Rapport HIjackthis pour Anthony51

Talamasca Messages postés 346 Statut Membre -  
Talamasca Messages postés 346 Statut Membre -
Re Anthony,
voilà le log hijackthis pour l'autre PC.
A mon avis y a du boulot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:13, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\documents and settings\sonia\local settings\application data\oommqee.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\sonia\Bureau\OUtils désinfection\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mysidesearch search enhancer - {99E015A6-8B83-702C-F705-3C16BAE4311E} - C:\WINDOWS\system32\wguryxujntueeya.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adzgalore - {c90e33e8-9a87-6d38-ace9-0d390a7326a0} - C:\WINDOWS\system32\nsf66.dll (file missing)
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{11-12-2F-F5-DW}] C:\windows\system32\rlwnw64r.exe DWrvgXX
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S15E.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [oommqee] "c:\documents and settings\sonia\local settings\application data\oommqee.exe" oommqee
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rlwnw64r.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: bw+0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 22839 bytes
Configuration: Windows XP
Internet Explorer 7.0

25 réponses

  • 1
  • 2
  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour ;)

    En effet, cet ordinateur est très infecté... J'ai dénombré 8 infections (la plupart sont des adwares, qui affichent de la publicité). Il va falloir utiliser plusieurs programmes pour désinfecter, on va commencer par les 3 suivants :

    # Il y a tout d'abord une infection Lop/Swizzor qui affiche des fenêtres de publicités "CiD". Elle s'installe via les logiciels suivants notamment, en contrepartie de leur dite « gratuité » :

    • Le sponsor de Messenger Plus!
    • Bittorent
    • BitDownload
    • BitGrabber
    • NetPumper
    • BitRoll
    • TorrentQ
    • Torrent101

    Pour la supprimer, fais ceci :

    • Désactive ton antivirus.
    • Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    • Double-clique dessus pour lancer l'installation
    • Double-clique sur le raccourci Lop S&D présent sur ton Bureau
    • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
    • Patiente jusqu'à la fin du scan
    • Poste le rapport généré
    • Réactive ton antivirus

    Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

    # Il y a également l'infection EoRezo... L'installation d'un des logiciels issu de leur site affiche des pub, modifie la page d'accueil etc...

    Télécharge Ad-Remover (de C_XX) sur ton Bureau.

    /!\ Déconnecte toi et ferme toutes les applications en cours /!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-remover située sur ton Bureau
    ● Au menu principal choisis l'option "A"
    ● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

    # Comme sur l'autre ordinateur, il y a une infection MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci :

    • go-astro
    • GoRecord
    • HotTVPlayer / HotTVPlayer & Paris Hilton
    • Live-Player
    • MailSkinner
    • Messenger Skinner
    • Instant Access
    • InternetGameBox
    • Officiale Emule (Version d'Emule modifiée)
    • Sudoplanet
    • Webmediaplayer

    Pour la supprimer, merci de suivre exactement cette procédure :

    Télécharge maintenant Navilog1 (de IL-MAFIOSO) depuis-ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    • Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau.
    • Ensuite double clique sur navilog1.exe pour lancer l'installation.
    • Une fois l'installation terminée, lance Navilog depuis le raccourci présent sur le Bureau

    • Au menu principal, Fais le choix 1
    • Laisse toi guider et patiente.
    • Patiente jusqu'au message : "Analyse Termine le..."
    • Appuie sur une touche, le bloc note va s'ouvrir.
    • Copie-colle l'intégralité du rapport ici.

    0
  2. Talamasca Messages postés 346 Statut Membre 11
     
    Et bein! je m'en douté un peu parceque c'est celui de ma femme et elle s'inscrit à tous les jeux, télécharge n'importe quoi et installe sans faire très attention. (je suis pas le dernier à ça mais bon)
    OK alors je fais tous ça.... Merci beaucoup
    0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    As-tu eu le temps de faire ces scans ?
    Si oui, peux-tu poster les rapports stp ?

    @+
    0
  4. Talamasca Messages postés 346 Statut Membre 11
     
    Salut,
    Désolé pour le delai mais j'ai des souci de connection

    LopSD

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 090308-0] 4.8.1229 (Not Activated)
    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 09/03/2009|23:18 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [25/09/2007|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
    [06/07/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [12/06/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
    [30/10/2007|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [28/09/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [11/07/2008|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [25/08/2008|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\erreurchasseur
    [01/09/2008|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
    [11/07/2008|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [11/07/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [29/08/2008|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
    [06/11/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiYo
    [20/10/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [20/10/2008|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
    [30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
    [15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [02/02/2007|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
    [25/08/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
    [25/03/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [11/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [07/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [02/05/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [11/06/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [02/05/2006|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [20/12/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [26/03/2006|14:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

    [15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [11/10/2008|22:17] C:\DOCUME~1\sonia\APPLIC~1\.k3d
    [21/09/2008|00:16] C:\DOCUME~1\sonia\APPLIC~1\.wyzo
    [25/09/2007|21:31] C:\DOCUME~1\sonia\APPLIC~1\5400 Series
    [02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Adobe
    [02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\AdobeUM
    [23/02/2008|03:12] C:\DOCUME~1\sonia\APPLIC~1\Apple Computer
    [13/10/2008|16:53] C:\DOCUME~1\sonia\APPLIC~1\Blender Foundation
    [10/10/2008|07:15] C:\DOCUME~1\sonia\APPLIC~1\cs
    [02/02/2006|14:25] C:\DOCUME~1\sonia\APPLIC~1\CyberLink
    [31/10/2006|00:55] C:\DOCUME~1\sonia\APPLIC~1\DivX
    [20/03/2006|20:22] C:\DOCUME~1\sonia\APPLIC~1\eConf
    [11/06/2008|21:43] C:\DOCUME~1\sonia\APPLIC~1\EoRezo
    [07/02/2007|19:26] C:\DOCUME~1\sonia\APPLIC~1\EPSON
    [21/09/2008|01:13] C:\DOCUME~1\sonia\APPLIC~1\ESTsoft
    [14/04/2006|02:44] C:\DOCUME~1\sonia\APPLIC~1\FotoWire
    [11/10/2008|22:48] C:\DOCUME~1\sonia\APPLIC~1\FreeCAD
    [20/12/2008|22:10] C:\DOCUME~1\sonia\APPLIC~1\GamesCafe
    [18/10/2008|23:39] C:\DOCUME~1\sonia\APPLIC~1\GetModule
    [28/09/2008|12:43] C:\DOCUME~1\sonia\APPLIC~1\GetRightToGo
    [11/07/2008|19:30] C:\DOCUME~1\sonia\APPLIC~1\Google
    [29/08/2008|04:34] C:\DOCUME~1\sonia\APPLIC~1\GRETECH
    [06/11/2008|22:19] C:\DOCUME~1\sonia\APPLIC~1\gtk-2.0
    [07/03/2006|14:08] C:\DOCUME~1\sonia\APPLIC~1\Help
    [06/11/2008|19:21] C:\DOCUME~1\sonia\APPLIC~1\HiYo
    [15/10/2004|12:05] C:\DOCUME~1\sonia\APPLIC~1\Identities
    [01/09/2008|19:57] C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
    [08/11/2008|15:44] C:\DOCUME~1\sonia\APPLIC~1\Inkscape
    [11/06/2008|22:20] C:\DOCUME~1\sonia\APPLIC~1\ItsLabel
    [21/07/2006|13:44] C:\DOCUME~1\sonia\APPLIC~1\Leadertech
    [24/08/2008|13:08] C:\DOCUME~1\sonia\APPLIC~1\LimeWire
    [19/03/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Macromedia
    [18/09/2008|20:29] C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
    [15/10/2004|11:51] C:\DOCUME~1\sonia\APPLIC~1\Microsoft
    [07/03/2006|14:11] C:\DOCUME~1\sonia\APPLIC~1\Microsoft Web Folders
    [31/10/2006|00:59] C:\DOCUME~1\sonia\APPLIC~1\Mozilla
    [07/06/2008|17:05] C:\DOCUME~1\sonia\APPLIC~1\MSNInstaller
    [21/10/2008|23:02] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org
    [21/10/2008|00:37] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org2
    [10/10/2008|13:06] C:\DOCUME~1\sonia\APPLIC~1\report
    [10/10/2008|16:55] C:\DOCUME~1\sonia\APPLIC~1\sonia
    [01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Sony Ericsson
    [20/09/2008|02:43] C:\DOCUME~1\sonia\APPLIC~1\Steinberg
    [21/10/2008|00:30] C:\DOCUME~1\sonia\APPLIC~1\Sun
    [25/03/2006|18:32] C:\DOCUME~1\sonia\APPLIC~1\Symantec
    [13/08/2008|06:08] C:\DOCUME~1\sonia\APPLIC~1\Talkback
    [01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Teleca
    [05/01/2007|17:06] C:\DOCUME~1\sonia\APPLIC~1\Template
    [12/11/2007|20:39] C:\DOCUME~1\sonia\APPLIC~1\U3
    [19/11/2008|22:09] C:\DOCUME~1\sonia\APPLIC~1\Wings3D
    [20/12/2008|11:40] C:\DOCUME~1\sonia\APPLIC~1\Zylom

    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\5400 Series
    [14/02/2008|19:00] C:\DOCUME~1\dorine\APPLIC~1\Adobe
    [14/02/2008|19:02] C:\DOCUME~1\dorine\APPLIC~1\AdobeUM
    [13/12/2008|17:46] C:\DOCUME~1\dorine\APPLIC~1\HiYo
    [15/10/2004|12:05] C:\DOCUME~1\dorine\APPLIC~1\Identities
    [14/02/2008|19:01] C:\DOCUME~1\dorine\APPLIC~1\Leadertech
    [15/10/2004|11:51] C:\DOCUME~1\dorine\APPLIC~1\Microsoft
    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Sony Ericsson
    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Teleca

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [09/03/2009 22:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [12/08/2006|19:17] C:\Program Files\a2 Free
    [28/01/2006|10:12] C:\Program Files\acer
    [06/07/2005|20:04] C:\Program Files\Acer Inc
    [06/07/2005|20:03] C:\Program Files\Adobe
    [18/01/2009|22:08] C:\Program Files\AGI
    [02/11/2006|14:39] C:\Program Files\Ahead
    [07/06/2008|16:49] C:\Program Files\Alice
    [03/10/2006|20:08] C:\Program Files\Alwil Software
    [06/03/2007|01:40] C:\Program Files\BallClock3D
    [25/08/2006|00:26] C:\Program Files\Bloobs
    [14/02/2009|00:30] C:\Program Files\CCleaner
    [22/04/2006|08:17] C:\Program Files\Common Files
    [15/10/2004|11:58] C:\Program Files\ComPlus Applications
    [01/09/2008|20:04] C:\Program Files\Conduit
    [06/07/2005|19:59] C:\Program Files\CONEXANT
    [06/07/2005|20:03] C:\Program Files\CyberLink
    [12/08/2006|18:39] C:\Program Files\denouvel
    [12/09/2008|16:05] C:\Program Files\DigitalSoundPlanet
    [17/05/2008|20:09] C:\Program Files\directx
    [02/05/2006|23:30] C:\Program Files\DivX
    [20/05/2007|18:25] C:\Program Files\documents
    [13/11/2008|14:59] C:\Program Files\eMule
    [07/02/2007|16:52] C:\Program Files\EPSON
    [25/08/2008|12:48] C:\Program Files\ErreurChasseur
    [21/09/2008|01:13] C:\Program Files\ESTsoft
    [11/10/2008|21:04] C:\Program Files\Fake Voice
    [19/09/2008|19:19] C:\Program Files\FBrowserAdvisor
    [15/10/2004|11:52] C:\Program Files\Fichiers communs
    [15/10/2008|00:48] C:\Program Files\Free Audio Pack
    [02/05/2006|23:31] C:\Program Files\Google
    [29/08/2008|04:34] C:\Program Files\GRETECH
    [06/11/2008|19:21] C:\Program Files\HiYo
    [15/11/2008|21:44] C:\Program Files\HP
    [02/09/2008|13:45] C:\Program Files\IdolSupport
    [06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
    [06/07/2005|19:51] C:\Program Files\Intel
    [15/10/2004|11:58] C:\Program Files\Internet Explorer
    [12/10/2008|15:07] C:\Program Files\IObit
    [25/08/2008|14:04] C:\Program Files\ItsLabel
    [15/03/2006|16:43] C:\Program Files\Java
    [28/01/2006|10:12] C:\Program Files\Launch Manager
    [25/09/2007|21:27] C:\Program Files\Lexmark Toolbar
    [14/04/2006|02:39] C:\Program Files\Logitech
    [25/09/2007|21:31] C:\Program Files\Lx_cats
    [07/03/2006|14:28] C:\Program Files\Media Manager
    [15/10/2004|11:57] C:\Program Files\Messenger
    [18/09/2008|20:29] C:\Program Files\MessengerSkinner
    [07/03/2006|15:20] C:\Program Files\Micro Application
    [15/10/2004|12:01] C:\Program Files\microsoft frontpage
    [28/01/2006|10:16] C:\Program Files\Microsoft Office
    [14/06/2008|19:07] C:\Program Files\Microsoft SQL Server Compact Edition
    [28/01/2006|10:16] C:\Program Files\Microsoft Works
    [15/10/2004|11:58] C:\Program Files\Movie Maker
    [15/10/2004|11:57] C:\Program Files\MSN
    [25/03/2006|18:36] C:\Program Files\MSN Apps
    [15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
    [11/06/2008|22:02] C:\Program Files\MSXML 4.0
    [15/10/2004|11:58] C:\Program Files\NetMeeting
    [06/07/2005|20:01] C:\Program Files\NewTech Infosystems
    [15/10/2004|11:57] C:\Program Files\Online Services
    [15/10/2004|11:58] C:\Program Files\Outlook Express
    [12/04/2006|14:13] C:\Program Files\PC Camera
    [11/10/2008|21:06] C:\Program Files\Personal Voice Changer Driver
    [11/10/2008|16:35] C:\Program Files\Plugins
    [09/10/2008|18:30] C:\Program Files\ppcbooster
    [14/02/2009|01:00] C:\Program Files\Program Files
    [21/10/2008|21:24] C:\Program Files\QdrDrive
    [10/10/2008|21:17] C:\Program Files\Seagrand
    [28/09/2008|22:55] C:\Program Files\Secured IE
    [28/09/2008|22:55] C:\Program Files\securedie
    [15/10/2004|11:59] C:\Program Files\Services en ligne
    [21/07/2006|13:42] C:\Program Files\Sony Setup
    [21/10/2008|21:30] C:\Program Files\Stardock
    [12/05/2008|20:14] C:\Program Files\SuperGOO
    [06/07/2005|19:58] C:\Program Files\Synaptics
    [07/06/2008|16:56] C:\Program Files\TechCity Solutions
    [01/09/2008|20:04] C:\Program Files\The_Pirate_Bay
    [31/01/2007|18:01] C:\Program Files\Ubisoft
    [15/10/2004|12:05] C:\Program Files\Uninstall Information
    [12/08/2006|18:38] C:\Program Files\VIRTUELSOFT
    [02/10/2008|02:26] C:\Program Files\VstPlugins
    [11/06/2008|21:44] C:\Program Files\Windows Live
    [14/06/2008|19:03] C:\Program Files\Windows Live Toolbar
    [06/07/2006|19:17] C:\Program Files\Windows Media Components
    [11/07/2008|18:33] C:\Program Files\Windows Media Connect 2
    [15/10/2004|11:57] C:\Program Files\Windows Media Player
    [15/10/2004|11:57] C:\Program Files\Windows NT
    [15/10/2004|11:59] C:\Program Files\WindowsUpdate
    [15/10/2004|12:01] C:\Program Files\xerox
    [02/05/2006|13:21] C:\Program Files\Yahoo!
    [10/11/2006|18:30] C:\Program Files\Zone Labs
    [20/12/2008|11:39] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [02/02/2006|14:30] C:\Program Files\Fichiers communs\Adobe
    [25/08/2008|12:48] C:\Program Files\Fichiers communs\ErreurChasseur
    [14/04/2006|02:44] C:\Program Files\Fichiers communs\FotoWire
    [15/11/2008|21:58] C:\Program Files\Fichiers communs\Hewlett-Packard
    [06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
    [14/04/2006|02:41] C:\Program Files\Fichiers communs\Logitech
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
    [06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
    [12/04/2006|14:13] C:\Program Files\Fichiers communs\PCCamera
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
    [09/08/2008|13:30] C:\Program Files\Fichiers communs\Symantec Shared
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\System
    [14/06/2008|18:56] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 42 Processes )

    iexplore.exe ~ [PID:820]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\sfzfvmin.exe
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\Defy Bird Name.exe
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\rbklbnqi.exe
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\glaabkqm.exe
    C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\ycgbhgoy.exe
    C:\Program Files\IdolSupport
    C:\DOCUME~1\sonia\Cookies\sonia@advertising[1].txt
    C:\DOCUME~1\sonia\Cookies\sonia@adopt.euroclick[1].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-09 23:20:01
    Windows 5.1.2600 Service Pack 3 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\Program Files\MessengerSkinner
    C:\Program Files\MessengerSkinner\resources
    C:\Program Files\MessengerSkinner\download
    C:\Program Files\MessengerSkinner\uninst.exe
    C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
    C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner\Userdata
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf

    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.exe
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.dat
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_nav.dat
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_navps.dat
    [b]==> EGDACCESS <==/b

    [F:220][D:27]-> C:\DOCUME~1\sonia\LOCALS~1\Temp
    [F:252][D:0]-> C:\DOCUME~1\sonia\Cookies
    [F:848][D:10]-> C:\DOCUME~1\sonia\LOCALS~1\TEMPOR~1\content.IE5
    [F:41][D:1]-> C:\Recycled

    1 - "C:\Lop SD\LopR_1.txt" - 09/03/2009|23:20 - Option : [1]

    --------------------\\ Fin du rapport a 23:20:54
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Talamasca Messages postés 346 Statut Membre 11
     
    ------- LOGFILE OF AD-REMOVER 1.1.1.6 | ONLY XP/VISTA -------

    Updated by C_XX on 09/03/2009 at 21:20

    Start at: 23:30:35, Lun 09/03/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: ACER-D18848DB56
    Current User: sonia - Administrator
    Drive(s):
    - C:\ (File System: FAT32)
    - D:\ (File System: FAT32)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 43

    +-----------------| Boonty/Boonty Games Elements Found:

    .
    .

    +-----------------| Eorezo Elements Found:

    HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\EoRezo
    HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\sonia\Application Data\EoRezo

    +-----------------| Infected Poker Softwares Elements Found:

    HKCU\Software\Casino Tropez
    HKCU\Software\MGS\Thumper\Casino\RoxyPalace
    HKCU\Software\MicroGaming\Thumper\Casino\RoxyPalace
    HKCU\Software\Titan Poker
    HKLM\Software\Casino Tropez
    HKLM\Software\Titan Poker
    HKU\S-1-5-21-1331557266-1888346133-1591605675-1005\Software\Titan Poker
    .
    C:\MicroGaming\Casino\Roxypalace

    +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

    .
    .

    +-----------------| It's TV Elements Found:

    HKCU\Software\ItsLabel
    HKLM\Software\ItsLabel
    HKU\S-1-5-21-1331557266-1888346133-1591605675-1005\Software\ItsLabel
    .
    C:\Program Files\ItsLabel
    C:\Documents and Settings\sonia\Application Data\ItsLabel

    +-----------------| Sweetim Elements Found:

    .

