Sujet Précédent Sujet Suivant

Rapport HIjackthis pour Anthony51

Talamasca Messages postés 346 Statut Membre -  
Talamasca Messages postés 346 Statut Membre -
Re Anthony,
voilà le log hijackthis pour l'autre PC.
A mon avis y a du boulot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:13, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\documents and settings\sonia\local settings\application data\oommqee.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\sonia\Bureau\OUtils désinfection\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mysidesearch search enhancer - {99E015A6-8B83-702C-F705-3C16BAE4311E} - C:\WINDOWS\system32\wguryxujntueeya.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adzgalore - {c90e33e8-9a87-6d38-ace9-0d390a7326a0} - C:\WINDOWS\system32\nsf66.dll (file missing)
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{11-12-2F-F5-DW}] C:\windows\system32\rlwnw64r.exe DWrvgXX
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S15E.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [oommqee] "c:\documents and settings\sonia\local settings\application data\oommqee.exe" oommqee
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rlwnw64r.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: bw+0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour ;)

En effet, cet ordinateur est très infecté... J'ai dénombré 8 infections (la plupart sont des adwares, qui affichent de la publicité). Il va falloir utiliser plusieurs programmes pour désinfecter, on va commencer par les 3 suivants :

# Il y a tout d'abord une infection Lop/Swizzor qui affiche des fenêtres de publicités "CiD". Elle s'installe via les logiciels suivants notamment, en contrepartie de leur dite « gratuité » :

• Le sponsor de Messenger Plus!
• Bittorent
• BitDownload
• BitGrabber
• NetPumper
• BitRoll
• TorrentQ
• Torrent101

Pour la supprimer, fais ceci :

• Désactive ton antivirus.
• Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
• Double-clique dessus pour lancer l'installation
• Double-clique sur le raccourci Lop S&D présent sur ton Bureau
• Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré
• Réactive ton antivirus

Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

# Il y a également l'infection EoRezo... L'installation d'un des logiciels issu de leur site affiche des pub, modifie la page d'accueil etc...

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

# Comme sur l'autre ordinateur, il y a une infection MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci :

• go-astro
• GoRecord
• HotTVPlayer / HotTVPlayer & Paris Hilton
• Live-Player
• MailSkinner
• Messenger Skinner
• Instant Access
• InternetGameBox
• Officiale Emule (Version d'Emule modifiée)
• Sudoplanet
• Webmediaplayer

Pour la supprimer, merci de suivre exactement cette procédure :

Télécharge maintenant Navilog1 (de IL-MAFIOSO) depuis-ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

• Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau.
• Ensuite double clique sur navilog1.exe pour lancer l'installation.
• Une fois l'installation terminée, lance Navilog depuis le raccourci présent sur le Bureau

• Au menu principal, Fais le choix 1
• Laisse toi guider et patiente.
• Patiente jusqu'au message : "Analyse Termine le..."
• Appuie sur une touche, le bloc note va s'ouvrir.
• Copie-colle l'intégralité du rapport ici.

0
Réponse 2 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Et bein! je m'en douté un peu parceque c'est celui de ma femme et elle s'inscrit à tous les jeux, télécharge n'importe quoi et installe sans faire très attention. (je suis pas le dernier à ça mais bon)
OK alors je fais tous ça.... Merci beaucoup
0
Réponse 3 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Re,

As-tu eu le temps de faire ces scans ?
Si oui, peux-tu poster les rapports stp ?

@+
0
Réponse 4 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Salut,
Désolé pour le delai mais j'ai des souci de connection

LopSD

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090308-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 09/03/2009|23:18 )

--------------------\\ Listing des dossiers dans APPLIC~1

[15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/09/2007|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
[06/07/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/06/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[30/10/2007|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[28/09/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[11/07/2008|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[25/08/2008|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\erreurchasseur
[01/09/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
[11/07/2008|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/07/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[29/08/2008|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[06/11/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiYo
[20/10/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[20/10/2008|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/02/2007|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[25/08/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[25/03/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[07/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[02/05/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/06/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[02/05/2006|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[20/12/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/03/2006|14:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/10/2008|22:17] C:\DOCUME~1\sonia\APPLIC~1\.k3d
[21/09/2008|00:16] C:\DOCUME~1\sonia\APPLIC~1\.wyzo
[25/09/2007|21:31] C:\DOCUME~1\sonia\APPLIC~1\5400 Series
[02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Adobe
[02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\AdobeUM
[23/02/2008|03:12] C:\DOCUME~1\sonia\APPLIC~1\Apple Computer
[13/10/2008|16:53] C:\DOCUME~1\sonia\APPLIC~1\Blender Foundation
[10/10/2008|07:15] C:\DOCUME~1\sonia\APPLIC~1\cs
[02/02/2006|14:25] C:\DOCUME~1\sonia\APPLIC~1\CyberLink
[31/10/2006|00:55] C:\DOCUME~1\sonia\APPLIC~1\DivX
[20/03/2006|20:22] C:\DOCUME~1\sonia\APPLIC~1\eConf
[11/06/2008|21:43] C:\DOCUME~1\sonia\APPLIC~1\EoRezo
[07/02/2007|19:26] C:\DOCUME~1\sonia\APPLIC~1\EPSON
[21/09/2008|01:13] C:\DOCUME~1\sonia\APPLIC~1\ESTsoft
[14/04/2006|02:44] C:\DOCUME~1\sonia\APPLIC~1\FotoWire
[11/10/2008|22:48] C:\DOCUME~1\sonia\APPLIC~1\FreeCAD
[20/12/2008|22:10] C:\DOCUME~1\sonia\APPLIC~1\GamesCafe
[18/10/2008|23:39] C:\DOCUME~1\sonia\APPLIC~1\GetModule
[28/09/2008|12:43] C:\DOCUME~1\sonia\APPLIC~1\GetRightToGo
[11/07/2008|19:30] C:\DOCUME~1\sonia\APPLIC~1\Google
[29/08/2008|04:34] C:\DOCUME~1\sonia\APPLIC~1\GRETECH
[06/11/2008|22:19] C:\DOCUME~1\sonia\APPLIC~1\gtk-2.0
[07/03/2006|14:08] C:\DOCUME~1\sonia\APPLIC~1\Help
[06/11/2008|19:21] C:\DOCUME~1\sonia\APPLIC~1\HiYo
[15/10/2004|12:05] C:\DOCUME~1\sonia\APPLIC~1\Identities
[01/09/2008|19:57] C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
[08/11/2008|15:44] C:\DOCUME~1\sonia\APPLIC~1\Inkscape
[11/06/2008|22:20] C:\DOCUME~1\sonia\APPLIC~1\ItsLabel
[21/07/2006|13:44] C:\DOCUME~1\sonia\APPLIC~1\Leadertech
[24/08/2008|13:08] C:\DOCUME~1\sonia\APPLIC~1\LimeWire
[19/03/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Macromedia
[18/09/2008|20:29] C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
[15/10/2004|11:51] C:\DOCUME~1\sonia\APPLIC~1\Microsoft
[07/03/2006|14:11] C:\DOCUME~1\sonia\APPLIC~1\Microsoft Web Folders
[31/10/2006|00:59] C:\DOCUME~1\sonia\APPLIC~1\Mozilla
[07/06/2008|17:05] C:\DOCUME~1\sonia\APPLIC~1\MSNInstaller
[21/10/2008|23:02] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org
[21/10/2008|00:37] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org2
[10/10/2008|13:06] C:\DOCUME~1\sonia\APPLIC~1\report
[10/10/2008|16:55] C:\DOCUME~1\sonia\APPLIC~1\sonia
[01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Sony Ericsson
[20/09/2008|02:43] C:\DOCUME~1\sonia\APPLIC~1\Steinberg
[21/10/2008|00:30] C:\DOCUME~1\sonia\APPLIC~1\Sun
[25/03/2006|18:32] C:\DOCUME~1\sonia\APPLIC~1\Symantec
[13/08/2008|06:08] C:\DOCUME~1\sonia\APPLIC~1\Talkback
[01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Teleca
[05/01/2007|17:06] C:\DOCUME~1\sonia\APPLIC~1\Template
[12/11/2007|20:39] C:\DOCUME~1\sonia\APPLIC~1\U3
[19/11/2008|22:09] C:\DOCUME~1\sonia\APPLIC~1\Wings3D
[20/12/2008|11:40] C:\DOCUME~1\sonia\APPLIC~1\Zylom

[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\5400 Series
[14/02/2008|19:00] C:\DOCUME~1\dorine\APPLIC~1\Adobe
[14/02/2008|19:02] C:\DOCUME~1\dorine\APPLIC~1\AdobeUM
[13/12/2008|17:46] C:\DOCUME~1\dorine\APPLIC~1\HiYo
[15/10/2004|12:05] C:\DOCUME~1\dorine\APPLIC~1\Identities
[14/02/2008|19:01] C:\DOCUME~1\dorine\APPLIC~1\Leadertech
[15/10/2004|11:51] C:\DOCUME~1\dorine\APPLIC~1\Microsoft
[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Sony Ericsson
[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Teleca

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[09/03/2009 22:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[12/08/2006|19:17] C:\Program Files\a2 Free
[28/01/2006|10:12] C:\Program Files\acer
[06/07/2005|20:04] C:\Program Files\Acer Inc
[06/07/2005|20:03] C:\Program Files\Adobe
[18/01/2009|22:08] C:\Program Files\AGI
[02/11/2006|14:39] C:\Program Files\Ahead
[07/06/2008|16:49] C:\Program Files\Alice
[03/10/2006|20:08] C:\Program Files\Alwil Software
[06/03/2007|01:40] C:\Program Files\BallClock3D
[25/08/2006|00:26] C:\Program Files\Bloobs
[14/02/2009|00:30] C:\Program Files\CCleaner
[22/04/2006|08:17] C:\Program Files\Common Files
[15/10/2004|11:58] C:\Program Files\ComPlus Applications
[01/09/2008|20:04] C:\Program Files\Conduit
[06/07/2005|19:59] C:\Program Files\CONEXANT
[06/07/2005|20:03] C:\Program Files\CyberLink
[12/08/2006|18:39] C:\Program Files\denouvel
[12/09/2008|16:05] C:\Program Files\DigitalSoundPlanet
[17/05/2008|20:09] C:\Program Files\directx
[02/05/2006|23:30] C:\Program Files\DivX
[20/05/2007|18:25] C:\Program Files\documents
[13/11/2008|14:59] C:\Program Files\eMule
[07/02/2007|16:52] C:\Program Files\EPSON
[25/08/2008|12:48] C:\Program Files\ErreurChasseur
[21/09/2008|01:13] C:\Program Files\ESTsoft
[11/10/2008|21:04] C:\Program Files\Fake Voice
[19/09/2008|19:19] C:\Program Files\FBrowserAdvisor
[15/10/2004|11:52] C:\Program Files\Fichiers communs
[15/10/2008|00:48] C:\Program Files\Free Audio Pack
[02/05/2006|23:31] C:\Program Files\Google
[29/08/2008|04:34] C:\Program Files\GRETECH
[06/11/2008|19:21] C:\Program Files\HiYo
[15/11/2008|21:44] C:\Program Files\HP
[02/09/2008|13:45] C:\Program Files\IdolSupport
[06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
[06/07/2005|19:51] C:\Program Files\Intel
[15/10/2004|11:58] C:\Program Files\Internet Explorer
[12/10/2008|15:07] C:\Program Files\IObit
[25/08/2008|14:04] C:\Program Files\ItsLabel
[15/03/2006|16:43] C:\Program Files\Java
[28/01/2006|10:12] C:\Program Files\Launch Manager
[25/09/2007|21:27] C:\Program Files\Lexmark Toolbar
[14/04/2006|02:39] C:\Program Files\Logitech
[25/09/2007|21:31] C:\Program Files\Lx_cats
[07/03/2006|14:28] C:\Program Files\Media Manager
[15/10/2004|11:57] C:\Program Files\Messenger
[18/09/2008|20:29] C:\Program Files\MessengerSkinner
[07/03/2006|15:20] C:\Program Files\Micro Application
[15/10/2004|12:01] C:\Program Files\microsoft frontpage
[28/01/2006|10:16] C:\Program Files\Microsoft Office
[14/06/2008|19:07] C:\Program Files\Microsoft SQL Server Compact Edition
[28/01/2006|10:16] C:\Program Files\Microsoft Works
[15/10/2004|11:58] C:\Program Files\Movie Maker
[15/10/2004|11:57] C:\Program Files\MSN
[25/03/2006|18:36] C:\Program Files\MSN Apps
[15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
[11/06/2008|22:02] C:\Program Files\MSXML 4.0
[15/10/2004|11:58] C:\Program Files\NetMeeting
[06/07/2005|20:01] C:\Program Files\NewTech Infosystems
[15/10/2004|11:57] C:\Program Files\Online Services
[15/10/2004|11:58] C:\Program Files\Outlook Express
[12/04/2006|14:13] C:\Program Files\PC Camera
[11/10/2008|21:06] C:\Program Files\Personal Voice Changer Driver
[11/10/2008|16:35] C:\Program Files\Plugins
[09/10/2008|18:30] C:\Program Files\ppcbooster
[14/02/2009|01:00] C:\Program Files\Program Files
[21/10/2008|21:24] C:\Program Files\QdrDrive
[10/10/2008|21:17] C:\Program Files\Seagrand
[28/09/2008|22:55] C:\Program Files\Secured IE
[28/09/2008|22:55] C:\Program Files\securedie
[15/10/2004|11:59] C:\Program Files\Services en ligne
[21/07/2006|13:42] C:\Program Files\Sony Setup
[21/10/2008|21:30] C:\Program Files\Stardock
[12/05/2008|20:14] C:\Program Files\SuperGOO
[06/07/2005|19:58] C:\Program Files\Synaptics
[07/06/2008|16:56] C:\Program Files\TechCity Solutions
[01/09/2008|20:04] C:\Program Files\The_Pirate_Bay
[31/01/2007|18:01] C:\Program Files\Ubisoft
[15/10/2004|12:05] C:\Program Files\Uninstall Information
[12/08/2006|18:38] C:\Program Files\VIRTUELSOFT
[02/10/2008|02:26] C:\Program Files\VstPlugins
[11/06/2008|21:44] C:\Program Files\Windows Live
[14/06/2008|19:03] C:\Program Files\Windows Live Toolbar
[06/07/2006|19:17] C:\Program Files\Windows Media Components
[11/07/2008|18:33] C:\Program Files\Windows Media Connect 2
[15/10/2004|11:57] C:\Program Files\Windows Media Player
[15/10/2004|11:57] C:\Program Files\Windows NT
[15/10/2004|11:59] C:\Program Files\WindowsUpdate
[15/10/2004|12:01] C:\Program Files\xerox
[02/05/2006|13:21] C:\Program Files\Yahoo!
[10/11/2006|18:30] C:\Program Files\Zone Labs
[20/12/2008|11:39] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/02/2006|14:30] C:\Program Files\Fichiers communs\Adobe
[25/08/2008|12:48] C:\Program Files\Fichiers communs\ErreurChasseur
[14/04/2006|02:44] C:\Program Files\Fichiers communs\FotoWire
[15/11/2008|21:58] C:\Program Files\Fichiers communs\Hewlett-Packard
[06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
[14/04/2006|02:41] C:\Program Files\Fichiers communs\Logitech
[15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
[06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
[15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
[12/04/2006|14:13] C:\Program Files\Fichiers communs\PCCamera
[15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
[15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[09/08/2008|13:30] C:\Program Files\Fichiers communs\Symantec Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\System
[14/06/2008|18:56] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 42 Processes )

iexplore.exe ~ [PID:820]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\sfzfvmin.exe
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\Defy Bird Name.exe
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\rbklbnqi.exe
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\glaabkqm.exe
C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\ycgbhgoy.exe
C:\Program Files\IdolSupport
C:\DOCUME~1\sonia\Cookies\sonia@advertising[1].txt
C:\DOCUME~1\sonia\Cookies\sonia@adopt.euroclick[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 23:20:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Program Files\MessengerSkinner
C:\Program Files\MessengerSkinner\resources
C:\Program Files\MessengerSkinner\download
C:\Program Files\MessengerSkinner\uninst.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner\Userdata
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf

C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.exe
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.dat
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_nav.dat
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_navps.dat
[b]==> EGDACCESS <==/b

[F:220][D:27]-> C:\DOCUME~1\sonia\LOCALS~1\Temp
[F:252][D:0]-> C:\DOCUME~1\sonia\Cookies
[F:848][D:10]-> C:\DOCUME~1\sonia\LOCALS~1\TEMPOR~1\content.IE5
[F:41][D:1]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 09/03/2009|23:20 - Option : [1]

--------------------\\ Fin du rapport a 23:20:54
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Talamasca Messages postés 346 Statut Membre 11
 
------- LOGFILE OF AD-REMOVER 1.1.1.6 | ONLY XP/VISTA -------

Updated by C_XX on 09/03/2009 at 21:20

Start at: 23:30:35, Lun 09/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: ACER-D18848DB56
Current User: sonia - Administrator
Drive(s):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 43

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\sonia\Application Data\EoRezo

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Casino Tropez
HKCU\Software\MGS\Thumper\Casino\RoxyPalace
HKCU\Software\MicroGaming\Thumper\Casino\RoxyPalace
HKCU\Software\Titan Poker
HKLM\Software\Casino Tropez
HKLM\Software\Titan Poker
HKU\S-1-5-21-1331557266-1888346133-1591605675-1005\Software\Titan Poker
.
C:\MicroGaming\Casino\Roxypalace

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
HKU\S-1-5-21-1331557266-1888346133-1591605675-1005\Software\ItsLabel
.
C:\Program Files\ItsLabel
C:\Documents and Settings\sonia\Application Data\ItsLabel

+-----------------| Sweetim Elements Found:

.

+-----------------| Other Adwares Found:

.
HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKCU\Software\FBrowsingAdvisor
HKCU\Software\MediaHoldings
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
HKCU\Software\PlayMP3
HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
.
C:\WINDOWS\System32\poinstall.exe
C:\Program Files\Conduit
C:\Program Files\FBrowserAdvisor
C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp326D.tmp
C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp147C.tmp
C:\Documents and Settings\sonia\Cookies\sonia@atdmt[2].txt
C:\Documents and Settings\sonia\Cookies\sonia@bs.serving-sys[2].txt

+-----------------| Added Scan:

---- Mozilla FireFox Version [Unable to get version] ----

ProfilePath: 9j0luxjw.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Ask"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.lo.st/
Start page: hxxp://lo.st

+-[HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\..\Internet Explorer\Main]

Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.lo.st/
Start page: hxxp://lo.st

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://lo.st

Ad-Remover

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://lo.st

+---------------------------------------------------------------------------+

4491 Byte(s) - C:\Ad-Report-Scan-09.03.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

Before run: 15,774,515,200 Byte(s) free
After run: Byte(s) free

End at: 23:37:50 | 09/03/2009
.
+-----------------| E.O.F - 105 Lines
.
0
Réponse 6 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Navilog1

Search Navipromo version 3.7.5 commencé le 09/03/2009 à 23:45:33,77

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 090309-0] 4.8.1229 (Activated)

C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
MessengerSkinner

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\sonia\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\dorine\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\sonia\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\dorine\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\sonia\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aeeum"="\"c:\\documents and settings\\sonia\\local settings\\application data\\aeeum.exe\" aeeum"

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\sonia\locals~1\applic~1" :

aeeum.exe trouvé !
aeeum.dat trouvé !
aeeum_nav.dat trouvé !
aeeum_navps.dat trouvé !

* Dans "C:\DOCUME~1\dorine\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 09/03/2009 à 23:48:08,40 ***
0
Réponse 7 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Ok, on continue. Avant de faire ce qui est indiqué ci-dessous, désactive ton antivirus : il risque de réagir (en particulier pour le premier logiciel), mais c'est une fausse alerte. Tu le réactiveras à la fin de ces manipulations.

Pour EoRezo :

! Déconnecte toi et ferme toutes les applications en cours !

Relance "Ad-remover" et choisis l'option "B" au menu principal

Coche à l'écran de sélection :
Suppression Eorezo
Suppression Infected Poker Softwares
Suppression It's TV
Other Adwares

Puis choisis "S" , le programme va travailler,

Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Pour l'infection Lop :

• Relance Lop S&D
• Choisis cette fois-ci l'option 2 (Suppression)
• Ne ferme pas la fenêtre lors de la suppression !
• Poste le rapport généré (C:\lopR.txt)

Pour l'infection navipromo :

• Relance Navilog à l'aide du raccourci navilog1 présent sur le Bureau et laisse-toi guider.

• Au menu principal, choisis 2 et valide.
• Le fix va t'informer qu'il va alors redémarrer ton PC
• Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
• Appuie sur une touche comme demandé (si ton Pc ne redémarre pas automatiquement, fais le toi même)
• Au redémarrage de ton PC, choisis ta session habituelle.
• Patiente jusqu'au message : "Nettoyage terminé le..."
• Le bloc note va s'ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.

Remarque : MessengerSkinner va être supprimé, il ne faudra pas le réinstallé ;)

0
Réponse 8 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Rapport de suppression Ad-Remover

------ LOGFILE OF AD-REMOVER 1.1.1.6 | ONLY XP/VISTA -------

Updated by C_XX on 09/03/2009 at 21:20

**** LIMITED TO ****

Eorezo
Infected Poker Softwares
It's TV
Other Adwares

********************

Start at: 21:51:36, Mer 11/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: ACER-D18848DB56
Current User: sonia - Administrator
Drive(s):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 44

(!) ---- IE start pages/Tabs reset

+-----------------| Eorezo Elements Deleted :

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\sonia\Application Data\EoRezo

+-----------------| Infected Poker Softwares Elements Deleted :

HKCU\Software\Casino Tropez
HKCU\Software\MGS\Thumper\Casino\RoxyPalace
HKCU\Software\MicroGaming\Thumper\Casino\RoxyPalace
HKCU\Software\Titan Poker
HKLM\Software\Casino Tropez
HKLM\Software\Titan Poker
.
C:\MicroGaming\Casino\Roxypalace

+-----------------| It's TV Elements Deleted :

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
.
C:\Program Files\ItsLabel
C:\Documents and Settings\sonia\Application Data\ItsLabel

+-----------------| Other Adwares Deleted:

.
HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKCU\Software\FBrowsingAdvisor
HKCU\Software\MediaHoldings
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
HKCU\Software\PlayMP3
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
.
C:\WINDOWS\System32\poinstall.exe
C:\Program Files\Conduit
C:\Program Files\FBrowserAdvisor
C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp326D.tmp
C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp147C.tmp
C:\Documents and Settings\sonia\Cookies\sonia@atdmt[2].txt
C:\Documents and Settings\sonia\Cookies\sonia@bs.serving-sys[2].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan :

---- Mozilla FireFox Version [Unable to get version] ----

ProfilePath: 9j0luxjw.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Ask"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start page: hxxp://lo.st

+-[HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start page: hxxp://lo.st

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

4807 Byte(s) - C:\Ad-Report-Scan-09.03.2009.log
4602 Byte(s) - C:\Ad-Report-Clean-11.03.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
5 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

Before run: 15,500,181,504 Byte(s) free
After run: Byte(s) free

End at: 21:54:08 | 11/03/2009
.
+-----------------| E.O.F - 103 Lines
.
0
Réponse 9 / 25
Talamasca Messages postés 346 Statut Membre 11
 
......LopSD

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090311-0] 4.8.1229 (Activated)
C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 11/03/2009|22:01 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\sfzfvmin.exe
Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\Defy Bird Name.exe
Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\rbklbnqi.exe
Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\glaabkqm.exe
Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\ycgbhgoy.exe
Supprime! - C:\DOCUME~1\sonia\Cookies\sonia@advertising[1].txt
Supprime! - C:\DOCUME~1\sonia\Cookies\sonia@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
Supprime! - C:\Program Files\IdolSupport

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\ErreurChasseur
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErreurChasseur

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/09/2007|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
[06/07/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/06/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[30/10/2007|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[28/09/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[11/07/2008|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[11/07/2008|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/07/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[29/08/2008|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[06/11/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiYo
[20/10/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[20/10/2008|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/02/2007|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[25/08/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[25/03/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[07/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[02/05/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/06/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[02/05/2006|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[20/12/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/03/2006|14:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/10/2008|22:17] C:\DOCUME~1\sonia\APPLIC~1\.k3d
[21/09/2008|00:16] C:\DOCUME~1\sonia\APPLIC~1\.wyzo
[25/09/2007|21:31] C:\DOCUME~1\sonia\APPLIC~1\5400 Series
[02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Adobe
[02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\AdobeUM
[23/02/2008|03:12] C:\DOCUME~1\sonia\APPLIC~1\Apple Computer
[13/10/2008|16:53] C:\DOCUME~1\sonia\APPLIC~1\Blender Foundation
[10/10/2008|07:15] C:\DOCUME~1\sonia\APPLIC~1\cs
[02/02/2006|14:25] C:\DOCUME~1\sonia\APPLIC~1\CyberLink
[31/10/2006|00:55] C:\DOCUME~1\sonia\APPLIC~1\DivX
[20/03/2006|20:22] C:\DOCUME~1\sonia\APPLIC~1\eConf
[07/02/2007|19:26] C:\DOCUME~1\sonia\APPLIC~1\EPSON
[21/09/2008|01:13] C:\DOCUME~1\sonia\APPLIC~1\ESTsoft
[14/04/2006|02:44] C:\DOCUME~1\sonia\APPLIC~1\FotoWire
[11/10/2008|22:48] C:\DOCUME~1\sonia\APPLIC~1\FreeCAD
[20/12/2008|22:10] C:\DOCUME~1\sonia\APPLIC~1\GamesCafe
[18/10/2008|23:39] C:\DOCUME~1\sonia\APPLIC~1\GetModule
[28/09/2008|12:43] C:\DOCUME~1\sonia\APPLIC~1\GetRightToGo
[11/07/2008|19:30] C:\DOCUME~1\sonia\APPLIC~1\Google
[29/08/2008|04:34] C:\DOCUME~1\sonia\APPLIC~1\GRETECH
[06/11/2008|22:19] C:\DOCUME~1\sonia\APPLIC~1\gtk-2.0
[07/03/2006|14:08] C:\DOCUME~1\sonia\APPLIC~1\Help
[06/11/2008|19:21] C:\DOCUME~1\sonia\APPLIC~1\HiYo
[15/10/2004|12:05] C:\DOCUME~1\sonia\APPLIC~1\Identities
[08/11/2008|15:44] C:\DOCUME~1\sonia\APPLIC~1\Inkscape
[21/07/2006|13:44] C:\DOCUME~1\sonia\APPLIC~1\Leadertech
[24/08/2008|13:08] C:\DOCUME~1\sonia\APPLIC~1\LimeWire
[19/03/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Macromedia
[18/09/2008|20:29] C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
[15/10/2004|11:51] C:\DOCUME~1\sonia\APPLIC~1\Microsoft
[07/03/2006|14:11] C:\DOCUME~1\sonia\APPLIC~1\Microsoft Web Folders
[31/10/2006|00:59] C:\DOCUME~1\sonia\APPLIC~1\Mozilla
[07/06/2008|17:05] C:\DOCUME~1\sonia\APPLIC~1\MSNInstaller
[21/10/2008|23:02] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org
[21/10/2008|00:37] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org2
[10/10/2008|13:06] C:\DOCUME~1\sonia\APPLIC~1\report
[10/10/2008|16:55] C:\DOCUME~1\sonia\APPLIC~1\sonia
[01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Sony Ericsson
[20/09/2008|02:43] C:\DOCUME~1\sonia\APPLIC~1\Steinberg
[21/10/2008|00:30] C:\DOCUME~1\sonia\APPLIC~1\Sun
[25/03/2006|18:32] C:\DOCUME~1\sonia\APPLIC~1\Symantec
[13/08/2008|06:08] C:\DOCUME~1\sonia\APPLIC~1\Talkback
[01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Teleca
[05/01/2007|17:06] C:\DOCUME~1\sonia\APPLIC~1\Template
[12/11/2007|20:39] C:\DOCUME~1\sonia\APPLIC~1\U3
[19/11/2008|22:09] C:\DOCUME~1\sonia\APPLIC~1\Wings3D
[20/12/2008|11:40] C:\DOCUME~1\sonia\APPLIC~1\Zylom

