Pub CID

Résolu
turlup' -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,

quand je vais sur internet j'ai souvent des fenetres de pub CID... qui s'ouvrent.
j'ai lu plusieurs solutions ils disent de supprimer CID HELP que je n'ai pas et de supprimer le sponsor se msn+ que j'ai deja fais mais j'ai toujours ces pubs qui s'ouvrent...

si quelqu'un a une idée de solution

merci d'avance
Configuration: Windows XP
Firefox 3.0.6

14 réponses

  1. turlup'
     
    merci de s'occuper de mon cas ^^
    voila le rapport, j'espère que j'ai fait ce qu'il fallait (je ne connais pas ce hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:17:18, on 03/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SHIM LINK FREE BALL] C:\Documents and Settings\All Users\Application Data\hide cool shim link\TONS JUGS.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Owns Real] C:\DOCUME~1\DAPHNÉ\APPLIC~1\EXTRAT~1\Default bold anti.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    C'est bien ça ;)

    Tu as deux antivirus (Avast et AVG), ils risquent d'entrer en conflit... Il faut que tu désinstalles un des deux, je te conseille de te séparer d'Avast et de garder AVG.

    Pour le désinstaller, commence par désactiver en cliquant du droit sur l'icone d'Avast près de l'horloge et en cliquant sur "Arrêter la protection résidente".
    Ensuite, clique sur Menu démarrer --> Panneau de configuration --> Ajout/Suppression de programmes --> Désinstalle Avast! et fais redémarrer ton ordinateur.

    Sinon, les publicités CiD sont bien dues à une infection Lop/Swizzor visible sur le rapport, qui s'installe via les logiciels suivants notamment, en contrepartie de leur dite « gratuité » :

    • Le sponsor de Messenger Plus!
    • Bittorent
    • BitDownload
    • BitGrabber
    • NetPumper
    • BitRoll
    • TorrentQ
    • Torrent101

    Pour désinfecter ton ordinateur, il faut utiliser le programme LopS&D.

    • Désactive ton antivirus.
    • Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    • Double-clique dessus pour lancer l'installation
    • Double-clique sur le raccourci Lop S&D présent sur ton Bureau
    • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
    • Patiente jusqu'à la fin du scan
    • Poste le rapport généré
    • Réactive ton antivirus

    Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php

    0
    1. turlup'
       
      voila ce que ca donne


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
      BIOS : Ver 1.00PARTTBL1
      USER : Daphné ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.0 (Activated)
      Firewall : Norton Internet Worm Protection 2006 (Not Activated)
      C:\ (Local Disk) - FAT32 - Total:53 Go (Free:23 Go)
      D:\ (Local Disk) - FAT32 - Total:53 Go (Free:2 Go)
      E:\ (CD or DVD)
      G:\ (CD or DVD)
      H:\ (CD or DVD)
      I:\ (CD or DVD)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [1] ( 03/03/2009|19:19 )

      --------------------\\ Listing des dossiers dans APPLIC~1

      [15/04/2005|14:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [29/01/2008|00:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

      [03/10/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      [01/02/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [02/07/2007|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [02/02/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [11/04/2007|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
      [07/05/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
      [14/05/2007|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
      [02/02/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
      [11/03/2007|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [26/11/2007|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
      [23/03/2008|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link
      [15/04/2005|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [06/06/2007|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      [31/01/2007|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [25/06/2007|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [06/02/2009|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [09/06/2006|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [27/11/2007|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [03/02/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [24/02/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [07/05/2008|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
      [07/02/2009|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

      [15/04/2005|14:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      [15/04/2005|14:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [15/04/2005|14:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [15/04/2005|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

      [31/01/2007|20:34] C:\DOCUME~1\BRU\APPLIC~1\Adobe
      [31/01/2007|20:36] C:\DOCUME~1\BRU\APPLIC~1\AdobeUM
      [02/02/2007|20:55] C:\DOCUME~1\BRU\APPLIC~1\Apple Computer
      [11/04/2007|10:26] C:\DOCUME~1\BRU\APPLIC~1\Autodesk
      [07/05/2008|03:26] C:\DOCUME~1\BRU\APPLIC~1\AVGTOOLBAR
      [25/01/2008|16:52] C:\DOCUME~1\BRU\APPLIC~1\BSplayer
      [25/01/2008|16:52] C:\DOCUME~1\BRU\APPLIC~1\BSplayer Pro
      [14/05/2007|20:53] C:\DOCUME~1\BRU\APPLIC~1\CyberLink
      [06/02/2008|01:23] C:\DOCUME~1\BRU\APPLIC~1\DAEMON Tools
      [23/03/2008|00:36] C:\DOCUME~1\BRU\APPLIC~1\Extra thunk
      [11/03/2007|11:00] C:\DOCUME~1\BRU\APPLIC~1\Google
      [12/02/2008|12:34] C:\DOCUME~1\BRU\APPLIC~1\Hamachi
      [14/04/2007|09:38] C:\DOCUME~1\BRU\APPLIC~1\Help
      [15/04/2005|14:55] C:\DOCUME~1\BRU\APPLIC~1\Identities
      [31/01/2007|23:02] C:\DOCUME~1\BRU\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\BRU\APPLIC~1\Microsoft
      [11/03/2007|11:19] C:\DOCUME~1\BRU\APPLIC~1\Mozilla
      [03/02/2007|11:51] C:\DOCUME~1\BRU\APPLIC~1\OpenOffice.org2
      [27/11/2007|11:11] C:\DOCUME~1\BRU\APPLIC~1\PC Tools
      [04/02/2007|13:32] C:\DOCUME~1\BRU\APPLIC~1\SecuROM
      [25/06/2007|17:02] C:\DOCUME~1\BRU\APPLIC~1\Skype
      [04/10/2008|14:38] C:\DOCUME~1\BRU\APPLIC~1\skypePM
      [20/09/2007|18:44] C:\DOCUME~1\BRU\APPLIC~1\Sony Corporation
      [03/01/2008|22:48] C:\DOCUME~1\BRU\APPLIC~1\Sports Interactive
      [01/12/2007|13:02] C:\DOCUME~1\BRU\APPLIC~1\Sun
      [11/03/2007|11:19] C:\DOCUME~1\BRU\APPLIC~1\Talkback
      [01/03/2007|20:17] C:\DOCUME~1\BRU\APPLIC~1\U3
      [03/02/2007|10:36] C:\DOCUME~1\BRU\APPLIC~1\vlc

      [26/01/2009|19:50] C:\DOCUME~1\DAPHN\APPLIC~1\Adobe
      [28/01/2009|09:38] C:\DOCUME~1\DAPHN\APPLIC~1\AdobeUM
      [26/01/2009|17:54] C:\DOCUME~1\DAPHN\APPLIC~1\AVGTOOLBAR
      [26/01/2009|17:59] C:\DOCUME~1\DAPHN\APPLIC~1\Extra thunk
      [02/02/2009|09:48] C:\DOCUME~1\DAPHN\APPLIC~1\FaxCtr
      [26/01/2009|19:52] C:\DOCUME~1\DAPHN\APPLIC~1\Google
      [15/04/2005|14:55] C:\DOCUME~1\DAPHN\APPLIC~1\Identities
      [02/02/2009|09:13] C:\DOCUME~1\DAPHN\APPLIC~1\Lexmark Productivity Studio
      [29/01/2008|00:28] C:\DOCUME~1\DAPHN\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\DAPHN\APPLIC~1\Microsoft
      [26/01/2009|18:01] C:\DOCUME~1\DAPHN\APPLIC~1\Mozilla
      [04/02/2009|18:54] C:\DOCUME~1\DAPHN\APPLIC~1\MSNInstaller
      [14/02/2009|15:50] C:\DOCUME~1\DAPHN\APPLIC~1\Sun
      [26/01/2009|19:46] C:\DOCUME~1\DAPHN\APPLIC~1\Talkback
      [23/02/2009|19:59] C:\DOCUME~1\DAPHN\APPLIC~1\Thunderbird

      --------------------\\ Tâches planifiées dans %SystemRoot%\tasks

      [03/03/2009 19:05][--a------] C:\WINDOWS\tasks\Google Software Updater.job
      [03/03/2009 19:00][--ah-----] C:\WINDOWS\tasks\A7B8FD6D918B70F5.job
      [25/02/2009 16:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [03/03/2009 19:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Program Files

      [02/02/2009|09:03] C:\Program Files\Abbyy FineReader 6.0 Sprint
      [31/01/2007|18:05] C:\Program Files\Acer
      [09/06/2006|15:01] C:\Program Files\Acer Inc
      [15/02/2008|14:20] C:\Program Files\Activision
      [09/06/2006|15:06] C:\Program Files\Adobe
      [02/02/2009|09:43] C:\Program Files\Alwil Software
      [11/04/2007|10:31] C:\Program Files\AnswerWorks 4.0
      [11/03/2007|14:49] C:\Program Files\Apple Software Update
      [11/04/2007|10:26] C:\Program Files\AutoCAD 2006
      [11/04/2007|10:24] C:\Program Files\Autodesk
      [07/05/2008|03:26] C:\Program Files\AVG
      [19/07/2008|00:36] C:\Program Files\AviSynth 2.5
      [23/02/2009|20:54] C:\Program Files\CCleaner
      [15/04/2005|14:42] C:\Program Files\ComPlus Applications
      [31/01/2007|23:00] C:\Program Files\CyberLink
      [06/02/2008|01:23] C:\Program Files\DAEMON Tools Lite
      [03/03/2007|12:00] C:\Program Files\Design Explorer 99 SE
      [20/05/2007|20:16] C:\Program Files\Dictionnaire
      [15/04/2008|23:08] C:\Program Files\e-Games
      [31/01/2009|11:36] C:\Program Files\Extra thunk
      [15/04/2005|14:37] C:\Program Files\Fichiers communs
      [09/06/2006|17:16] C:\Program Files\FrenchOtto
      [09/06/2006|17:16] C:\Program Files\GemMasterFrench
      [11/03/2007|10:58] C:\Program Files\Google
      [17/07/2007|19:31] C:\Program Files\Guitar Pro 5
      [16/09/2008|18:15] C:\Program Files\Hamachi
      [09/06/2006|14:23] C:\Program Files\InstallShield Installation Information
      [09/06/2006|14:20] C:\Program Files\Intel
      [15/04/2005|14:44] C:\Program Files\Internet Explorer
      [02/02/2007|20:52] C:\Program Files\iPod
      [03/10/2008|18:13] C:\Program Files\iTunes
      [04/04/2007|18:17] C:\Program Files\Java
      [09/01/2008|23:42] C:\Program Files\JS USB Audio
      [31/01/2007|23:02] C:\Program Files\Launch Manager
      [11/03/2007|11:04] C:\Program Files\Lavasoft
      [02/02/2009|09:01] C:\Program Files\Lexmark 2500 Series
      [02/02/2009|09:04] C:\Program Files\Lexmark Fax Solutions
      [02/02/2009|09:04] C:\Program Files\Lexmark Toolbar
      [02/02/2009|09:12] C:\Program Files\Lx_cats
      [18/02/2007|11:06] C:\Program Files\Microchip
      [06/02/2009|20:29] C:\Program Files\Microsoft
      [07/06/2007|07:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [15/04/2005|14:47] C:\Program Files\microsoft frontpage
      [30/08/2007|21:49] C:\Program Files\Microsoft Games
      [11/04/2007|10:32] C:\Program Files\Microsoft Office
      [17/02/2009|11:30] C:\Program Files\Microsoft Office Outlook Connector
      [23/11/2007|15:23] C:\Program Files\Microsoft Visual Studio
      [23/11/2007|15:17] C:\Program Files\Microsoft Visual Studio 8
      [23/11/2007|15:25] C:\Program Files\Microsoft Works
      [23/11/2007|15:22] C:\Program Files\Microsoft.NET
      [15/04/2005|14:41] C:\Program Files\Movie Maker
      [06/02/2009|20:06] C:\Program Files\Mozilla Firefox
      [23/02/2009|20:22] C:\Program Files\Mozilla Thunderbird
      [23/11/2007|15:24] C:\Program Files\MSBuild
      [03/02/2007|19:08] C:\Program Files\MSXML 4.0
      [15/04/2005|14:44] C:\Program Files\NetMeeting
      [09/06/2006|15:01] C:\Program Files\NewTech Infosystems
      [09/06/2006|15:24] C:\Program Files\Norton AntiVirus
      [06/02/2008|02:36] C:\Program Files\Ocean Technology
      [15/04/2005|14:42] C:\Program Files\Online Services
      [03/02/2007|11:29] C:\Program Files\OpenOffice.org 2.1
      [15/04/2005|14:44] C:\Program Files\Outlook Express
      [22/03/2008|16:14] C:\Program Files\PopCap Games
      [03/10/2008|18:11] C:\Program Files\QuickTime
      [09/06/2006|14:23] C:\Program Files\Realtek
      [02/11/2007|17:23] C:\Program Files\scilab-4.1.2
      [15/04/2005|14:45] C:\Program Files\Services en ligne
      [16/03/2008|16:10] C:\Program Files\Sierra On-Line
      [20/09/2007|18:14] C:\Program Files\Sony
      [12/12/2007|16:21] C:\Program Files\SopCast
      [06/02/2009|14:46] C:\Program Files\Spybot - Search & Destroy
      [27/11/2007|11:11] C:\Program Files\Spyware Doctor
      [09/06/2006|15:23] C:\Program Files\Symantec
      [09/06/2006|14:23] C:\Program Files\Synaptics
      [03/03/2009|18:16] C:\Program Files\Trend Micro
      [15/04/2005|14:55] C:\Program Files\Uninstall Information
      [29/02/2008|18:53] C:\Program Files\Valve
      [03/02/2007|10:35] C:\Program Files\VideoLAN
      [25/01/2008|16:52] C:\Program Files\Webteh
      [06/02/2009|20:27] C:\Program Files\Windows Live
      [06/02/2009|20:28] C:\Program Files\Windows Live SkyDrive
      [25/03/2007|12:42] C:\Program Files\Windows Media Connect 2
      [15/04/2005|14:42] C:\Program Files\Windows Media Player
      [15/04/2005|14:41] C:\Program Files\Windows NT
      [15/04/2005|14:42] C:\Program Files\Windows Plus
      [15/04/2005|14:45] C:\Program Files\WindowsUpdate
      [31/01/2007|18:04] C:\Program Files\WinPCap
      [01/02/2007|00:55] C:\Program Files\WinRAR
      [15/04/2005|14:47] C:\Program Files\xerox
      [03/01/2008|22:41] C:\Program Files\Zero G Registry
      [07/02/2009|17:13] C:\Program Files\Zylom Games

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [31/01/2007|18:06] C:\Program Files\Fichiers communs\Acer
      [01/02/2009|18:55] C:\Program Files\Fichiers communs\Adobe
      [02/07/2007|22:47] C:\Program Files\Fichiers communs\Apple
      [11/04/2007|10:24] C:\Program Files\Fichiers communs\Autodesk Shared
      [11/04/2007|10:31] C:\Program Files\Fichiers communs\Designer
      [01/02/2007|01:38] C:\Program Files\Fichiers communs\DirectX
      [09/06/2006|14:23] C:\Program Files\Fichiers communs\InstallShield
      [04/04/2007|18:14] C:\Program Files\Fichiers communs\Java
      [31/01/2007|18:06] C:\Program Files\Fichiers communs\Logitech
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\Microsoft Shared
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\MSSoap
      [09/06/2006|15:02] C:\Program Files\Fichiers communs\muvee Technologies
      [09/06/2006|15:01] C:\Program Files\Fichiers communs\NewTech Infosystems
      [03/03/2007|12:00] C:\Program Files\Fichiers communs\Novell Shared
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\ODBC
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\Services
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\SpeechEngines
      [09/06/2006|15:23] C:\Program Files\Fichiers communs\Symantec Shared
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\System
      [06/02/2009|20:16] C:\Program Files\Fichiers communs\Windows Live
      [24/02/2008|20:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

      --------------------\\ Process

      ( 56 Processes )

      IEXPLORE.EXE ~ [PID:2172]
      IEXPLORE.EXE ~ [PID:2788]
      IEXPLORE.EXE ~ [PID:2820]

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\TONS JUGS.exe
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\TONS JUGS.dat

      --------------------\\ Verification du Registre

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SHIM LINK FREE BALL"="C:\\Documents and Settings\\All Users\\Application Data\\hide cool shim link\\TONS JUGS.exe"

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 10024 [ 70 ## added by CiD ]

      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-03 19:20:55
      Windows 5.1.2600 Service Pack 3 FAT NTAPI
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:9][D:1]-> C:\DOCUME~1\DAPHN\LOCALS~1\Temp
      [F:11][D:0]-> C:\DOCUME~1\DAPHN\Cookies
      [F:8][D:3]-> C:\DOCUME~1\DAPHN\LOCALS~1\TEMPOR~1\content.IE5
      [F:2][D:0]-> C:\Recycled

      1 - "C:\Lop SD\LopR_1.txt" - 03/03/2009|19:21 - Option : [1]

      --------------------\\ Fin du rapport a 19:21:22
      0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok !

    • Relance Lop S&D
    • Choisis cette fois-ci l'option 2 (Suppression)
    • Ne ferme pas la fenêtre lors de la suppression !
    • Poste le rapport généré (C:\lopR.txt)

    • Ensuite, télécharge RHosts (de S!Ri)
    • Double clique dessus pour l'exécuter
    • Clique sur "Restore original Hosts" (il ne se passe rien de visible, c'est normal)
    • Pour finir, fais redémarrer l'ordinateur.

    Poste un nouveau rapport hijackthis stp

    0
    1. turlup'
       
      alors voila apres l'etape 2 :


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
      BIOS : Ver 1.00PARTTBL1
      USER : Daphné ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.0 (Activated)
      Firewall : Norton Internet Worm Protection 2006 (Not Activated)
      C:\ (Local Disk) - FAT32 - Total:53 Go (Free:23 Go)
      D:\ (Local Disk) - FAT32 - Total:53 Go (Free:2 Go)
      E:\ (CD or DVD)
      G:\ (CD or DVD)
      H:\ (CD or DVD)
      I:\ (CD or DVD)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [2] ( 03/03/2009|20:21 )


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\TONS JUGS.exe
      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link\TONS JUGS.dat
      Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\hide cool shim link
      -
      [ Fichier Hosts ] .. Restaure!

      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      --------------------\\ Listing des dossiers dans APPLIC~1

      [15/04/2005|14:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [29/01/2008|00:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

      [03/10/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      [01/02/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [02/07/2007|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [02/02/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [11/04/2007|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
      [07/05/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
      [14/05/2007|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
      [02/02/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
      [11/03/2007|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [26/11/2007|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
      [15/04/2005|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [06/06/2007|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      [31/01/2007|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [25/06/2007|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [06/02/2009|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [09/06/2006|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [27/11/2007|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [03/02/2007|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [24/02/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [07/05/2008|00:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
      [07/02/2009|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

      [15/04/2005|14:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      [15/04/2005|14:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [15/04/2005|14:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [15/04/2005|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

      [31/01/2007|20:34] C:\DOCUME~1\BRU\APPLIC~1\Adobe
      [31/01/2007|20:36] C:\DOCUME~1\BRU\APPLIC~1\AdobeUM
      [02/02/2007|20:55] C:\DOCUME~1\BRU\APPLIC~1\Apple Computer
      [11/04/2007|10:26] C:\DOCUME~1\BRU\APPLIC~1\Autodesk
      [07/05/2008|03:26] C:\DOCUME~1\BRU\APPLIC~1\AVGTOOLBAR
      [25/01/2008|16:52] C:\DOCUME~1\BRU\APPLIC~1\BSplayer
      [25/01/2008|16:52] C:\DOCUME~1\BRU\APPLIC~1\BSplayer Pro
      [14/05/2007|20:53] C:\DOCUME~1\BRU\APPLIC~1\CyberLink
      [06/02/2008|01:23] C:\DOCUME~1\BRU\APPLIC~1\DAEMON Tools
      [23/03/2008|00:36] C:\DOCUME~1\BRU\APPLIC~1\Extra thunk
      [11/03/2007|11:00] C:\DOCUME~1\BRU\APPLIC~1\Google
      [12/02/2008|12:34] C:\DOCUME~1\BRU\APPLIC~1\Hamachi
      [14/04/2007|09:38] C:\DOCUME~1\BRU\APPLIC~1\Help
      [15/04/2005|14:55] C:\DOCUME~1\BRU\APPLIC~1\Identities
      [31/01/2007|23:02] C:\DOCUME~1\BRU\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\BRU\APPLIC~1\Microsoft
      [11/03/2007|11:19] C:\DOCUME~1\BRU\APPLIC~1\Mozilla
      [03/02/2007|11:51] C:\DOCUME~1\BRU\APPLIC~1\OpenOffice.org2
      [27/11/2007|11:11] C:\DOCUME~1\BRU\APPLIC~1\PC Tools
      [04/02/2007|13:32] C:\DOCUME~1\BRU\APPLIC~1\SecuROM
      [25/06/2007|17:02] C:\DOCUME~1\BRU\APPLIC~1\Skype
      [04/10/2008|14:38] C:\DOCUME~1\BRU\APPLIC~1\skypePM
      [20/09/2007|18:44] C:\DOCUME~1\BRU\APPLIC~1\Sony Corporation
      [03/01/2008|22:48] C:\DOCUME~1\BRU\APPLIC~1\Sports Interactive
      [01/12/2007|13:02] C:\DOCUME~1\BRU\APPLIC~1\Sun
      [11/03/2007|11:19] C:\DOCUME~1\BRU\APPLIC~1\Talkback
      [01/03/2007|20:17] C:\DOCUME~1\BRU\APPLIC~1\U3
      [03/02/2007|10:36] C:\DOCUME~1\BRU\APPLIC~1\vlc

      [26/01/2009|19:50] C:\DOCUME~1\DAPHN\APPLIC~1\Adobe
      [28/01/2009|09:38] C:\DOCUME~1\DAPHN\APPLIC~1\AdobeUM
      [26/01/2009|17:54] C:\DOCUME~1\DAPHN\APPLIC~1\AVGTOOLBAR
      [26/01/2009|17:59] C:\DOCUME~1\DAPHN\APPLIC~1\Extra thunk
      [02/02/2009|09:48] C:\DOCUME~1\DAPHN\APPLIC~1\FaxCtr
      [26/01/2009|19:52] C:\DOCUME~1\DAPHN\APPLIC~1\Google
      [15/04/2005|14:55] C:\DOCUME~1\DAPHN\APPLIC~1\Identities
      [02/02/2009|09:13] C:\DOCUME~1\DAPHN\APPLIC~1\Lexmark Productivity Studio
      [29/01/2008|00:28] C:\DOCUME~1\DAPHN\APPLIC~1\Macromedia
      [15/04/2005|14:36] C:\DOCUME~1\DAPHN\APPLIC~1\Microsoft
      [26/01/2009|18:01] C:\DOCUME~1\DAPHN\APPLIC~1\Mozilla
      [04/02/2009|18:54] C:\DOCUME~1\DAPHN\APPLIC~1\MSNInstaller
      [14/02/2009|15:50] C:\DOCUME~1\DAPHN\APPLIC~1\Sun
      [26/01/2009|19:46] C:\DOCUME~1\DAPHN\APPLIC~1\Talkback
      [23/02/2009|19:59] C:\DOCUME~1\DAPHN\APPLIC~1\Thunderbird

      --------------------\\ Tâches planifiées dans %SystemRoot%\tasks

      [03/03/2009 19:05][--a------] C:\WINDOWS\tasks\Google Software Updater.job
      [03/03/2009 20:00][--ah-----] C:\WINDOWS\tasks\A7B8FD6D918B70F5.job
      [25/02/2009 16:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [03/03/2009 19:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Program Files

      [02/02/2009|09:03] C:\Program Files\Abbyy FineReader 6.0 Sprint
      [31/01/2007|18:05] C:\Program Files\Acer
      [09/06/2006|15:01] C:\Program Files\Acer Inc
      [15/02/2008|14:20] C:\Program Files\Activision
      [09/06/2006|15:06] C:\Program Files\Adobe
      [02/02/2009|09:43] C:\Program Files\Alwil Software
      [11/04/2007|10:31] C:\Program Files\AnswerWorks 4.0
      [11/03/2007|14:49] C:\Program Files\Apple Software Update
      [11/04/2007|10:26] C:\Program Files\AutoCAD 2006
      [11/04/2007|10:24] C:\Program Files\Autodesk
      [07/05/2008|03:26] C:\Program Files\AVG
      [19/07/2008|00:36] C:\Program Files\AviSynth 2.5
      [23/02/2009|20:54] C:\Program Files\CCleaner
      [15/04/2005|14:42] C:\Program Files\ComPlus Applications
      [31/01/2007|23:00] C:\Program Files\CyberLink
      [06/02/2008|01:23] C:\Program Files\DAEMON Tools Lite
      [03/03/2007|12:00] C:\Program Files\Design Explorer 99 SE
      [20/05/2007|20:16] C:\Program Files\Dictionnaire
      [15/04/2008|23:08] C:\Program Files\e-Games
      [31/01/2009|11:36] C:\Program Files\Extra thunk
      [15/04/2005|14:37] C:\Program Files\Fichiers communs
      [09/06/2006|17:16] C:\Program Files\FrenchOtto
      [09/06/2006|17:16] C:\Program Files\GemMasterFrench
      [11/03/2007|10:58] C:\Program Files\Google
      [17/07/2007|19:31] C:\Program Files\Guitar Pro 5
      [16/09/2008|18:15] C:\Program Files\Hamachi
      [09/06/2006|14:23] C:\Program Files\InstallShield Installation Information
      [09/06/2006|14:20] C:\Program Files\Intel
      [15/04/2005|14:44] C:\Program Files\Internet Explorer
      [02/02/2007|20:52] C:\Program Files\iPod
      [03/10/2008|18:13] C:\Program Files\iTunes
      [04/04/2007|18:17] C:\Program Files\Java
      [09/01/2008|23:42] C:\Program Files\JS USB Audio
      [31/01/2007|23:02] C:\Program Files\Launch Manager
      [11/03/2007|11:04] C:\Program Files\Lavasoft
      [02/02/2009|09:01] C:\Program Files\Lexmark 2500 Series
      [02/02/2009|09:04] C:\Program Files\Lexmark Fax Solutions
      [02/02/2009|09:04] C:\Program Files\Lexmark Toolbar
      [02/02/2009|09:12] C:\Program Files\Lx_cats
      [18/02/2007|11:06] C:\Program Files\Microchip
      [06/02/2009|20:29] C:\Program Files\Microsoft
      [07/06/2007|07:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [15/04/2005|14:47] C:\Program Files\microsoft frontpage
      [30/08/2007|21:49] C:\Program Files\Microsoft Games
      [11/04/2007|10:32] C:\Program Files\Microsoft Office
      [17/02/2009|11:30] C:\Program Files\Microsoft Office Outlook Connector
      [23/11/2007|15:23] C:\Program Files\Microsoft Visual Studio
      [23/11/2007|15:17] C:\Program Files\Microsoft Visual Studio 8
      [23/11/2007|15:25] C:\Program Files\Microsoft Works
      [23/11/2007|15:22] C:\Program Files\Microsoft.NET
      [15/04/2005|14:41] C:\Program Files\Movie Maker
      [06/02/2009|20:06] C:\Program Files\Mozilla Firefox
      [23/02/2009|20:22] C:\Program Files\Mozilla Thunderbird
      [23/11/2007|15:24] C:\Program Files\MSBuild
      [03/02/2007|19:08] C:\Program Files\MSXML 4.0
      [15/04/2005|14:44] C:\Program Files\NetMeeting
      [09/06/2006|15:01] C:\Program Files\NewTech Infosystems
      [09/06/2006|15:24] C:\Program Files\Norton AntiVirus
      [06/02/2008|02:36] C:\Program Files\Ocean Technology
      [15/04/2005|14:42] C:\Program Files\Online Services
      [03/02/2007|11:29] C:\Program Files\OpenOffice.org 2.1
      [15/04/2005|14:44] C:\Program Files\Outlook Express
      [22/03/2008|16:14] C:\Program Files\PopCap Games
      [03/10/2008|18:11] C:\Program Files\QuickTime
      [09/06/2006|14:23] C:\Program Files\Realtek
      [02/11/2007|17:23] C:\Program Files\scilab-4.1.2
      [15/04/2005|14:45] C:\Program Files\Services en ligne
      [16/03/2008|16:10] C:\Program Files\Sierra On-Line
      [20/09/2007|18:14] C:\Program Files\Sony
      [12/12/2007|16:21] C:\Program Files\SopCast
      [06/02/2009|14:46] C:\Program Files\Spybot - Search & Destroy
      [27/11/2007|11:11] C:\Program Files\Spyware Doctor
      [09/06/2006|15:23] C:\Program Files\Symantec
      [09/06/2006|14:23] C:\Program Files\Synaptics
      [03/03/2009|18:16] C:\Program Files\Trend Micro
      [15/04/2005|14:55] C:\Program Files\Uninstall Information
      [29/02/2008|18:53] C:\Program Files\Valve
      [03/02/2007|10:35] C:\Program Files\VideoLAN
      [25/01/2008|16:52] C:\Program Files\Webteh
      [06/02/2009|20:27] C:\Program Files\Windows Live
      [06/02/2009|20:28] C:\Program Files\Windows Live SkyDrive
      [25/03/2007|12:42] C:\Program Files\Windows Media Connect 2
      [15/04/2005|14:42] C:\Program Files\Windows Media Player
      [15/04/2005|14:41] C:\Program Files\Windows NT
      [15/04/2005|14:42] C:\Program Files\Windows Plus
      [15/04/2005|14:45] C:\Program Files\WindowsUpdate
      [31/01/2007|18:04] C:\Program Files\WinPCap
      [01/02/2007|00:55] C:\Program Files\WinRAR
      [15/04/2005|14:47] C:\Program Files\xerox
      [03/01/2008|22:41] C:\Program Files\Zero G Registry
      [07/02/2009|17:13] C:\Program Files\Zylom Games

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [31/01/2007|18:06] C:\Program Files\Fichiers communs\Acer
      [01/02/2009|18:55] C:\Program Files\Fichiers communs\Adobe
      [02/07/2007|22:47] C:\Program Files\Fichiers communs\Apple
      [11/04/2007|10:24] C:\Program Files\Fichiers communs\Autodesk Shared
      [11/04/2007|10:31] C:\Program Files\Fichiers communs\Designer
      [01/02/2007|01:38] C:\Program Files\Fichiers communs\DirectX
      [09/06/2006|14:23] C:\Program Files\Fichiers communs\InstallShield
      [04/04/2007|18:14] C:\Program Files\Fichiers communs\Java
      [31/01/2007|18:06] C:\Program Files\Fichiers communs\Logitech
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\Microsoft Shared
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\MSSoap
      [09/06/2006|15:02] C:\Program Files\Fichiers communs\muvee Technologies
      [09/06/2006|15:01] C:\Program Files\Fichiers communs\NewTech Infosystems
      [03/03/2007|12:00] C:\Program Files\Fichiers communs\Novell Shared
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\ODBC
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\Services
      [15/04/2005|14:37] C:\Program Files\Fichiers communs\SpeechEngines
      [09/06/2006|15:23] C:\Program Files\Fichiers communs\Symantec Shared
      [15/04/2005|14:44] C:\Program Files\Fichiers communs\System
      [06/02/2009|20:16] C:\Program Files\Fichiers communs\Windows Live
      [24/02/2008|20:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

      --------------------\\ Process

      ( 52 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 10024 [ 70 ## added by CiD ]

      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-03 20:23:25
      Windows 5.1.2600 Service Pack 3 FAT NTAPI
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:7][D:2]-> C:\DOCUME~1\DAPHN\LOCALS~1\Temp
      [F:11][D:0]-> C:\DOCUME~1\DAPHN\Cookies
      [F:16][D:4]-> C:\DOCUME~1\DAPHN\LOCALS~1\TEMPOR~1\content.IE5
      [F:2][D:0]-> C:\Recycled

      1 - "C:\Lop SD\LopR_1.txt" - 03/03/2009|19:21 - Option : [1]
      2 - "C:\Lop SD\LopR_2.txt" - 03/03/2009|20:23 - Option : [2]

      --------------------\\ Fin du rapport a 20:23:52
      0
    2. turlup'
       
      et le hijackthis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:47:12, on 03/03/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2500 Series\lxddmon.exe
      C:\Program Files\Lexmark 2500 Series\lxddamon.exe
      C:\WINDOWS\system32\lxddcoms.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
      O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Owns Real] C:\DOCUME~1\DAPHNÉ\APPLIC~1\EXTRAT~1\Default bold anti.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
      O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ---------------------------------------- [ ! ATTENTION ! ] -------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit du TeaTimer de Spybot (Lance Spybot → clique sur Mode → coche Mode avancé → Outils → Résident → décoche la case Résident Tea Timer → ferme Spybot) et d'AVG

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  6. turlup'
     
    comment je fais pour enlever mon pare feu?... et est ce qu'il faut que je me déconnecte d'internet (se déconecter + couper wifi?)

    j'attends la réponse au cas ou.

    merci
    0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu n'as apparemment pas de pare-feu, à part celui de Windows. Si c'est le cas, ce n'est pas nécessaire de le désactiver.

    Tu n'as pas besoin de désactiver ta connection.

    0
    1. turlup'
       
      voila le rapport de Cfix :

      ComboFix 09-03-04.01 - Daphné 2009-03-05 13:06:04.2 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.541 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Daphné\Bureau\C-Fix.exe
      AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
      FW: Norton Internet Worm Protection *disabled*
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Exécution préalable -------
      .
      c:\windows\system32\drivers\npf.sys
      c:\windows\system32\packet.dll
      c:\windows\system32\pthreadVC.dll
      c:\windows\system32\WanPacket.dll
      c:\windows\system32\wpcap.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_NPF


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-05 au 2009-03-05 ))))))))))))))))))))))))))))))))))))
      .

      2009-03-03 19:18 . 2009-03-03 19:18 <REP> d-------- C:\Lop SD
      2009-03-03 18:16 . 2009-03-03 18:16 <REP> d-------- c:\program files\Trend Micro
      2009-02-23 20:54 . 2009-02-23 20:54 <REP> d-------- c:\program files\CCleaner
      2009-02-23 19:59 . 2009-02-23 19:59 <REP> d-------- c:\documents and settings\Daphné\Application Data\Thunderbird
      2009-02-17 11:30 . 2009-02-17 11:30 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
      2009-02-07 17:13 . 2009-02-07 17:13 <REP> d-------- c:\program files\Zylom Games
      2009-02-07 17:13 . 2009-02-07 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
      2009-02-06 20:46 . 2009-02-06 20:47 <REP> d-------- c:\documents and settings\Daphné\Tracing
      2009-02-06 20:46 . 2009-02-06 20:47 <REP> d-------- c:\documents and settings\Daphné\Tracing
      2009-02-06 20:29 . 2009-02-06 20:29 <REP> d-------- c:\program files\Microsoft
      2009-02-06 20:28 . 2009-02-06 20:28 <REP> d-------- c:\program files\Windows Live SkyDrive
      2009-02-06 20:27 . 2009-02-06 20:27 <REP> d-------- c:\program files\Windows Live
      2009-02-06 20:16 . 2009-02-06 20:16 <REP> d-------- c:\program files\Fichiers communs\Windows Live
      2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
      2009-02-06 14:46 . 2009-02-06 14:46 <REP> d-------- c:\program files\Spybot - Search & Destroy
      2009-02-06 14:46 . 2009-02-06 14:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-04 18:37 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
      2009-03-04 18:37 10,520 ----a-w c:\windows\system32\avgrsstx.dll
      2009-02-04 17:54 --------- d-----w c:\documents and settings\Daphné\Application Data\MSNInstaller
      2009-02-02 08:48 --------- d-----w c:\documents and settings\Daphné\Application Data\FaxCtr
      2009-02-02 08:43 --------- d-----w c:\program files\Alwil Software
      2009-02-02 08:13 --------- d-----w c:\documents and settings\Daphné\Application Data\Lexmark Productivity Studio
      2009-02-02 08:12 --------- d-----w c:\program files\Lx_cats
      2009-02-02 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
      2009-02-02 08:04 --------- d-----w c:\program files\Lexmark Toolbar
      2009-02-02 08:04 --------- d-----w c:\program files\Lexmark Fax Solutions
      2009-02-02 08:03 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
      2009-02-02 08:01 --------- d-----w c:\program files\Lexmark 2500 Series
      2009-02-01 17:55 --------- d-----w c:\program files\Fichiers communs\Adobe
      2009-01-31 10:36 --------- d-----w c:\program files\Extra thunk
      2009-01-28 08:47 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys
      2009-01-28 08:47 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys
      2009-01-28 08:47 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
      2009-01-28 08:38 --------- d-----w c:\documents and settings\Daphné\Application Data\AdobeUM
      2009-01-26 18:46 --------- d-----w c:\documents and settings\Daphné\Application Data\Talkback
      2009-01-26 16:59 --------- d-----w c:\documents and settings\Daphné\Application Data\Extra thunk
      2009-01-26 16:54 --------- d-----w c:\documents and settings\Daphné\Application Data\AVGTOOLBAR
      2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
      2008-12-20 21:47 826,368 ----a-w c:\windows\system32\wininet.dll
      2008-12-20 21:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
      2008-12-20 21:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
      2008-12-20 21:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
      2008-12-20 21:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
      2008-12-20 21:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
      2008-12-20 21:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
      2008-12-20 21:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
      2008-12-20 21:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
      2008-12-20 21:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
      2008-12-19 08:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
      2008-12-19 08:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
      2008-12-19 04:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
      2008-12-19 04:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
      2008-12-11 09:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
      2008-10-04 13:38 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
      2008-02-15 13:27 22,328 ----a-w c:\documents and settings\Bru\Application Data\PnkBstrK.sys
      2007-01-31 16:41 251 ----a-w c:\program files\wt3d.ini
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-03-04_20.52.27.48 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-03-05 11:51:42 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_54c.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "Owns Real"="c:\docume~1\DAPHNÉ\APPLIC~1\EXTRAT~1\Default bold anti.exe" [2009-01-31 663552]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
      "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376]
      "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-04 1601304]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
      "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-01-28 1168264]
      "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
      "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
      "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\AGRSMMSG.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\Rthdcpl.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
      "CmUsbSound"="cmcnfgu.cpl" [BU]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]

      c:\documents and settings\Bru\Menu D‚marrer\Programmes\D‚marrage\
      Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-20 344064]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-03-04 19:37 10520 c:\windows\system32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "SENTINEL"= snti386.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
      backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
      backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
      backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
      backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
      c:\program files\AdVantage\AdVantage.exe [BU]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
      --a------ 2006-03-15 22:12 579584 c:\acer\Empowering Technology\ePower\Boot.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
      c:\program files\Fichiers communs\Symantec Shared\ccApp.exe [BU]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
      --a------ 2006-03-30 18:47 421888 c:\acer\Empowering Technology\ePower\ePower_DMC.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
      --a------ 2008-04-27 19:48 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHIM LINK FREE BALL]
      c:\documents and settings\All Users\Application Data\hide cool shim link\idol kind.exe [BU]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-07-23 15:05 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "gusvc"=2 (0x2)
      "GoogleDesktopManager-022208-143751"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\WINDOWS\\System32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\System32\\PnkBstrB.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\WINDOWS\\System32\\lxddcoms.exe"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddPSWX.EXE"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDDtime.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
      "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "135:TCP"= 135:TCP:TCP Port 135
      "5000:TCP"= 5000:TCP:TCP Port 5000
      "5001:TCP"= 5001:TCP:TCP Port 5001
      "5002:TCP"= 5002:TCP:TCP Port 5002
      "5003:TCP"= 5003:TCP:TCP Port 5003
      "5004:TCP"= 5004:TCP:TCP Port 5004
      "5005:TCP"= 5005:TCP:TCP Port 5005
      "5006:TCP"= 5006:TCP:TCP Port 5006
      "5007:TCP"= 5007:TCP:TCP Port 5007
      "5008:TCP"= 5008:TCP:TCP Port 5008
      "5009:TCP"= 5009:TCP:TCP Port 5009
      "5010:TCP"= 5010:TCP:TCP Port 5010
      "5011:TCP"= 5011:TCP:TCP Port 5011
      "5012:TCP"= 5012:TCP:TCP Port 5012
      "5013:TCP"= 5013:TCP:TCP Port 5013
      "5014:TCP"= 5014:TCP:TCP Port 5014
      "5015:TCP"= 5015:TCP:TCP Port 5015
      "5016:TCP"= 5016:TCP:TCP Port 5016
      "5017:TCP"= 5017:TCP:TCP Port 5017
      "5018:TCP"= 5018:TCP:TCP Port 5018
      "5019:TCP"= 5019:TCP:TCP Port 5019
      "5020:TCP"= 5020:TCP:TCP Port 5020

      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-07 325128]
      R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2007-01-31 9867]
      R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 298264]
      R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2007-01-31 4096]
      R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2007-01-31 78208]
      R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
      R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-16 356920]
      R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-11-17 1097728]
      S1 mailKmd;mailKmd; [x]
      S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
      S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-02-02 99248]
      S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\ftdibus.sys [2008-05-12 47249]
      S3 AWUsb;AWUsb;c:\windows\system32\drivers\awusb.sys [2008-05-08 17964]
      S3 AWUsbInit;AWUsbInit;c:\windows\system32\drivers\awusbini.sys [2008-05-08 17384]
      S3 bDMusicb;bDMusicb;\??\c:\docume~1\Bru\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Bru\LOCALS~1\Temp\bDMusicb.sys [?]
      S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\drivers\PMUSB.sys [2008-10-02 18944]
      S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-27 29744]

      --- Autres Services/Pilotes en mémoire ---

      *Deregistered* - mchInjDrv
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2009-03-05 c:\windows\Tasks\A7B8FD6D918B70F5.job
      - c:\docume~1\daphn []

      2009-03-05 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 17:49]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://google.fr/
      uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
      uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\Daphné\Application Data\Mozilla\Firefox\Profiles\t4kayp6o.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: keyword.URL - chrome://google-partner/locale/partner.properties
      FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
      FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-05 13:08:53
      Windows 5.1.2600 Service Pack 3 FAT NTAPI

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      Heure de fin: 2009-03-05 13:10:18
      ComboFix-quarantined-files.txt 2009-03-05 12:10:16

      Avant-CF: 26,892,337,152 octets libres
      Après-CF: 26,872,938,496 octets libres

      271 --- E O F --- 2009-02-25 20:58:53




      est ce qu'il faut que je refasse un hijackthis ou c'est bon?
      0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour turlup, il n'est pas transposable sur un autre ordinateur !

    • Télécharge ce dossier turlup.zip
    • Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
    • Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

    • Désactive tes logiciels de protection
    • Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
    1. turlup'
       
      voila le rapport


      ComboFix 09-03-04.01 - Daphné 2009-03-05 17:18:29.3 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.546 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Daphné\Bureau\C-Fix.exe
      Commutateurs utilisés :: c:\documents and settings\Daphné\Bureau\CFScript.txt
      AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
      FW: Norton Internet Worm Protection *disabled*
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Daphné\Application Data\Extra thunk
      c:\documents and settings\Daphné\Application Data\Extra thunk\[u]0[/u]
      c:\documents and settings\Daphné\Application Data\Extra thunk\Ball Admin Film.exe
      c:\documents and settings\Daphné\Application Data\Extra thunk\Default bold anti.exe
      c:\documents and settings\Daphné\Application Data\Extra thunk\Eq Comp Safe Load.exe
      c:\documents and settings\Daphné\Application Data\Extra thunk\mmnsllfj.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_mailKmd


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-05 au 2009-03-05 ))))))))))))))))))))))))))))))))))))
      .

      2009-03-03 19:18 . 2009-03-03 19:18 <REP> d-------- C:\Lop SD
      2009-03-03 18:16 . 2009-03-03 18:16 <REP> d-------- c:\program files\Trend Micro
      2009-02-23 20:54 . 2009-02-23 20:54 <REP> d-------- c:\program files\CCleaner
      2009-02-23 19:59 . 2009-02-23 19:59 <REP> d-------- c:\documents and settings\Daphné\Application Data\Thunderbird
      2009-02-17 11:30 . 2009-02-17 11:30 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
      2009-02-07 17:13 . 2009-02-07 17:13 <REP> d-------- c:\program files\Zylom Games
      2009-02-07 17:13 . 2009-02-07 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
      2009-02-06 20:46 . 2009-02-06 20:47 <REP> d-------- c:\documents and settings\Daphné\Tracing
      2009-02-06 20:46 . 2009-02-06 20:47 <REP> d-------- c:\documents and settings\Daphné\Tracing
      2009-02-06 20:29 . 2009-02-06 20:29 <REP> d-------- c:\program files\Microsoft
      2009-02-06 20:28 . 2009-02-06 20:28 <REP> d-------- c:\program files\Windows Live SkyDrive
      2009-02-06 20:27 . 2009-02-06 20:27 <REP> d-------- c:\program files\Windows Live
      2009-02-06 20:16 . 2009-02-06 20:16 <REP> d-------- c:\program files\Fichiers communs\Windows Live
      2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
      2009-02-06 14:46 . 2009-02-06 14:46 <REP> d-------- c:\program files\Spybot - Search & Destroy
      2009-02-06 14:46 . 2009-02-06 14:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-04 18:37 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
      2009-03-04 18:37 10,520 ----a-w c:\windows\system32\avgrsstx.dll
      2009-02-04 17:54 --------- d-----w c:\documents and settings\Daphné\Application Data\MSNInstaller
      2009-02-02 08:48 --------- d-----w c:\documents and settings\Daphné\Application Data\FaxCtr
      2009-02-02 08:43 --------- d-----w c:\program files\Alwil Software
      2009-02-02 08:13 --------- d-----w c:\documents and settings\Daphné\Application Data\Lexmark Productivity Studio
      2009-02-02 08:12 --------- d-----w c:\program files\Lx_cats
      2009-02-02 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
      2009-02-02 08:04 --------- d-----w c:\program files\Lexmark Toolbar
      2009-02-02 08:04 --------- d-----w c:\program files\Lexmark Fax Solutions
      2009-02-02 08:03 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
      2009-02-02 08:01 --------- d-----w c:\program files\Lexmark 2500 Series
      2009-02-01 17:55 --------- d-----w c:\program files\Fichiers communs\Adobe
      2009-01-31 10:36 --------- d-----w c:\program files\Extra thunk
      2009-01-28 08:47 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys
      2009-01-28 08:47 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys
      2009-01-28 08:47 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
      2009-01-28 08:38 --------- d-----w c:\documents and settings\Daphné\Application Data\AdobeUM
      2009-01-26 18:46 --------- d-----w c:\documents and settings\Daphné\Application Data\Talkback
      2009-01-26 16:54 --------- d-----w c:\documents and settings\Daphné\Application Data\AVGTOOLBAR
      2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
      2008-12-20 21:47 826,368 ----a-w c:\windows\system32\wininet.dll
      2008-12-20 21:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
      2008-12-20 21:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
      2008-12-20 21:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
      2008-12-20 21:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
      2008-12-20 21:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
      2008-12-20 21:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
      2008-12-20 21:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
      2008-12-20 21:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
      2008-12-20 21:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
      2008-12-19 08:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
      2008-12-19 08:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
      2008-12-19 04:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
      2008-12-19 04:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
      2008-12-11 09:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
      2008-10-04 13:38 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
      2008-02-15 13:27 22,328 ----a-w c:\documents and settings\Bru\Application Data\PnkBstrK.sys
      2007-01-31 16:41 251 ----a-w c:\program files\wt3d.ini
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-03-04_20.52.27.48 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-03-05 16:22:56 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_588.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
      "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376]
      "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-04 1601304]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
      "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-01-28 1168264]
      "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
      "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
      "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\AGRSMMSG.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\Rthdcpl.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
      "CmUsbSound"="cmcnfgu.cpl" [BU]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]

      c:\documents and settings\Bru\Menu D‚marrer\Programmes\D‚marrage\
      Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-20 344064]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-03-04 19:37 10520 c:\windows\system32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "SENTINEL"= snti386.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
      backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
      backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
      backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
      backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
      --a------ 2006-03-15 22:12 579584 c:\acer\Empowering Technology\ePower\Boot.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
      c:\program files\Fichiers communs\Symantec Shared\ccApp.exe [BU]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
      --a------ 2006-03-30 18:47 421888 c:\acer\Empowering Technology\ePower\ePower_DMC.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
      --a------ 2008-04-27 19:48 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-07-23 15:05 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "gusvc"=2 (0x2)
      "GoogleDesktopManager-022208-143751"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\WINDOWS\\System32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\System32\\PnkBstrB.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\WINDOWS\\System32\\lxddcoms.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
      "c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddPSWX.EXE"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
      "c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDDtime.exe"=
      "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "135:TCP"= 135:TCP:TCP Port 135
      "5000:TCP"= 5000:TCP:TCP Port 5000
      "5001:TCP"= 5001:TCP:TCP Port 5001
      "5002:TCP"= 5002:TCP:TCP Port 5002
      "5003:TCP"= 5003:TCP:TCP Port 5003
      "5004:TCP"= 5004:TCP:TCP Port 5004
      "5005:TCP"= 5005:TCP:TCP Port 5005
      "5006:TCP"= 5006:TCP:TCP Port 5006
      "5007:TCP"= 5007:TCP:TCP Port 5007
      "5008:TCP"= 5008:TCP:TCP Port 5008
      "5009:TCP"= 5009:TCP:TCP Port 5009
      "5010:TCP"= 5010:TCP:TCP Port 5010
      "5011:TCP"= 5011:TCP:TCP Port 5011
      "5012:TCP"= 5012:TCP:TCP Port 5012
      "5013:TCP"= 5013:TCP:TCP Port 5013
      "5014:TCP"= 5014:TCP:TCP Port 5014
      "5015:TCP"= 5015:TCP:TCP Port 5015
      "5016:TCP"= 5016:TCP:TCP Port 5016
      "5017:TCP"= 5017:TCP:TCP Port 5017
      "5018:TCP"= 5018:TCP:TCP Port 5018
      "5019:TCP"= 5019:TCP:TCP Port 5019
      "5020:TCP"= 5020:TCP:TCP Port 5020

      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-07 325128]
      R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2007-01-31 9867]
      R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 298264]
      R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2007-01-31 4096]
      R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2007-01-31 78208]
      R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
      R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-16 356920]
      R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-11-17 1097728]
      S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
      S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-02-02 99248]
      S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\ftdibus.sys [2008-05-12 47249]
      S3 AWUsb;AWUsb;c:\windows\system32\drivers\awusb.sys [2008-05-08 17964]
      S3 AWUsbInit;AWUsbInit;c:\windows\system32\drivers\awusbini.sys [2008-05-08 17384]
      S3 bDMusicb;bDMusicb;\??\c:\docume~1\Bru\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Bru\LOCALS~1\Temp\bDMusicb.sys [?]
      S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\drivers\PMUSB.sys [2008-10-02 18944]
      S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-27 29744]

      --- Autres Services/Pilotes en mémoire ---

      *Deregistered* - mchInjDrv
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

      2009-03-05 c:\windows\Tasks\A7B8FD6D918B70F5.job
      - c:\docume~1\daphn []

      2009-03-05 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 17:49]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://google.fr/
      uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
      uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\Daphné\Application Data\Mozilla\Firefox\Profiles\t4kayp6o.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: keyword.URL - chrome://google-partner/locale/partner.properties
      FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
      FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
      FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-05 17:24:17
      Windows 5.1.2600 Service Pack 3 FAT NTAPI

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE
      c:\windows\SYSTEM32\RUNDLL32.EXE
      c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
      c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
      c:\program files\AVG\AVG8\AVGWDSVC.EXE
      c:\windows\SYSTEM32\CRYPSERV.EXE
      c:\windows\SYSTEM32\LXDDCOMS.EXE
      c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
      c:\windows\SYSTEM32\NVSVC32.EXE
      c:\windows\SYSTEM32\PNKBSTRA.EXE
      c:\program files\SPYWARE DOCTOR\PCTSSVC.EXE
      c:\program files\AVG\AVG8\AVGRSX.EXE
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\windows\ehome\mcrdsvc.exe
      c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
      c:\program files\iPod\bin\iPodService.exe
      c:\windows\system32\wbem\unsecapp.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-03-05 17:27:43 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-03-05 16:27:40
      ComboFix2.txt 2009-03-05 12:10:20

      Avant-CF: 26 689 896 448 octets libres
      Après-CF: 26,729,938,944 octets libres

      288 --- E O F --- 2009-02-25 20:58:53
      0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu ne devrais plus avoir de pub CiD à partir de maintenant ;)

    Poste un nouveau rapport hijackthis pour que je puisse vérifier et te proposer une dernière chose.

    0
  10. turlup'
     
    voila voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:37:17, on 05/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    0
  11. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Très bien, ton ordinateur n'est plus infecté !

    Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).

    1) Sécurise ton ordinateur

    • Anti-spyware :
    * Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement (« Updates »), tous les 15 jours environ, et activer toutes les protections (« Enable all protection »). Les vaccinations de Spybot sont aussi utiles, dans le même genre.
    * En complément, garde MalwareBytes pour son scan de nettoyage performant.

    • Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox avec deux extensions :
    AdBlockPlus pour bloquer les publicités ;
    WOT, pour t'avertir des sites web dangereux.

    • Java n'est pas à jour, c'est une faille de sécurité.
    Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
    Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

    • Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.

    2) Relance Hijackthis (pour la dernière fois), choisis "scan system only" et coche les lignes suivantes qui sont inutiles :

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, cette ligne devrait apparaitre, tu peux la cocher : O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    Coche également toutes les lignes commençant par 016

    Ensuite, clique sur "Fix checked"

    4) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
    Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
    Tu peux aussi supprimer les fichiers temporaires.
    Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
    S'il ne supprime pas tout, supprime manuellement ce qui reste.

    5) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

    Lance CCleaner
    Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
    Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
    Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

    (Tu peux garder ce logiciel et l'utiliser régulièrement).

    6) Pour finir le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés).

    • Fais un clic droit sur poste de travail (qui est sur ton Bureau ou dans le menu démarrer), puis propriétés.
    • Sélectionne l'onglet restauration du système
    • Coche l'option Désactiver la restauration du système sur tous les lecteurs
    • Clique sur OK.

    Puis refais la manipulation inverse pour réactiver la restauration système.

    7) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
    Prévention et sécurité sur internet

    Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
    0
    1. turlup'
       
      je voudrai juste savoir, j'ai spyware Doctor, vaut il mieux que je le desinstalle pour prendre ce que tu me conseilles : Spyware Blaster ou alors est ce que ca n'a rien a voir et il faut les 2 ?

      ensuite autre question, depuis hier on me dit que pour AVG ma connexion a un probleme alors que non... j'ai internet et pas de robleme. j'ai essayé de faire une misa a niveau mais ca ne change rien

      dernière question (promis apres j'arrete ^^) a chaque fois que je veut eteindre mon pc j'ai un message d'erreur pour internet explorer (je ne l'utilise pas, j'utilise uniquement firefox) comment ca se fait?

      merci d'avance et merci pour tout le reste
      0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Spyware Blaster ne fait qu'une vaccination, il ne sert pas à scanner.

    A l'inverse, Spyware Doctor ne protège pas, il ne fait que scanner il me semble. MalwareBytes fait la même chose en mieux, à toi de voir si tu souhaites garder Spyware Doctor ou pas.

    Concernant le problème d'AVG, essaye de regarder les réglages dans les options d'AVG... Sinon tente une désinstallation/réinstallation.

    Enfin pour ton dernier problème, quel est le message qui apparait ?

    0
    1. turlup'
       
      ba du coup j'ai enlever spyware doctor mais faut -il que je garde spyboth ou justement non?
      sinon, c'est bon, j'ai reussi a remettre AVG
      et pour internet le message n'apparait as a chaque fois mais j'ai souvent la fenetre avec le programme qui ne répond pas et donc une barre verte qui progresse avec arret en cours. mais pourtant je n'utilise pas internet explorer, juste firefox (ca a un lien ou du tout?)

      en tout cas merci pour ton aide, je n'ai plus du tout de CID =) j'ai lu le dossier avec les conseils, merci encore!!
      0
  13. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu peux garder Spybot, ses vaccinations sont complémentaires de celles de Spyware Blaster.

    Internet Explorer fait partie du système, il est parfois utilisé pour certaines choses mais bon... En tout cas ce message n'a pas de rapport avec Firefox, et je ne vois pas trop pourquoi il apparait :-S
    0
    1. turlup'
       
      ok.

      merci pour tout !!
      si jamais j'ai un problème, je sais sur quel site venir ^^
      0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    De rien ;)

    Bonne continuation !
    0