    +-----------------| Other Adwares Found:

    .
    HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    HKCU\Software\FBrowsingAdvisor
    HKCU\Software\MediaHoldings
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    HKCU\Software\PlayMP3
    HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
    .
    C:\WINDOWS\System32\poinstall.exe
    C:\Program Files\Conduit
    C:\Program Files\FBrowserAdvisor
    C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp326D.tmp
    C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp147C.tmp
    C:\Documents and Settings\sonia\Cookies\sonia@atdmt[2].txt
    C:\Documents and Settings\sonia\Cookies\sonia@bs.serving-sys[2].txt

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version [Unable to get version] ----

    ProfilePath: 9j0luxjw.default
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Google"
    Prefs.js: Browser.Search.SelectedEngine: "Ask"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.lo.st/
    Start page: hxxp://lo.st

    +-[HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\..\Internet Explorer\Main]

    Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.lo.st/
    Start page: hxxp://lo.st

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://lo.st

    Ad-Remover

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://lo.st

    +---------------------------------------------------------------------------+

    4491 Byte(s) - C:\Ad-Report-Scan-09.03.2009.log

    0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
    0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    Before run: 15,774,515,200 Byte(s) free
    After run: Byte(s) free

    End at: 23:37:50 | 09/03/2009
    .
    +-----------------| E.O.F - 105 Lines
    .
    0
  7. Talamasca Messages postés 346 Statut Membre 11
     
    Navilog1

    Search Navipromo version 3.7.5 commencé le 09/03/2009 à 23:45:33,77

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! antivirus 4.8.1229 [VPS 090309-0] 4.8.1229 (Activated)

    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    Favorit
    MessengerSkinner

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\sonia\applic~1" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\DOCUME~1\dorine\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\sonia\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\dorine\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\sonia\menud+~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

    *** Recherche fichiers ***

    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf trouvé !

    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    HKEY_CURRENT_USER\Software\Lanconfig

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "aeeum"="\"c:\\documents and settings\\sonia\\local settings\\application data\\aeeum.exe\" aeeum"

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\sonia\locals~1\applic~1" :

    aeeum.exe trouvé !
    aeeum.dat trouvé !
    aeeum_nav.dat trouvé !
    aeeum_navps.dat trouvé !

    * Dans "C:\DOCUME~1\dorine\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :

    *** Analyse terminée le 09/03/2009 à 23:48:08,40 ***
    0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, on continue. Avant de faire ce qui est indiqué ci-dessous, désactive ton antivirus : il risque de réagir (en particulier pour le premier logiciel), mais c'est une fausse alerte. Tu le réactiveras à la fin de ces manipulations.

    Pour EoRezo :

    ! Déconnecte toi et ferme toutes les applications en cours !

    Relance "Ad-remover" et choisis l'option "B" au menu principal

    Coche à l'écran de sélection :
    Suppression Eorezo
    Suppression Infected Poker Softwares
    Suppression It's TV
    Other Adwares

    Puis choisis "S" , le programme va travailler,

    Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

    Pour l'infection Lop :

    • Relance Lop S&D
    • Choisis cette fois-ci l'option 2 (Suppression)
    • Ne ferme pas la fenêtre lors de la suppression !
    • Poste le rapport généré (C:\lopR.txt)

    Pour l'infection navipromo :

    • Relance Navilog à l'aide du raccourci navilog1 présent sur le Bureau et laisse-toi guider.

    • Au menu principal, choisis 2 et valide.
    • Le fix va t'informer qu'il va alors redémarrer ton PC
    • Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    • Appuie sur une touche comme demandé (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    • Au redémarrage de ton PC, choisis ta session habituelle.
    • Patiente jusqu'au message : "Nettoyage terminé le..."
    • Le bloc note va s'ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.

    Remarque : MessengerSkinner va être supprimé, il ne faudra pas le réinstallé ;)

    0
  9. Talamasca Messages postés 346 Statut Membre 11
     
    Rapport de suppression Ad-Remover

    ------ LOGFILE OF AD-REMOVER 1.1.1.6 | ONLY XP/VISTA -------

    Updated by C_XX on 09/03/2009 at 21:20

    **** LIMITED TO ****

    Eorezo
    Infected Poker Softwares
    It's TV
    Other Adwares

    ********************

    Start at: 21:51:36, Mer 11/03/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: ACER-D18848DB56
    Current User: sonia - Administrator
    Drive(s):
    - C:\ (File System: FAT32)
    - D:\ (File System: FAT32)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 44

    (!) ---- IE start pages/Tabs reset

    +-----------------| Eorezo Elements Deleted :

    HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\EoRezo
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\sonia\Application Data\EoRezo

    +-----------------| Infected Poker Softwares Elements Deleted :

    HKCU\Software\Casino Tropez
    HKCU\Software\MGS\Thumper\Casino\RoxyPalace
    HKCU\Software\MicroGaming\Thumper\Casino\RoxyPalace
    HKCU\Software\Titan Poker
    HKLM\Software\Casino Tropez
    HKLM\Software\Titan Poker
    .
    C:\MicroGaming\Casino\Roxypalace

    +-----------------| It's TV Elements Deleted :

    HKCU\Software\ItsLabel
    HKLM\Software\ItsLabel
    .
    C:\Program Files\ItsLabel
    C:\Documents and Settings\sonia\Application Data\ItsLabel

    +-----------------| Other Adwares Deleted:

    .
    HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    HKCU\Software\FBrowsingAdvisor
    HKCU\Software\MediaHoldings
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    HKCU\Software\PlayMP3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
    .
    C:\WINDOWS\System32\poinstall.exe
    C:\Program Files\Conduit
    C:\Program Files\FBrowserAdvisor
    C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp326D.tmp
    C:\DOCUME~1\sonia\LOCALS~1\Temp\tmp147C.tmp
    C:\Documents and Settings\sonia\Cookies\sonia@atdmt[2].txt
    C:\Documents and Settings\sonia\Cookies\sonia@bs.serving-sys[2].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +-----------------| Added Scan :

    ---- Mozilla FireFox Version [Unable to get version] ----

    ProfilePath: 9j0luxjw.default
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Google"
    Prefs.js: Browser.Search.SelectedEngine: "Ask"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Start page: hxxp://lo.st

    +-[HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Start page: hxxp://lo.st

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://fr.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    4807 Byte(s) - C:\Ad-Report-Scan-09.03.2009.log
    4602 Byte(s) - C:\Ad-Report-Clean-11.03.2009.log

    1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
    5 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    Before run: 15,500,181,504 Byte(s) free
    After run: Byte(s) free

    End at: 21:54:08 | 11/03/2009
    .
    +-----------------| E.O.F - 103 Lines
    .
    0
  10. Talamasca Messages postés 346 Statut Membre 11
     
    ......LopSD

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 090311-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 11/03/2009|22:01 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\sfzfvmin.exe
    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\Defy Bird Name.exe
    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\rbklbnqi.exe
    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\glaabkqm.exe
    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport\ycgbhgoy.exe
    Supprime! - C:\DOCUME~1\sonia\Cookies\sonia@advertising[1].txt
    Supprime! - C:\DOCUME~1\sonia\Cookies\sonia@adopt.euroclick[1].txt
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
    Supprime! - C:\DOCUME~1\sonia\APPLIC~1\IdolSupport
    Supprime! - C:\Program Files\IdolSupport

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\ErreurChasseur
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErreurChasseur

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [25/09/2007|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
    [06/07/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [12/06/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
    [30/10/2007|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [28/09/2008|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [11/07/2008|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [11/07/2008|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [11/07/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [29/08/2008|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
    [06/11/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiYo
    [20/10/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [20/10/2008|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
    [30/09/2008|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
    [15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [02/02/2007|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
    [25/08/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
    [25/03/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [11/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [07/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [02/05/2006|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [11/06/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [02/05/2006|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [20/12/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [26/03/2006|14:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

    [15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [11/10/2008|22:17] C:\DOCUME~1\sonia\APPLIC~1\.k3d
    [21/09/2008|00:16] C:\DOCUME~1\sonia\APPLIC~1\.wyzo
    [25/09/2007|21:31] C:\DOCUME~1\sonia\APPLIC~1\5400 Series
    [02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Adobe
    [02/02/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\AdobeUM
    [23/02/2008|03:12] C:\DOCUME~1\sonia\APPLIC~1\Apple Computer
    [13/10/2008|16:53] C:\DOCUME~1\sonia\APPLIC~1\Blender Foundation
    [10/10/2008|07:15] C:\DOCUME~1\sonia\APPLIC~1\cs
    [02/02/2006|14:25] C:\DOCUME~1\sonia\APPLIC~1\CyberLink
    [31/10/2006|00:55] C:\DOCUME~1\sonia\APPLIC~1\DivX
    [20/03/2006|20:22] C:\DOCUME~1\sonia\APPLIC~1\eConf
    [07/02/2007|19:26] C:\DOCUME~1\sonia\APPLIC~1\EPSON
    [21/09/2008|01:13] C:\DOCUME~1\sonia\APPLIC~1\ESTsoft
    [14/04/2006|02:44] C:\DOCUME~1\sonia\APPLIC~1\FotoWire
    [11/10/2008|22:48] C:\DOCUME~1\sonia\APPLIC~1\FreeCAD
    [20/12/2008|22:10] C:\DOCUME~1\sonia\APPLIC~1\GamesCafe
    [18/10/2008|23:39] C:\DOCUME~1\sonia\APPLIC~1\GetModule
    [28/09/2008|12:43] C:\DOCUME~1\sonia\APPLIC~1\GetRightToGo
    [11/07/2008|19:30] C:\DOCUME~1\sonia\APPLIC~1\Google
    [29/08/2008|04:34] C:\DOCUME~1\sonia\APPLIC~1\GRETECH
    [06/11/2008|22:19] C:\DOCUME~1\sonia\APPLIC~1\gtk-2.0
    [07/03/2006|14:08] C:\DOCUME~1\sonia\APPLIC~1\Help
    [06/11/2008|19:21] C:\DOCUME~1\sonia\APPLIC~1\HiYo
    [15/10/2004|12:05] C:\DOCUME~1\sonia\APPLIC~1\Identities
    [08/11/2008|15:44] C:\DOCUME~1\sonia\APPLIC~1\Inkscape
    [21/07/2006|13:44] C:\DOCUME~1\sonia\APPLIC~1\Leadertech
    [24/08/2008|13:08] C:\DOCUME~1\sonia\APPLIC~1\LimeWire
    [19/03/2006|14:30] C:\DOCUME~1\sonia\APPLIC~1\Macromedia
    [18/09/2008|20:29] C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
    [15/10/2004|11:51] C:\DOCUME~1\sonia\APPLIC~1\Microsoft
    [07/03/2006|14:11] C:\DOCUME~1\sonia\APPLIC~1\Microsoft Web Folders
    [31/10/2006|00:59] C:\DOCUME~1\sonia\APPLIC~1\Mozilla
    [07/06/2008|17:05] C:\DOCUME~1\sonia\APPLIC~1\MSNInstaller
    [21/10/2008|23:02] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org
    [21/10/2008|00:37] C:\DOCUME~1\sonia\APPLIC~1\OpenOffice.org2
    [10/10/2008|13:06] C:\DOCUME~1\sonia\APPLIC~1\report
    [10/10/2008|16:55] C:\DOCUME~1\sonia\APPLIC~1\sonia
    [01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Sony Ericsson
    [20/09/2008|02:43] C:\DOCUME~1\sonia\APPLIC~1\Steinberg
    [21/10/2008|00:30] C:\DOCUME~1\sonia\APPLIC~1\Sun
    [25/03/2006|18:32] C:\DOCUME~1\sonia\APPLIC~1\Symantec
    [13/08/2008|06:08] C:\DOCUME~1\sonia\APPLIC~1\Talkback
    [01/06/2007|06:45] C:\DOCUME~1\sonia\APPLIC~1\Teleca
    [05/01/2007|17:06] C:\DOCUME~1\sonia\APPLIC~1\Template
    [12/11/2007|20:39] C:\DOCUME~1\sonia\APPLIC~1\U3
    [19/11/2008|22:09] C:\DOCUME~1\sonia\APPLIC~1\Wings3D
    [20/12/2008|11:40] C:\DOCUME~1\sonia\APPLIC~1\Zylom

    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\5400 Series
    [14/02/2008|19:00] C:\DOCUME~1\dorine\APPLIC~1\Adobe
    [14/02/2008|19:02] C:\DOCUME~1\dorine\APPLIC~1\AdobeUM
    [13/12/2008|17:46] C:\DOCUME~1\dorine\APPLIC~1\HiYo
    [15/10/2004|12:05] C:\DOCUME~1\dorine\APPLIC~1\Identities
    [14/02/2008|19:01] C:\DOCUME~1\dorine\APPLIC~1\Leadertech
    [15/10/2004|11:51] C:\DOCUME~1\dorine\APPLIC~1\Microsoft
    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Sony Ericsson
    [14/02/2008|18:52] C:\DOCUME~1\dorine\APPLIC~1\Teleca

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [11/03/2009 17:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [12/08/2006|19:17] C:\Program Files\a2 Free
    [28/01/2006|10:12] C:\Program Files\acer
    [06/07/2005|20:04] C:\Program Files\Acer Inc
    [06/07/2005|20:03] C:\Program Files\Adobe
    [09/03/2009|23:29] C:\Program Files\Ad-remover
    [18/01/2009|22:08] C:\Program Files\AGI
    [02/11/2006|14:39] C:\Program Files\Ahead
    [07/06/2008|16:49] C:\Program Files\Alice
    [03/10/2006|20:08] C:\Program Files\Alwil Software
    [06/03/2007|01:40] C:\Program Files\BallClock3D
    [25/08/2006|00:26] C:\Program Files\Bloobs
    [14/02/2009|00:30] C:\Program Files\CCleaner
    [22/04/2006|08:17] C:\Program Files\Common Files
    [15/10/2004|11:58] C:\Program Files\ComPlus Applications
    [06/07/2005|19:59] C:\Program Files\CONEXANT
    [06/07/2005|20:03] C:\Program Files\CyberLink
    [12/08/2006|18:39] C:\Program Files\denouvel
    [12/09/2008|16:05] C:\Program Files\DigitalSoundPlanet
    [17/05/2008|20:09] C:\Program Files\directx
    [02/05/2006|23:30] C:\Program Files\DivX
    [20/05/2007|18:25] C:\Program Files\documents
    [13/11/2008|14:59] C:\Program Files\eMule
    [07/02/2007|16:52] C:\Program Files\EPSON
    [21/09/2008|01:13] C:\Program Files\ESTsoft
    [11/10/2008|21:04] C:\Program Files\Fake Voice
    [15/10/2004|11:52] C:\Program Files\Fichiers communs
    [15/10/2008|00:48] C:\Program Files\Free Audio Pack
    [02/05/2006|23:31] C:\Program Files\Google
    [29/08/2008|04:34] C:\Program Files\GRETECH
    [06/11/2008|19:21] C:\Program Files\HiYo
    [15/11/2008|21:44] C:\Program Files\HP
    [06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
    [06/07/2005|19:51] C:\Program Files\Intel
    [15/10/2004|11:58] C:\Program Files\Internet Explorer
    [12/10/2008|15:07] C:\Program Files\IObit
    [15/03/2006|16:43] C:\Program Files\Java
    [28/01/2006|10:12] C:\Program Files\Launch Manager
    [25/09/2007|21:27] C:\Program Files\Lexmark Toolbar
    [14/04/2006|02:39] C:\Program Files\Logitech
    [25/09/2007|21:31] C:\Program Files\Lx_cats
    [07/03/2006|14:28] C:\Program Files\Media Manager
    [15/10/2004|11:57] C:\Program Files\Messenger
    [18/09/2008|20:29] C:\Program Files\MessengerSkinner
    [07/03/2006|15:20] C:\Program Files\Micro Application
    [15/10/2004|12:01] C:\Program Files\microsoft frontpage
    [28/01/2006|10:16] C:\Program Files\Microsoft Office
    [14/06/2008|19:07] C:\Program Files\Microsoft SQL Server Compact Edition
    [28/01/2006|10:16] C:\Program Files\Microsoft Works
    [15/10/2004|11:58] C:\Program Files\Movie Maker
    [15/10/2004|11:57] C:\Program Files\MSN
    [25/03/2006|18:36] C:\Program Files\MSN Apps
    [15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
    [11/06/2008|22:02] C:\Program Files\MSXML 4.0
    [09/03/2009|23:44] C:\Program Files\Navilog1
    [15/10/2004|11:58] C:\Program Files\NetMeeting
    [06/07/2005|20:01] C:\Program Files\NewTech Infosystems
    [15/10/2004|11:57] C:\Program Files\Online Services
    [15/10/2004|11:58] C:\Program Files\Outlook Express
    [12/04/2006|14:13] C:\Program Files\PC Camera
    [11/10/2008|21:06] C:\Program Files\Personal Voice Changer Driver
    [11/10/2008|16:35] C:\Program Files\Plugins
    [09/10/2008|18:30] C:\Program Files\ppcbooster
    [14/02/2009|01:00] C:\Program Files\Program Files
    [21/10/2008|21:24] C:\Program Files\QdrDrive
    [10/10/2008|21:17] C:\Program Files\Seagrand
    [28/09/2008|22:55] C:\Program Files\Secured IE
    [28/09/2008|22:55] C:\Program Files\securedie
    [15/10/2004|11:59] C:\Program Files\Services en ligne
    [21/07/2006|13:42] C:\Program Files\Sony Setup
    [21/10/2008|21:30] C:\Program Files\Stardock
    [12/05/2008|20:14] C:\Program Files\SuperGOO
    [06/07/2005|19:58] C:\Program Files\Synaptics
    [07/06/2008|16:56] C:\Program Files\TechCity Solutions
    [01/09/2008|20:04] C:\Program Files\The_Pirate_Bay
    [31/01/2007|18:01] C:\Program Files\Ubisoft
    [15/10/2004|12:05] C:\Program Files\Uninstall Information
    [12/08/2006|18:38] C:\Program Files\VIRTUELSOFT
    [02/10/2008|02:26] C:\Program Files\VstPlugins
    [11/06/2008|21:44] C:\Program Files\Windows Live
    [14/06/2008|19:03] C:\Program Files\Windows Live Toolbar
    [06/07/2006|19:17] C:\Program Files\Windows Media Components
    [11/07/2008|18:33] C:\Program Files\Windows Media Connect 2
    [15/10/2004|11:57] C:\Program Files\Windows Media Player
    [15/10/2004|11:57] C:\Program Files\Windows NT
    [15/10/2004|11:59] C:\Program Files\WindowsUpdate
    [15/10/2004|12:01] C:\Program Files\xerox
    [02/05/2006|13:21] C:\Program Files\Yahoo!
    [10/11/2006|18:30] C:\Program Files\Zone Labs
    [20/12/2008|11:39] C:\Program Files\Zylom Games

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [02/02/2006|14:30] C:\Program Files\Fichiers communs\Adobe
    [25/08/2008|12:48] C:\Program Files\Fichiers communs\ErreurChasseur
    [14/04/2006|02:44] C:\Program Files\Fichiers communs\FotoWire
    [15/11/2008|21:58] C:\Program Files\Fichiers communs\Hewlett-Packard
    [06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
    [14/04/2006|02:41] C:\Program Files\Fichiers communs\Logitech
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
    [06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
    [12/04/2006|14:13] C:\Program Files\Fichiers communs\PCCamera
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
    [15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
    [09/08/2008|13:30] C:\Program Files\Fichiers communs\Symantec Shared
    [15/10/2004|11:58] C:\Program Files\Fichiers communs\System
    [14/06/2008|18:56] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 41 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-11 22:03:20
    Windows 5.1.2600 Service Pack 3 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\Program Files\MessengerSkinner
    C:\Program Files\MessengerSkinner\resources
    C:\Program Files\MessengerSkinner\download
    C:\Program Files\MessengerSkinner\uninst.exe
    C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
    C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\sonia\APPLIC~1\MessengerSkinner\Userdata
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf

    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.exe
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum.dat
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_nav.dat
    C:\DOCUME~1\sonia\LOCALS~1\APPLIC~1\aeeum_navps.dat
    [b]==> EGDACCESS <==/b

    [F:1][D:27]-> C:\DOCUME~1\sonia\LOCALS~1\Temp
    [F:253][D:0]-> C:\DOCUME~1\sonia\Cookies
    [F:173][D:10]-> C:\DOCUME~1\sonia\LOCALS~1\TEMPOR~1\content.IE5
    [F:2][D:0]-> C:\Recycled

    1 - "C:\Lop SD\LopR_1.txt" - 09/03/2009|23:20 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 11/03/2009|22:04 - Option : [2]

    --------------------\\ Fin du rapport a 22:04:21
    0
  11. Talamasca Messages postés 346 Statut Membre 11
     
    ...... Navilog1

    Clean Navipromo version 3.7.5 commencé le 11/03/2009 à 22:12:23,01

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! antivirus 4.8.1229 [VPS 090311-0] 4.8.1229 (Activated)

    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage exécuté au redémarrage de l'ordinateur

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *

    * Suppression dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

    *** Suppression dossiers dans "C:\WINDOWS" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\sonia\applic~1" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression dossiers dans "C:\DOCUME~1\dorine\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\sonia\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\dorine\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\sonia\menud+~1\progra~1" ***

    *** Suppression fichiers ***

    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-2C07B8D0.pf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\sonia\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\WINDOWS\system32" *

    C:\WINDOWS\prefetch\aeeum*.pf trouvé !
    Copie C:\WINDOWS\prefetch\aeeum*.pf réalisée avec succès !
    C:\WINDOWS\prefetch\aeeum*.pf supprimé !

    * Dans "C:\Documents and Settings\sonia\locals~1\applic~1" *

    aeeum.exe trouvé !
    Copie aeeum.exe réalisée avec succès !
    aeeum.exe supprimé !

    aeeum.dat trouvé !
    Copie aeeum.dat réalisée avec succès !
    aeeum.dat supprimé !

    aeeum_nav.dat trouvé !
    Copie aeeum_nav.dat réalisée avec succès !
    aeeum_nav.dat supprimé !

    aeeum_navps.dat trouvé !
    Copie aeeum_navps.dat réalisée avec succès !
    aeeum_navps.dat supprimé !

    * Dans "C:\DOCUME~1\dorine\locals~1\applic~1" *

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***

    *** Nettoyage terminé le 11/03/2009 à 22:18:10,65 ***
    0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bien, ça fait 3 infections en moins :)

    On continue :

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    • Lance l'installation du programme en exécutant le fichier téléchargé.
    • Double-clique maintenant sur le raccourci de Toolbar-S&D.
    • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    • Poste le rapport généré. (C:\TB.txt)

    0
  13. Talamasca Messages postés 346 Statut Membre 11
     
    ............... ToolBarS&D

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 090313-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 14/03/2009|11:22 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\WINDOWS\iun6002.exe

    -----------\\ Extensions

    (sonia) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (sonia) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="http://lo.st/"
    "Window Title"="http://lo.st/"
    "SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
    "Start Page Restore"="http://lo.st"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
    [b]==> EGDACCESS <==/b

    1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|11:24 - Option : [1]

    -----------\\ Fin du rapport a 11:24:06,56
    0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    • Relance Toolbar-S&D en double-cliquant sur le raccourci.
    • Tape sur "2" puis valide en appuyant sur "Entrée".
    • Ne ferme pas la fenêtre lors de la suppression !
    • Un rapport sera généré, poste son contenu ici.

    Et ensuite :

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste le rapport de scan après la suppression ici

    0
  15. Talamasca Messages postés 346 Statut Membre 11
     
    OK voilou...

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : sonia ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 090313-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - FAT32 - Total:35 Go (Free:14 Go)
    D:\ (Local Disk) - FAT32 - Total:35 Go (Free:21 Go)
    E:\ (CD or DVD)
    H:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 15/03/2009|19:04 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\iun6002.exe

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (sonia) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (sonia) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="http://lo.st/"
    "Window Title"="http://lo.st/"
    "SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
    "Start Page Restore"="http://lo.st"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\MessengerSkinner.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Website.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\MessengerSkinner\Conditions g‚n‚rales.url
    [b]==> EGDACCESS <==/b

    1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|11:24 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 15/03/2009|19:05 - Option : [2]

    -----------\\ Fin du rapport a 19:05:50,10
    0
  16. Talamasca Messages postés 346 Statut Membre 11
     
    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1852
    Windows 5.1.2600 Service Pack 3

    15/03/2009 21:24:28
    mbam-log-2009-03-15 (21-24-28).txt

    Type de recherche: Examen rapide
    Eléments examinés: 69183
    Temps écoulé: 5 minute(s), 46 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 18

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8eeb2711-9d21-4f9c-99a1-b7fc5a8ca56a} (Adware.DrFlex) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f02ea32e-453a-f341-49f3-c4b4a58593fb} (Adware.MySideSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ppcbooster (Adware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ppcbooster (Adware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99e015a6-8b83-702c-f705-3c16bae4311e} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{99e015a6-8b83-702c-f705-3c16bae4311e} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c90e33e8-9a87-6d38-ace9-0d390a7326a0} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c90e33e8-9a87-6d38-ace9-0d390a7326a0} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{11-12-2f-f5-dw} (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
    C:\Documents and Settings\sonia\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\vntb9283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wguryxujntueeya.dll-uninst.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
    C:\Program Files\QdrDrive\QdrDrive20.dll (Adware.AdBand) -> Quarantined and deleted successfully.
    C:\Documents and Settings\sonia\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\sonia\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster\ppcbooster.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster\ppcbooster-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster\ppcb_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\yrtb5246.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\rlwnw64r.exe (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\sonia\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\dorine\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wguryxujntueeya.dll (Adware.BHO) -> Delete on reboot.
    0
  17. Talamasca Messages postés 346 Statut Membre 11
     
    à la fin de la phase de suppression il y a eu un message qui donné une liste de 4 fichiers infectés qui n'avaient pas pu être supprimés, du coup j"ai relancé une analyse qui les a retrouvés et la suppression c'est faite quand même

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1852
    Windows 5.1.2600 Service Pack 3

    15/03/2009 22:06:41
    mbam-log-2009-03-15 (22-06-41).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 129628
    Temps écoulé: 29 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP420\A0138557.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138862.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138863.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP423\A0138868.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  18. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Poste un nouveau rapport hijackthis stp

    0
  19. Talamasca Messages postés 346 Statut Membre 11
     
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:06:48, on 16/03/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Acer\eManager\anbmServ.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe

    C:\WINDOWS\System32\PAStiSvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    C:\Program Files\HiYo\bin\HiYo.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\eMule\emule.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    C:\Documents and Settings\sonia\Bureau\OUtils désinfection\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll

    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup

    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S15E.tmp" /EF "HKLM"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [second load] C:\DOCUME~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE

    O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe

    O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe

    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rlwnw64r.exe

    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

    O18 - Protocol: bw+0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw+0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: bwg0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwg0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0s - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: offline-8876480 - {7EF78BEC-612B-41F4-BCA6-BD74F590E0C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    0
  20. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ---------------------------------[ ! ATTENTION ! ]-------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit d'Avast (fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »)

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  21. Talamasca Messages postés 346 Statut Membre 11
     
    Salut,
    désolé pour le délai mais j'ai plusieurs souci en même temps
    j'en avais même oublié le scan en ligne Kaspersky que tu m'as conseillé pour l'autre PC
    Bon pour celui là, Combo-Fix c'est terminé sans casse je crois.
    Voilà le rapport:

    ComboFix 09-03-19.02 - sonia 2009-03-22 11:29:35.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.502.278 [GMT 1:00]
    Lancé depuis: c:\documents and settings\sonia\Bureau\C-fix.exe
    Commutateurs utilisés :: c:\documents and settings\sonia\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    AV: avast! antivirus 4.8.1229 [VPS 090321-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
    c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\ppcb_32.lnk
    c:\documents and settings\sonia\Menu Démarrer\Programmes\Démarrage\ppcbooster.lnk
    c:\windows\patch.exe
    c:\windows\system32\stera.log

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-22 au 2009-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-16 22:32 . 2009-03-16 22:32 <REP> d-------- c:\program files\eEye Digital Security
    2009-03-15 21:11 . 2009-03-15 21:11 <REP> d-------- c:\documents and settings\sonia\Application Data\Malwarebytes
    2009-03-15 21:10 . 2009-03-15 21:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-11 23:39 . 2009-03-11 23:39 <REP> d-------- c:\program files\CCleaner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 00:00 --------- d-----w c:\program files\Program Files
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
    2009-01-16 23:03 2,560 ----a-w c:\windows\_MSRSTRT.EXE
    2009-01-16 22:17 47,927 ----a-w c:\windows\BricoPackUninst.cmd
    2009-01-16 22:17 219,648 ----a-w c:\windows\system32\uxtheme.dll
    2009-01-16 22:17 2,150 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
    2009-01-16 09:13 3,084 ----a-w c:\documents and settings\sonia\Application Data\wklnhst.dat
    2009-01-10 13:16 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-08-25 17:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082520080826\index.dat
    .

    ------- Sigcheck -------

    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d c:\windows\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d c:\windows\ServicePackFiles\i386\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
    "{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
    2009-03-21 21:04 1883672 --a------ c:\program files\The_Pirate_Bay\tbThe0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
    2007-09-06 12:28 1453080 --a------ c:\program files\securedie\tbsecu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
    "{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe0.dll" [2009-03-21 1883672]
    "{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsecu.dll" [2007-09-06 1453080]

    [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-21 36864]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 68856]
    "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2009-01-28 300336]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\sonia\Menu D‚marrer\Programmes\D‚marrage\
    Pr‚sentation de Media Manager.lnk - c:\program files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-31 156672]
    Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]
    Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-21 196608]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "wave2"= rddv1044.dll
    "midi2"= rddv1044.dll
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]stera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57760:TCP"= 57760:TCP:Pando P2P TCP Listening Port
    "57760:UDP"= 57760:UDP:Pando P2P UDP Listening Port

    R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2005-07-06 9867]
    R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-07-06 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-07-06 78208]
    R2 MMIndexer;Indexer de Media Manager;c:\program files\Fichiers communs\Microsoft Shared\Media Manager\AIRSVCU.EXE [1997-07-31 137216]
    R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-01-28 8704]
    R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-01-28 4010]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-09-20 33792]
    S1 mailKmd;mailKmd; [x]
    S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-11 29744]
    S3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [2005-02-24 162176]
    S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> c:\progra~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
    S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;\??\c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS --> c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [?]
    S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2006-01-28 2343]
    S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2006-07-07 161422]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-12-05 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-12-05 85696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d1c0902-353e-11dd-b6df-0014a4532927}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a779bc9c-025e-11dd-b68e-0014a4532927}]
    \Shell\AutoRun\command - F:\EmDesk.exe
    \Shell\EmDesk\command - F:\EmDesk.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-WOOKIT - c:\progra~1\WANADOO\GestMaj.exe
    HKCU-Run-Orange Link - c:\progra~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe
    HKCU-Run-second load - c:\docume~1\sonia\APPLIC~1\IDOLSU~1\DrvWay.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-Microsoft Works Update Detection - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://lo.st/
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mWindow Title =
    uInternet Settings,ProxyOverride = localhost
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-22 11:46:44
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1331557266-1888346133-1591605675-1005\RemoteAccess\Profile\x *]
    "EnableAutodisconnect"=dword:00000001
    "EnableExitDisconnect"=dword:00000001
    "DisconnectIdleTime"=dword:00000014
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(556)
    c:\windows\system32\rddv1044.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    c:\acer\EMANAGER\ANBMSERV.EXE
    c:\program files\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\windows\SYSTEM32\PASTISVC.EXE
    c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
    c:\program files\Windows Live\Messenger\MsnMsgr.Exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-22 11:48:15 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-22 10:48:14

    Avant-CF: 14 907 146 240 octets libres
    Après-CF: 14,950,891,520 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    194 --- E O F --- 2009-03-21 22:36:43
    0
  • 1
  • 2