[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\5400 Series
[14/02/2008|19:00] C:\DOCUME~1\dorine\APPLIC~1\Adobe
[14/02/2008|19:02] C:\DOCUME~1\dorine\APPLIC~1\AdobeUM
[13/12/2008|17:46] C:\DOCUME~1\dorine\APPLIC~1\HiYo
[15/10/2004|12:05] C:\DOCUME~1\dorine\APPLIC~1\Identities
[14/02/2008|19:01] C:\DOCUME~1\dorine\APPLIC~1\Leadertech
[15/10/2004|11:51] C:\DOCUME~1\dorine\APPLIC~1\Microsoft
[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Sony Ericsson
[14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Teleca

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/03/2009 17:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[12/08/2006|19:17] C:\Program Files\a2 Free
[28/01/2006|10:12] C:\Program Files\acer
[06/07/2005|20:04] C:\Program Files\Acer Inc
[06/07/2005|20:03] C:\Program Files\Adobe
[09/03/2009|23:29] C:\Program Files\Ad-remover
[18/01/2009|22:08] C:\Program Files\AGI
[02/11/2006|14:39] C:\Program Files\Ahead
[07/06/2008|16:49] C:\Program Files\Alice
[03/10/2006|20:08] C:\Program Files\Alwil Software
[06/03/2007|01:40] C:\Program Files\BallClock3D
[25/08/2006|00:26] C:\Program Files\Bloobs
[14/02/2009|00:30] C:\Program Files\CCleaner
[22/04/2006|08:17] C:\Program Files\Common Files
[15/10/2004|11:58] C:\Program Files\ComPlus Applications
[06/07/2005|19:59] C:\Program Files\CONEXANT
[06/07/2005|20:03] C:\Program Files\CyberLink
[12/08/2006|18:39] C:\Program Files\denouvel
[12/09/2008|16:05] C:\Program Files\DigitalSoundPlanet
[17/05/2008|20:09] C:\Program Files\directx
[02/05/2006|23:30] C:\Program Files\DivX
[20/05/2007|18:25] C:\Program Files\documents
[13/11/2008|14:59] C:\Program Files\eMule
[07/02/2007|16:52] C:\Program Files\EPSON
[21/09/2008|01:13] C:\Program Files\ESTsoft
[11/10/2008|21:04] C:\Program Files\Fake Voice
[15/10/2004|11:52] C:\Program Files\Fichiers communs
[15/10/2008|00:48] C:\Program Files\Free Audio Pack
[02/05/2006|23:31] C:\Program Files\Google
[29/08/2008|04:34] C:\Program Files\GRETECH
[06/11/2008|19:21] C:\Program Files\HiYo
[15/11/2008|21:44] C:\Program Files\HP
[06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
[06/07/2005|19:51] C:\Program Files\Intel
[15/10/2004|11:58] C:\Program Files\Internet Explorer
[12/10/2008|15:07] C:\Program Files\IObit
[15/03/2006|16:43] C:\Program Files\Java
[28/01/2006|10:12] C:\Program Files\Launch Manager
[25/09/2007|21:27] C:\Program Files\Lexmark Toolbar
[14/04/2006|02:39] C:\Program Files\Logitech
[25/09/2007|21:31] C:\Program Files\Lx_cats
[07/03/2006|14:28] C:\Program Files\Media Manager
[15/10/2004|11:57] C:\Program Files\Messenger
[18/09/2008|20:29] C:\Program Files\MessengerSkinner
[07/03/2006|15:20] C:\Program Files\Micro Application
[15/10/2004|12:01] C:\Program Files\microsoft frontpage
[28/01/2006|10:16] C:\Program Files\Microsoft Office
[14/06/2008|19:07] C:\Program Files\Microsoft SQL Server Compact Edition
[28/01/2006|10:16] C:\Program Files\Microsoft Works
[15/10/2004|11:58] C:\Program Files\Movie Maker
[15/10/2004|11:57] C:\Program Files\MSN
[25/03/2006|18:36] C:\Program Files\MSN Apps
[15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
[11/06/2008|22:02] C:\Program Files\MSXML 4.0
[09/03/2009|23:44] C:\Program Files\Navilog1
[15/10/2004|11:58] C:\Program Files\NetMeeting
[06/07/2005|20:01] C:\Program Files\NewTech Infosystems
[15/10/2004|11:57] C:\Program Files\Online Services
[15/10/2004|11:58] C:\Program Files\Outlook Express
[12/04/2006|14:13] C:\Program Files\PC Camera
[11/10/2008|21:06] C:\Program Files\Personal Voice Changer Driver
[11/10/2008|16:35] C:\Program Files\Plugins
[09/10/2008|18:30] C:\Program Files\ppcbooster
[14/02/2009|01:00] C:\Program Files\Program Files
[21/10/2008|21:24] C:\Program Files\QdrDrive
[10/10/2008|21:17] C:\Program Files\Seagrand
[28/09/2008|22:55] C:\Program Files\Secured IE
[28/09/2008|22:55] C:\Program Files\securedie
[15/10/2004|11:59] C:\Program Files\Services en ligne
[21/07/2006|13:42] C:\Program Files\Sony Setup
[21/10/2008|21:30] C:\Program Files\Stardock
[12/05/2008|20:14] C:\Program Files\SuperGOO
[06/07/2005|19:58] C:\Program Files\Synaptics
[07/06/2008|16:56] C:\Program Files\TechCity Solutions
[01/09/2008|20:04] C:\Program Files\The_Pirate_Bay
[31/01/2007|18:01] C:\Program Files\Ubisoft
[15/10/2004|12:05] C:\Program Files\Uninstall Information
[12/08/2006|18:38] C:\Program Files\VIRTUELSOFT
[02/10/2008|02:26] C:\Program Files\VstPlugins
[11/06/2008|21:44] C:\Program Files\Windows Live
[14/06/2008|19:03] C:\Program Files\Windows Live Toolbar
[06/07/2006|19:17] C:\Program Files\Windows Media Components
[11/07/2008|18:33] C:\Program Files\Windows Media Connect 2
[15/10/2004|11:57] C:\Program Files\Windows Media Player
[15/10/2004|11:57] C:\Program Files\Windows NT
[15/10/2004|11:59] C:\Program Files\WindowsUpdate
[15/10/2004|12:01] C:\Program Files\xerox
[02/05/2006|13:21] C:\Program Files\Yahoo!
[10/11/2006|18:30] C:\Program Files\Zone Labs
[20/12/2008|11:39] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/02/2006|14:30] C:\Program Files\Fichiers communs\Adobe
[25/08/2008|12:48] C:\Program Files\Fichiers communs\ErreurChasseur
[14/04/2006|02:44] C:\Program Files\Fichiers communs\FotoWire
[15/11/2008|21:58] C:\Program Files\Fichiers communs\Hewlett-Packard
[06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
[14/04/2006|02:41] C:\Program Files\Fichiers communs\Logitech
[15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
[06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
[15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
[12/04/2006|14:13] C:\Program Files\Fichiers communs\PCCamera
[15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
[15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[09/08/2008|13:30] C:\Program Files\Fichiers communs\Symantec Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\System
[14/06/2008|18:56] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 41 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 22:03:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Program Files\MessengerSkinner
C:\Program Files\MessengerSkinner\resources
C:\Program Files\MessengerSkinner\download
C:\Program Files\MessengerSkinner\uninst.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner\Userdata
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf

C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.exe
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.dat
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_nav.dat
C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_navps.dat
[b]==> EGDACCESS <==/b

[F:1][D:27]-> C:\DOCUME~1\sonia\LOCALS~1\Temp
[F:253][D:0]-> C:\DOCUME~1\sonia\Cookies
[F:173][D:10]-> C:\DOCUME~1\sonia\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 09/03/2009|23:20 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/03/2009|22:04 - Option : [2]

--------------------\\ Fin du rapport a 22:04:21
0
Réponse 10 / 25
Talamasca Messages postés 346 Statut Membre 11
 
...... Navilog1

Clean Navipromo version 3.7.5 commencé le 11/03/2009 à 22:12:23,01

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 090311-0] 4.8.1229 (Activated)

C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\sonia\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\DOCUME~1\dorine\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\sonia\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\dorine\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\sonia\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\sonia\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

C:\WINDOWS\prefetch\aeeum*.pf trouvé !
Copie C:\WINDOWS\prefetch\aeeum*.pf réalisée avec succès !
C:\WINDOWS\prefetch\aeeum*.pf supprimé !

* Dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

aeeum.exe trouvé !
Copie aeeum.exe réalisée avec succès !
aeeum.exe supprimé !

aeeum.dat trouvé !
Copie aeeum.dat réalisée avec succès !
aeeum.dat supprimé !

aeeum_nav.dat trouvé !
Copie aeeum_nav.dat réalisée avec succès !
aeeum_nav.dat supprimé !

aeeum_navps.dat trouvé !
Copie aeeum_navps.dat réalisée avec succès !
aeeum_navps.dat supprimé !

* Dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 11/03/2009 à 22:18:10,65 ***
0
Réponse 11 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bien, ça fait 3 infections en moins :)

On continue :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

0
Réponse 12 / 25
Talamasca Messages postés 346 Statut Membre 11
 
............... ToolBarS&D

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090313-0] 4.8.1229 (Activated)
C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 14/03/2009|11:22 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(sonia) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(sonia) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://lo.st/"
"Window Title"="http://lo.st/"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Start Page Restore"="http://lo.st"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
[b]==> EGDACCESS <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|11:24 - Option : [1]

-----------\\ Fin du rapport a 11:24:06,56
0
Réponse 13 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
• Relance Toolbar-S&D en double-cliquant sur le raccourci.
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.

Et ensuite :

• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste le rapport de scan après la suppression ici

0
Réponse 14 / 25
Talamasca Messages postés 346 Statut Membre 11
 
OK voilou...

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : sonia ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090313-0] 4.8.1229 (Activated)
C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
E:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/03/2009|19:04 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(sonia) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(sonia) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://lo.st/"
"Window Title"="http://lo.st/"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Start Page Restore"="http://lo.st"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
[b]==> EGDACCESS <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|11:24 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/03/2009|19:05 - Option : [2]

-----------\\ Fin du rapport a 19:05:50,10
0
Réponse 15 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1852
Windows 5.1.2600 Service Pack 3

15/03/2009 21:24:28
mbam-log-2009-03-15 (21-24-28).txt

Type de recherche: Examen rapide
Eléments examinés: 69183
Temps écoulé: 5 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8eeb2711-9d21-4f9c-99a1-b7fc5a8ca56a} (Adware.DrFlex) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f02ea32e-453a-f341-49f3-c4b4a58593fb} (Adware.MySideSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ppcbooster (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ppcbooster (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99e015a6-8b83-702c-f705-3c16bae4311e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99e015a6-8b83-702c-f705-3c16bae4311e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c90e33e8-9a87-6d38-ace9-0d390a7326a0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c90e33e8-9a87-6d38-ace9-0d390a7326a0} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{11-12-2f-f5-dw} (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Documents and Settings\sonia\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\vntb9283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wguryxujntueeya.dll-uninst.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\QdrDrive20.dll (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Documents and Settings\sonia\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sonia\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcbooster.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcbooster-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcb_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\yrtb5246.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rlwnw64r.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\sonia\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\dorine\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wguryxujntueeya.dll (Adware.BHO) -> Delete on reboot.
0
Réponse 16 / 25
Talamasca Messages postés 346 Statut Membre 11
 
à la fin de la phase de suppression il y a eu un message qui donné une liste de 4 fichiers infectés qui n'avaient pas pu être supprimés, du coup j"ai relancé une analyse qui les a retrouvés et la suppression c'est faite quand même

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1852
Windows 5.1.2600 Service Pack 3

15/03/2009 22:06:41
mbam-log-2009-03-15 (22-06-41).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 129628
Temps écoulé: 29 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP420\A0138557.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138862.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138863.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138868.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 17 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Re,

Poste un nouveau rapport hijackthis stp

0
Réponse 18 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:48, on 16/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\HiYo\bin\HiYo.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Documents and Settings\sonia\Bureau\OUtils désinfection\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S15E.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [second load] C:\DOCUME~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE

O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe

O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rlwnw64r.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O18 - Protocol: bw+0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

0
Réponse 19 / 25
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

---------------------------------[ ! ATTENTION ! ]-------------------------------
! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

Dans ton cas, il s'agit d'Avast (fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »)

==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

0
Réponse 20 / 25
Talamasca Messages postés 346 Statut Membre 11
 
Salut,
désolé pour le délai mais j'ai plusieurs souci en même temps
j'en avais même oublié le scan en ligne Kaspersky que tu m'as conseillé pour l'autre PC
Bon pour celui là, Combo-Fix c'est terminé sans casse je crois.
Voilà le rapport:

ComboFix 09-03-19.02 - sonia 2009-03-22 11:29:35.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.502.278 [GMT 1:00]
Lancé depuis: c:\documents and settings\sonia\Bureau\C-fix.exe
Commutateurs utilisés :: c:\documents and settings\sonia\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: avast! antivirus 4.8.1229 [VPS 090321-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\ppcb_32.lnk
c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\ppcbooster.lnk
c:\windows\patch.exe
c:\windows\system32\stera.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-22 au 2009-03-22 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 22:32 . 2009-03-16 22:32 <REP> d-------- c:\program files\eEye Digital Security
2009-03-15 21:11 . 2009-03-15 21:11 <REP> d-------- c:\documents and settings\sonia\Application Data\Malwarebytes
2009-03-15 21:10 . 2009-03-15 21:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-11 23:39 . 2009-03-11 23:39 <REP> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 00:00 --------- d-----w c:\program files\Program Files
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-16 23:03 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-01-16 22:17 47,927 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-16 22:17 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-16 22:17 2,150 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-16 09:13 3,084 ----a-w c:\documents and settings\sonia\Application Data\wklnhst.dat
2009-01-10 13:16 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-08-25 17:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d c:\windows\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2009-03-21 21:04 1883672 --a------ c:\program files\The_Pirate_Bay\tbThe0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 12:28 1453080 --a------ c:\program files\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-21 36864]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 68856]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2009-01-28 300336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sonia\Menu D‚marrer\Programmes\D‚marrage\
Pr‚sentation de Media Manager.lnk - c:\program files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-31 156672]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-21 196608]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"wave2"= rddv1044.dll
"midi2"= rddv1044.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]stera

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57760:TCP"= 57760:TCP:Pando P2P TCP Listening Port
"57760:UDP"= 57760:UDP:Pando P2P UDP Listening Port

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2005-07-06 9867]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-07-06 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-07-06 78208]
R2 MMIndexer;Indexer de Media Manager;c:\program files\Fichiers communs\Microsoft Shared\Media Manager\AIRSVCU.EXE [1997-07-31 137216]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-01-28 8704]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-01-28 4010]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-09-20 33792]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-11 29744]
S3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [2005-02-24 162176]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;\??\c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS --> c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [?]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2006-01-28 2343]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2006-07-07 161422]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-12-05 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-12-05 85696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d1c0902-353e-11dd-b6df-0014a4532927}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a779bc9c-025e-11dd-b68e-0014a4532927}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\GestMaj.exe
HKCU-Run-Orange Link - c:\progra~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe
HKCU-Run-second load - c:\docume~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Settings,ProxyOverride = localhost
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 11:46:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\rddv1044.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\PASTISVC.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\program files\Windows Live\Messenger\MsnMsgr.Exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-22 11:48:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-22 10:48:14

Avant-CF: 14 907 146 240 octets libres
Après-CF: 14,950,891,520 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

194 --- E O F --- 2009-03-21 22:36:43
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses