\0154C628
C:\Program Files\AskTBar\bar\Cache\01F8D1B4.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@mysearch[1].txt
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

(KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="about:blank"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg



1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]

-----------\\ Fin du rapport a 19:43:35,89

Merci encore!!!
0
Réponse 11 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
2 févr. 2009 à 01:08
Ok :)

• Relance Toolbar-S&D en double-cliquant sur le raccourci.
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.

0
Réponse 12 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
5 févr. 2009 à 11:52
Voila le rapport!


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
Firewall : Bitdefender Firewall 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:228 Go (Free:18 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
Q:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 04/02/2009|19:36 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propriétaire@mysearch[1].txt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

(KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="about:blank"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg



1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]
5 - "C:\ToolBar SD\TB_5.txt" - 04/02/2009|19:39 - Option : [2]

-----------\\ Fin du rapport a 19:39:38,34

Merci d'avance et bonne journée!
0
Réponse 13 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
6 févr. 2009 à 15:18
Redémarre ton ordinateur et poste un dernier rapport hijackthis stp :)


0
Réponse 14 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
10 févr. 2009 à 09:47
Et voila le rapport Hijack!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:46, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Telechargement FIREFOX\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs
O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1AD463B7-D83F-4B19-BCEF-5E10FE8A1E76} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {1CDBF24A-9516-4A7A-9EB4-663A774547AA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {7829298C-26F7-4C9D-9D92-EC037E727D06} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {91BEE9A8-52BB-4566-8DC3-E112A24090A9} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {A1EC1E42-5678-4E3F-B5AA-0A4DCFEFC433} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {AB2EE7F6-0CFD-4086-84B4-111C1C115EC3} - file://C:\Documents%20and%20Settings\Compaq_Propri%E9taire\Application%20Data\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA8D435-03DA-443E-8029-0D43D7BB59B2}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 15 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
11 févr. 2009 à 05:07
La barre d'outil néfaste (AskBar) a été supprimée, mais tu as installé une nouvelle infection depuis (MyWebSearch)
Je ne sais pas ce que tu fais avec ton ordinateur, mais si tu continues comme ça, on ne s'en sortira jamais...


Relance ToolbarS&D et choisis l'option 1 (Recherche) puis poste le rapport.


0
Réponse 16 / 17
pat2611 Messages postés 12 Date d'inscription vendredi 19 décembre 2008 Statut Membre Dernière intervention 20 février 2009
20 févr. 2009 à 11:17
Désolé pour le délai!

Voici le rapport:


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
Firewall : Bitdefender Firewall 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:228 Go (Free:43 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 19/02/2009|19:53 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver\Images\000959FB.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0015DEF0.urr
C:\Program Files\FunWebProducts\Shared\00062107.dat
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\2.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00022E2A
C:\Program Files\MyWebSearch\bar\Cache\00024F00
C:\Program Files\MyWebSearch\bar\Cache\00025C10.bin
C:\Program Files\MyWebSearch\bar\Cache\000266CE.bin
C:\Program Files\MyWebSearch\bar\Cache\0002717D.bin
C:\Program Files\MyWebSearch\bar\Cache\000274C8.bin
C:\Program Files\MyWebSearch\bar\Cache\0002C5B7.bin
C:\Program Files\MyWebSearch\bar\Cache\0002C7DA.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt\2.bin
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Compaq_Propriétaire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Compaq_Propriétaire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Compaq_Propriétaire) - {7b821b0e-b102-4f9b-b6e3-433ede1fe379} => torrentbar

(KEVIN) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="about:blank"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\AssCrack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Asian Cop\crack.jpg
C:\DOCUME~1\COMPAQ~1\Mes documents\SIRJON\Big Breasted\Crack.jpg



1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|19:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|19:32 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 01/02/2009|19:36 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 01/02/2009|19:43 - Option : [1]
5 - "C:\ToolBar SD\TB_5.txt" - 04/02/2009|19:39 - Option : [2]
6 - "C:\ToolBar SD\TB_6.txt" - 19/02/2009|19:55 - Option : [1]

-----------\\ Fin du rapport a 19:55:41,45
0
Réponse 17 / 17
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
21 févr. 2009 à 09:53
Re,


• Relance Toolbar-S&D en double-cliquant sur le raccourci.
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.


Puis redémarre ton ordinateur et poste un nouveau rapport hijackthis stp

0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse