Sujet Précédent Sujet Suivant

Win 32 trojan gen

Résolu/Fermé
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 - 23 mai 2009 à 01:27
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 8 juin 2009 à 00:41
Bonsoir a tous
je vous poste ce message d'un ordinateur d'un ami qui lui pose probleme avec infection de virus dénommé win32.trojan_gen et win32.agent.ext.
j'ai telechargé hijackthis et fais un scan de l'ordi.
je vous poste le rapport.

merci d'avance a toutes les personnes qui pourrons m'aider

******************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:56, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEDE.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S8F25.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

End of file - 12283 bytes
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
23 mai 2009 à 01:30
Bonsoir,


Il y a une barre d'outil néfaste sur cet ordinateur (Kiwee Toolbar)...
Pour éviter ce genre d'infection, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Fais un clic-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu' Administrateur"
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis l'option 2 (Suppression). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

0
Réponse 2 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 01:40
merci a toi de m'avoir repondu aussi vite
en fait j'ai posté ma question a 22h35 mais sur une discussion qui datait de 2005 donc j'ai fait un copier /coller sur le forum si je m'en été aperçu avant enfin bref.....
je me reconnecte demain chez l'ami en question en suivant tes instructions et je me permettrai de te recontacter
merci encore
0
Réponse 3 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
23 mai 2009 à 02:01
D'accord ;)


J'ai modifié légèrement mon message précédent, et je te donne tout de suite un logiciel que tu pourras utiliser après ToolbarS&D :


• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp



Ensuite, redémarre et poste un nouveau rapport hijackthis


( J'indique un maximum de choses d'un coup pour éviter de perdre trop de temps, étant donné que je ne serai peut-être pas connecté au moment où tu seras chez ton ami et vice versa )

0
Réponse 4 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 02:42
si demain on n'est pas connecté en meme temps ce n'est pas un souci avec les infos que tu m'as donné j'ai de quoi m'occuper!!!!!! merci encore et bonne nuit
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 22:42
Bonsoir anthony 5151
je te poste le rapport de scan de toolbar et je me mets sur la suite avec le telechargement de malwarebyte's.
je te renverrai le rapport juste apres .merci encore




******************************************
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : mayron ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:102 Go)
D:\ (USB)
E:\ (USB)
F:\ (Local Disk) - NTFS - Total:142 Go (Free:142 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 23/05/2009|16:16 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\ProgramData\Kiwee Toolbar
C:\ProgramData\Kiwee Toolbar\config
C:\ProgramData\Kiwee Toolbar\images
C:\ProgramData\Kiwee Toolbar\config\content_a.xml
C:\ProgramData\Kiwee Toolbar\config\content_ie.xml
C:\ProgramData\Kiwee Toolbar\config\content_m.xml
C:\ProgramData\Kiwee Toolbar\config\content_y.xml
C:\ProgramData\Kiwee Toolbar\config\logger.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIE.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_a.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_m.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_y.xml
C:\ProgramData\Kiwee Toolbar\images\allow.bmp
C:\ProgramData\Kiwee Toolbar\images\block.bmp
C:\ProgramData\Kiwee Toolbar\images\dontsend.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarstextrollover.bmp
C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX16.ico
C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX48.ico
C:\ProgramData\Kiwee Toolbar\images\send.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_eg.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_emoticons.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_eyeglass.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_gear.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_images.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_kiwee.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_msnlogo.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_news.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_text.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_videos.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_webshots.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_winks.bmp
C:\ProgramData\Kiwee Toolbar\images\X.bmp
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar\2.8.167
C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\firefox
C:\Program Files\Kiwee Toolbar\2.8.167\FlashCOM.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb
C:\Program Files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll
C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\msimg32.dll
C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\msvcp80.dll
C:\Program Files\Kiwee Toolbar\2.8.167\msvcr80.dll
C:\Program Files\Kiwee Toolbar\2.8.167\RemoteLib.dll
C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\install.rdf
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.enjoy02.com/membre_fiche1.aspx?param1=190163"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 23/05/2009|21:48 - Option : [1]

-----------\\ Fin du rapport a 21:48:42,10
0
Réponse 6 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 22:49
je te poste le rapport malwarebytes


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2171
Windows 6.0.6001 Service Pack 1

23/05/2009 22:35:34
mbam-log-2009-05-23 (22-35-34).txt

Type de recherche: Examen rapide
Eléments examinés: 69931
Temps écoulé: 3 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
************************************
0
Réponse 7 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 23:05
et enfin le rapport que tu m'a demander hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:56, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEDE.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S8F25.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
0
Réponse 8 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
23 mai 2009 à 23:05
et enfin le rapport que tu m'a demander hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:56, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEDE.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S8F25.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
0
Réponse 9 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
24 mai 2009 à 15:48
Tu n'as fait qu'une recherche (option 1) avec ToolbarS&D ;)
Il faut le relancer et choisir l'option 2 (suppression) pour supprimer la barre d'outil qu'il détecte.

Ensuite, tu pourras à nouveau redémarrer et poster un nouveau rapport hijackthis st


0
Réponse 10 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
24 mai 2009 à 18:08
bonjour


est ce qu'il faut recommencer l'option 1 et tout de suite aprés l'option2 de ce qu'il a détecté (suppression) ?
est ce normal que le scan est duré environ 4 heures?


merci
0
Réponse 11 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
25 mai 2009 à 01:19
Re ;)


"est ce normal que le scan est duré environ 4 heures?"
Tu parles de Toolbar S&D ? Non ce n'est pas normal, habituellement ça dure 5 minutes...


Essaye de faire un nettoyage avec CCleaner avant le scan, ça devrait raccourcir le temps d'analyse :

Télécharge et installe Ccleaner, puis lance le.
Clique sur Option → avancé → décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis Nettoyeur → Analyse → Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, Registre → corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).



Ensuite, tu peux relancer ToolbarS&D et choisir directement l'option 2 (pas besoin de refaire l'option 1)

0
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
25 mai 2009 à 15:35
bonjour
voici le rapport de toolbar avec l option 2 merci d avance
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : mayron ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:102 Go)
D:\ (USB)
E:\ (USB)
F:\ (Local Disk) - NTFS - Total:142 Go (Free:142 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 24/05/2009|21:00 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\ProgramData\Kiwee Toolbar\config
Supprime! - C:\ProgramData\Kiwee Toolbar\images
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
Supprime! - C:\ProgramData\Kiwee Toolbar
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar\2.8.167
C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 23/05/2009|21:48 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/05/2009|13:21 - Option : [2]
0
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790 > rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011
25 mai 2009 à 17:52
Ca n'a pas fonctionné correctement, il n'a pas réussi à tout supprimer...

Est-ce que tu avais bien lancé ToolbarS&D en faisant un clic-droit --> Exécuter en temps qu'administrateur ?

Si tu l'as lancé par un double-clic, les restrictions des droits d'utilisateurs sous Windows Vista l'ont empêché de faire son travail.

0
Réponse 12 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
26 mai 2009 à 15:13
bonjour,quand tooblar fait le scan ca me marque tous les 10 min: utilitaire(qgrep)de recherche de chaines de caractéres a cesser de fonctionner un probléme a fait que le programme a cessé de fonctionner correctement windows va fermer ce programme et vous indiquer si une solution est possible.
fermer le programme.et je suis donc obliger de cliquer pour fermer!!!je vous poste quand meme le rapport effectué avec tooblar avec l option 2 "supression"jai bien effectué un nettoyage avant avec c cleaner commme vous me l avais indiqué auparavant.encore merci -----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : mayron ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:100 Go)
D:\ (USB)
E:\ (USB)
F:\ (Local Disk) - NTFS - Total:142 Go (Free:142 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 26/05/2009| 8:18 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
Echec ! - C:\Program Files\Kiwee Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar\2.8.167
C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="http://www.shareware-fr.com/fr/index.php?rvs=hompag"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 23/05/2009|21:48 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/05/2009|13:21 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 26/05/2009|14:53 - Option : [2]

-----------\\ Fin du rapport a 14:53:10,60
0
Réponse 13 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 mai 2009 à 18:39
Bon, on va faire autrement :

• Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
• Double-clique sur OTMoveIt3.exe afin de le lancer.
• Clique sur ce lien et copie le script qu'il contient : https://www.cjoint.com/?fAsMyEfqEn
• Colle le script dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit.
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log

0
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
26 mai 2009 à 19:34
bonsoir,voici le rapport
Process explorer.exe killed successfully.
Unable to kill process: kwtbaim.exe
========== FILES ==========
Folder move failed. C:\Program Files\Kiwee Toolbar\2.8.167 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Kiwee Toolbar scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\mayron\AppData\Local\Temp\~DFD09D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05262009_192750

Files moved on Reboot...
Folder move failed. C:\Program Files\Kiwee Toolbar\2.8.167 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Kiwee Toolbar\2.8.167 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Kiwee Toolbar scheduled to be moved on reboot.
C:\Users\mayron\AppData\Local\Temp\~DFD09D.tmp moved successfully.
0
Réponse 14 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 mai 2009 à 20:27
Décidément elle est collante cette barre d'outil, impossible de la supprimer...


/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
26 mai 2009 à 20:54
re et merci de ta patience voici mon rapport
ComboFix 09-05-25.A2 - mayron 26/05/2009 20:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2814.1819 [GMT 2:00]
Lancé depuis: c:\users\mayron\Documents\1806.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\users\mayron\AppData\Roaming\.#
c:\users\mayron\AppData\Roaming\.#\MBX@100@1722990.###
c:\users\mayron\AppData\Roaming\.#\MBX@100@17229C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@100@17229F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@10E8@1F12990.###
c:\users\mayron\AppData\Roaming\.#\MBX@10E8@1F129C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@10E8@1F129F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@12E4@1E72990.###
c:\users\mayron\AppData\Roaming\.#\MBX@12E4@1E729C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@12E4@1E729F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1300@1C02990.###
c:\users\mayron\AppData\Roaming\.#\MBX@1300@1C029C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1300@1C029F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@13A0@1B82990.###
c:\users\mayron\AppData\Roaming\.#\MBX@13A0@1B829C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@13A0@1B829F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D0@1CA2990.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D0@1CA29C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D0@1CA29F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D4@1762990.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D4@17629C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@15D4@17629F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1654@1D52990.###
c:\users\mayron\AppData\Roaming\.#\MBX@1654@1D529C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1654@1D529F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1684@3C2990.###
c:\users\mayron\AppData\Roaming\.#\MBX@1684@3C29C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@1684@3C29F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@17D0@292990.###
c:\users\mayron\AppData\Roaming\.#\MBX@17D0@2929C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@17D0@2929F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@5B0@1B62990.###
c:\users\mayron\AppData\Roaming\.#\MBX@5B0@1B629C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@5B0@1B629F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@69C@232990.###
c:\users\mayron\AppData\Roaming\.#\MBX@69C@2329C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@69C@2329F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@904@1E82990.###
c:\users\mayron\AppData\Roaming\.#\MBX@904@1E829C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@904@1E829F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@A8C@1762990.###
c:\users\mayron\AppData\Roaming\.#\MBX@A8C@17629C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@A8C@17629F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@AD8@1A2990.###
c:\users\mayron\AppData\Roaming\.#\MBX@AD8@1A29C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@AD8@1A29F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@B2C@1722990.###
c:\users\mayron\AppData\Roaming\.#\MBX@B2C@17229C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@B2C@17229F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@BF8@2E2990.###
c:\users\mayron\AppData\Roaming\.#\MBX@BF8@2E29C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@BF8@2E29F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@C0C@1C22990.###
c:\users\mayron\AppData\Roaming\.#\MBX@C0C@1C229C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@C0C@1C229F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D20@B12990.###
c:\users\mayron\AppData\Roaming\.#\MBX@D20@B129C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D20@B129F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D90@1F12990.###
c:\users\mayron\AppData\Roaming\.#\MBX@D90@1F129C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D90@1F129F0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D9C@6E2990.###
c:\users\mayron\AppData\Roaming\.#\MBX@D9C@6E29C0.###
c:\users\mayron\AppData\Roaming\.#\MBX@D9C@6E29F0.###
c:\windows\system32\Process.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-26 au 2009-05-26 ))))))))))))))))))))))))))))))))))))
.

2009-05-26 17:27 . 2009-05-26 17:27 -------- d-----w C:\_OTMoveIt
2009-05-26 06:18 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{121DA5A2-40EC-460D-8EB1-0E0050273200}\mpengine.dll
2009-05-24 19:50 . 2009-05-24 19:51 -------- d-----w C:\rapport de scan
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\users\mayron\AppData\Roaming\Malwarebytes
2009-05-23 20:29 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 20:29 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\programdata\Malwarebytes
2009-05-23 14:15 . 2009-05-26 12:53 -------- d-----w C:\ToolBar SD
2009-05-22 11:04 . 2009-05-22 11:04 -------- d-----w C:\MSNCleaner
2009-05-21 18:23 . 2009-05-21 18:23 -------- d-----w c:\users\mayron\AppData\Local\Apps
2009-05-21 16:27 . 2009-05-21 16:27 -------- d-----w C:\_backupD
2009-05-21 16:27 . 2009-05-21 16:27 4096 ----a-w c:\windows\system32\reboot.exe
2009-05-21 16:27 . 2009-05-21 16:27 16384 ----a-w c:\windows\system32\restart.exe
2009-05-21 16:27 . 2009-05-21 16:27 -------- d-----w c:\windows\system32\regdacl
2009-05-21 16:27 . 2009-05-21 16:27 90112 ----a-w c:\windows\system32\regdacl.exe
2009-05-21 09:08 . 2009-05-21 09:09 -------- d-----w c:\program files\Fighters
2009-05-21 09:08 . 2009-05-21 09:08 -------- d-----w c:\programdata\Fighters
2009-05-21 08:34 . 2009-05-21 08:34 -------- d-----w c:\program files\Trend Micro
2009-05-20 20:02 . 2009-05-22 05:41 680 ----a-w c:\users\mayron\AppData\Local\d3d9caps.dat
2009-05-20 19:56 . 2009-05-20 19:56 -------- d-----w c:\users\mayron\AppData\Roaming\Uniblue
2009-05-20 19:28 . 2009-05-23 14:11 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-20 19:28 . 2009-05-21 16:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 16:47 . 2009-05-04 16:47 -------- d-----w c:\users\mayron\film
2009-05-04 16:43 . 2009-05-04 16:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 15:16 . 2009-05-25 16:28 -------- d-----w c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 17:37 . 2008-01-21 07:23 669328 ----a-w c:\windows\system32\perfh00C.dat
2009-05-26 17:37 . 2008-01-21 07:23 123350 ----a-w c:\windows\system32\perfc00C.dat
2009-05-20 20:30 . 2009-04-11 21:19 304160 ----a-w C:\PA207.DAT
2009-05-15 19:08 . 2008-05-12 17:23 -------- d-----w c:\program files\Acer GameZone
2009-05-14 18:22 . 2009-05-04 16:44 -------- d-----w c:\users\mayron\AppData\Roaming\LimeWire
2009-05-13 17:04 . 2008-05-12 17:34 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 17:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-26 07:46 . 2009-02-19 07:32 10 ----a-w c:\windows\popcinfo.dat
2009-04-23 18:48 . 2008-05-12 17:18 -------- d-----w c:\programdata\McAfee
2009-04-17 10:19 . 2009-04-17 10:19 -------- d-----w c:\program files\Alwil Software
2009-04-14 18:54 . 2009-04-14 18:54 -------- d-----w c:\program files\Shareware.Pro-FR
2009-04-14 15:03 . 2009-04-14 15:02 -------- d-----w c:\users\mayron\AppData\Roaming\agi
2009-04-14 15:02 . 2009-04-14 15:02 -------- d-----w c:\program files\Kiwee Toolbar
2009-04-14 15:02 . 2009-04-14 15:02 -------- d-----w c:\programdata\agi
2009-04-14 15:02 . 2009-04-14 15:02 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-04-14 15:02 . 2009-04-14 15:02 2117632 ----a-w c:\windows\system32\python25.dll
2009-04-14 15:02 . 2009-04-14 15:02 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-04-14 15:02 . 2008-05-12 17:50 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-14 15:01 . 2009-04-14 15:01 -------- d-----w c:\program files\AGI
2009-04-14 14:59 . 2009-04-14 14:59 -------- d-----w c:\program files\SiteAdvisor
2009-04-14 13:56 . 2009-04-14 13:56 -------- d-----w c:\program files\Conduit
2009-04-14 13:56 . 2009-04-14 13:56 -------- d-----w c:\program files\iminent-en
2009-04-14 13:55 . 2009-04-14 13:55 -------- d-----w c:\program files\Iminent
2009-04-14 13:55 . 2009-04-14 13:55 -------- d--h--w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}
2009-04-14 13:55 . 2009-04-14 13:55 -------- d-----w c:\programdata\Iminent
2009-04-12 13:42 . 2009-04-12 13:41 -------- d-----w c:\program files\Webcam 1200
2009-04-12 13:41 . 2008-05-12 16:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 13:41 . 2009-04-12 13:41 -------- d-----w c:\users\mayron\AppData\Roaming\InstallShield
2009-04-12 13:38 . 2009-02-18 16:41 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-12 13:37 . 2009-02-18 16:40 -------- d-----w c:\program files\ArcSoft
2009-04-12 09:45 . 2009-04-12 09:31 -------- d-----w c:\users\mayron\AppData\Roaming\MP-Manager
2009-04-12 09:31 . 2009-04-12 09:31 37345 ----a-r c:\users\mayron\AppData\Roaming\Microsoft\Installer\{D3263446-065A-464C-BB87-CA9D461221D6}\controlPanelIcon.exe
2009-04-12 09:31 . 2009-04-12 09:31 10134 ----a-r c:\users\mayron\AppData\Roaming\Microsoft\Installer\{D3263446-065A-464C-BB87-CA9D461221D6}\SystemFolder_msiexec.exe
2009-04-12 09:29 . 2009-04-12 09:29 -------- d-----w c:\users\mayron\AppData\Roaming\MPMAN
2009-04-12 07:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-12 07:33 . 2008-05-12 17:36 -------- d-----w c:\program files\Microsoft Works
2009-04-12 07:32 . 2009-04-12 07:32 -------- d-----w c:\program files\MSXML 4.0
2009-04-12 07:27 . 2008-05-12 17:20 -------- d-----w c:\programdata\SiteAdvisor
2009-04-11 12:43 . 2009-04-11 12:43 -------- d-----w c:\program files\AxBx
2009-04-11 10:04 . 2009-04-11 10:02 -------- d-----w c:\program files\Windows Live
2009-04-11 10:03 . 2009-04-11 10:03 -------- d-----w c:\program files\Microsoft
2009-04-11 10:02 . 2009-04-11 10:02 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-11 09:56 . 2009-04-11 09:56 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-10 21:56 . 2009-02-17 16:01 -------- d-----w c:\program files\Google
2009-04-09 11:43 . 2009-04-14 13:55 2439512 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe
2009-04-08 15:34 . 2009-04-14 13:55 201216 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\646BB144\AA2AC949\Iminent.WinCore.WLM.dll
2009-04-08 15:34 . 2009-04-14 13:55 101376 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\45DC9FB6\AA2AC949\Iminent.WinCore.WLM.PresenceHook.dll
2009-04-08 15:34 . 2009-04-14 13:55 42496 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\CE6A9334\AA2AC949\Iminent.WinCore.WLM.WinEvents.dll
2009-04-08 15:34 . 2009-04-14 13:55 49664 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\3ECAD1C5\AA2AC949\Iminent.WinCore.dll
2009-04-08 15:32 . 2009-04-14 13:55 7168 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\F8E33052\AAAD2BC2\Iminent.Windows.resources.dll
2009-04-08 15:32 . 2009-04-14 13:55 6656 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\A2D0D8C9\1FA51BA4\Iminent.Windows.resources.dll
2009-04-08 15:32 . 2009-04-14 13:55 241152 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\90707029\AA2AC949\Iminent.Windows.dll
2009-04-08 15:32 . 2009-04-14 13:55 13312 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\6563E87F\AA2AC949\FlvEncoder.exe
2009-04-08 15:32 . 2009-04-14 13:55 158208 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\EC9AEE9D\AA2AC949\Iminent.Workflow.dll
2009-04-08 15:32 . 2009-04-14 13:55 278528 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\426DA447\AA2AC949\Iminent.Business.XmlSerializers.dll
2009-04-08 15:32 . 2009-04-14 13:55 92160 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\74360055\AA2AC949\Iminent.Business.dll
2009-03-17 03:38 . 2009-04-15 08:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-15 08:38 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:38 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 08:38 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 08:38 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:38 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:38 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:38 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 08:38 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:38 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:38 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:38 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 08:38 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 13:04 . 2009-04-14 13:55 905216 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\F3D3330D\AA2AC949\TVE2.dll
2009-03-02 13:04 . 2009-04-14 13:55 831488 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\36234DD\AA2AC949\Turbine.TVE2.dll
2009-03-02 13:04 . 2009-04-14 13:55 187904 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\7DC6F9B1\AA2AC949\Iminent.AxImp.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
2009-02-16 13:44 1882136 ----a-w c:\program files\Shareware.Pro-FR\tbShar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a7400d6-6615-4a06-a4d1-48979fa6e868}]
2008-09-15 04:47 1784856 ----a-w c:\program files\iminent-en\tbimin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2009-04-08 16:34 102912 ----a-w c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
2009-02-23 13:12 117248 ----a-w c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 68856]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-07 1561840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-17 24064]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2009-04-08 365568]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2009-04-09 496640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3381893-2AA0-4938-A355-21044CC1FD38}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{726EBDFD-BD05-4FBD-8217-24BE7CD31641}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2833FA7-F393-4028-90D9-94D8954EB299}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{95A5B6F1-AB4A-4C0F-B316-3D358944C376}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8309974B-3708-450B-A465-BDD545F4C568}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{8275CD3F-1453-4C44-A1F3-8C90FF18ED20}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AA097394-2D5A-4B89-A22C-D684290F69B8}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{5CFAD744-915B-4F15-8DEA-B7244EC4EBD8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D6ADAA43-FB47-4EE8-B085-ECF97F8CB172}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{9773C304-2055-4323-B6F9-58F8A64358B0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E6598C06-23F9-45A7-AA87-F69F70F6DE5D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{8C9F5832-0AF5-452C-8980-70EB60337190}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D2142065-9160-4F84-93F2-0275EA85408C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/04/2009 12:19 114768]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [14/04/2009 17:02 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/04/2009 12:19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/04/2009 12:19 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12/05/2008 19:16 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [18/11/2008 11:01 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [18/11/2008 11:01 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [18/11/2008 11:01 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [18/11/2008 11:01 139912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [12/05/2008 12:42 43552]
R3 PAC207;Webcam 1200;c:\windows\System32\drivers\PFC027.SYS [18/02/2009 18:39 611584]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [18/11/2008 11:01 15496]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17/02/2009 18:01 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 20:47
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-26 20:49
ComboFix-quarantined-files.txt 2009-05-26 18:49

Avant-CF: 106 474 872 832 octets libres
Après-CF: 106 454 736 896 octets libres

289 --- E O F --- 2009-05-26 06:18
0
Réponse 15 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 mai 2009 à 21:38
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour rach02, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier rach02.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 16 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
27 mai 2009 à 18:40
bonjour voici le rapport
ComboFix 09-05-25.A2 - mayron 27/05/2009 18:29.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2814.1669 [GMT 2:00]
Lancé depuis: c:\users\mayron\Documents\1806.exe
Commutateurs utilisés :: c:\users\mayron\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Kiwee Toolbar
c:\program files\Kiwee Toolbar\2.8.167\AGTBCore.dll
c:\program files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
c:\program files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
c:\program files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-27 au 2009-05-27 ))))))))))))))))))))))))))))))))))))
.

2009-05-26 17:27 . 2009-05-26 17:27 -------- d-----w C:\_OTMoveIt
2009-05-26 06:18 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{121DA5A2-40EC-460D-8EB1-0E0050273200}\mpengine.dll
2009-05-24 19:50 . 2009-05-24 19:51 -------- d-----w C:\rapport de scan
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\users\mayron\AppData\Roaming\Malwarebytes
2009-05-23 20:29 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 20:29 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 20:29 . 2009-05-23 20:29 -------- d-----w c:\programdata\Malwarebytes
2009-05-23 14:15 . 2009-05-26 12:53 -------- d-----w C:\ToolBar SD
2009-05-22 11:04 . 2009-05-22 11:04 -------- d-----w C:\MSNCleaner
2009-05-21 18:23 . 2009-05-21 18:23 -------- d-----w c:\users\mayron\AppData\Local\Apps
2009-05-21 16:27 . 2009-05-21 16:27 -------- d-----w C:\_backupD
2009-05-21 16:27 . 2009-05-21 16:27 4096 ----a-w c:\windows\system32\reboot.exe
2009-05-21 16:27 . 2009-05-21 16:27 16384 ----a-w c:\windows\system32\restart.exe
2009-05-21 16:27 . 2009-05-21 16:27 -------- d-----w c:\windows\system32\regdacl
2009-05-21 16:27 . 2009-05-21 16:27 90112 ----a-w c:\windows\system32\regdacl.exe
2009-05-21 09:08 . 2009-05-21 09:09 -------- d-----w c:\program files\Fighters
2009-05-21 09:08 . 2009-05-21 09:08 -------- d-----w c:\programdata\Fighters
2009-05-21 08:34 . 2009-05-21 08:34 -------- d-----w c:\program files\Trend Micro
2009-05-20 20:02 . 2009-05-22 05:41 680 ----a-w c:\users\mayron\AppData\Local\d3d9caps.dat
2009-05-20 19:56 . 2009-05-20 19:56 -------- d-----w c:\users\mayron\AppData\Roaming\Uniblue
2009-05-20 19:28 . 2009-05-23 14:11 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-20 19:28 . 2009-05-21 16:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 16:47 . 2009-05-04 16:47 -------- d-----w c:\users\mayron\film
2009-05-04 16:43 . 2009-05-04 16:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 15:16 . 2009-05-25 16:28 -------- d-----w c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 08:40 . 2008-01-21 07:23 669328 ----a-w c:\windows\system32\perfh00C.dat
2009-05-27 08:40 . 2008-01-21 07:23 123350 ----a-w c:\windows\system32\perfc00C.dat
2009-05-20 20:30 . 2009-04-11 21:19 304160 ----a-w C:\PA207.DAT
2009-05-15 19:08 . 2008-05-12 17:23 -------- d-----w c:\program files\Acer GameZone
2009-05-14 18:22 . 2009-05-04 16:44 -------- d-----w c:\users\mayron\AppData\Roaming\LimeWire
2009-05-13 17:04 . 2008-05-12 17:34 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 17:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-26 07:46 . 2009-02-19 07:32 10 ----a-w c:\windows\popcinfo.dat
2009-04-23 18:48 . 2008-05-12 17:18 -------- d-----w c:\programdata\McAfee
2009-04-17 10:19 . 2009-04-17 10:19 -------- d-----w c:\program files\Alwil Software
2009-04-14 18:54 . 2009-04-14 18:54 -------- d-----w c:\program files\Shareware.Pro-FR
2009-04-14 15:03 . 2009-04-14 15:02 -------- d-----w c:\users\mayron\AppData\Roaming\agi
2009-04-14 15:02 . 2009-04-14 15:02 -------- d-----w c:\programdata\agi
2009-04-14 15:02 . 2009-04-14 15:02 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-04-14 15:02 . 2009-04-14 15:02 2117632 ----a-w c:\windows\system32\python25.dll
2009-04-14 15:02 . 2009-04-14 15:02 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-04-14 15:02 . 2008-05-12 17:50 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-14 15:01 . 2009-04-14 15:01 -------- d-----w c:\program files\AGI
2009-04-14 14:59 . 2009-04-14 14:59 -------- d-----w c:\program files\SiteAdvisor
2009-04-14 13:56 . 2009-04-14 13:56 -------- d-----w c:\program files\Conduit
2009-04-14 13:56 . 2009-04-14 13:56 -------- d-----w c:\program files\iminent-en
2009-04-14 13:55 . 2009-04-14 13:55 -------- d-----w c:\program files\Iminent
2009-04-14 13:55 . 2009-04-14 13:55 -------- d--h--w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}
2009-04-14 13:55 . 2009-04-14 13:55 -------- d-----w c:\programdata\Iminent
2009-04-12 13:42 . 2009-04-12 13:41 -------- d-----w c:\program files\Webcam 1200
2009-04-12 13:41 . 2008-05-12 16:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 13:41 . 2009-04-12 13:41 -------- d-----w c:\users\mayron\AppData\Roaming\InstallShield
2009-04-12 13:38 . 2009-02-18 16:41 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-12 13:37 . 2009-02-18 16:40 -------- d-----w c:\program files\ArcSoft
2009-04-12 09:45 . 2009-04-12 09:31 -------- d-----w c:\users\mayron\AppData\Roaming\MP-Manager
2009-04-12 09:31 . 2009-04-12 09:31 37345 ----a-r c:\users\mayron\AppData\Roaming\Microsoft\Installer\{D3263446-065A-464C-BB87-CA9D461221D6}\controlPanelIcon.exe
2009-04-12 09:31 . 2009-04-12 09:31 10134 ----a-r c:\users\mayron\AppData\Roaming\Microsoft\Installer\{D3263446-065A-464C-BB87-CA9D461221D6}\SystemFolder_msiexec.exe
2009-04-12 09:29 . 2009-04-12 09:29 -------- d-----w c:\users\mayron\AppData\Roaming\MPMAN
2009-04-12 07:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-12 07:33 . 2008-05-12 17:36 -------- d-----w c:\program files\Microsoft Works
2009-04-12 07:32 . 2009-04-12 07:32 -------- d-----w c:\program files\MSXML 4.0
2009-04-12 07:27 . 2008-05-12 17:20 -------- d-----w c:\programdata\SiteAdvisor
2009-04-11 12:43 . 2009-04-11 12:43 -------- d-----w c:\program files\AxBx
2009-04-11 10:04 . 2009-04-11 10:02 -------- d-----w c:\program files\Windows Live
2009-04-11 10:03 . 2009-04-11 10:03 -------- d-----w c:\program files\Microsoft
2009-04-11 10:02 . 2009-04-11 10:02 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-11 09:56 . 2009-04-11 09:56 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-10 21:56 . 2009-02-17 16:01 -------- d-----w c:\program files\Google
2009-04-09 11:43 . 2009-04-14 13:55 2439512 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe
2009-04-08 15:34 . 2009-04-14 13:55 201216 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\646BB144\AA2AC949\Iminent.WinCore.WLM.dll
2009-04-08 15:34 . 2009-04-14 13:55 101376 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\45DC9FB6\AA2AC949\Iminent.WinCore.WLM.PresenceHook.dll
2009-04-08 15:34 . 2009-04-14 13:55 42496 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\CE6A9334\AA2AC949\Iminent.WinCore.WLM.WinEvents.dll
2009-04-08 15:34 . 2009-04-14 13:55 49664 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\3ECAD1C5\AA2AC949\Iminent.WinCore.dll
2009-04-08 15:32 . 2009-04-14 13:55 7168 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\F8E33052\AAAD2BC2\Iminent.Windows.resources.dll
2009-04-08 15:32 . 2009-04-14 13:55 6656 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\A2D0D8C9\1FA51BA4\Iminent.Windows.resources.dll
2009-04-08 15:32 . 2009-04-14 13:55 241152 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\90707029\AA2AC949\Iminent.Windows.dll
2009-04-08 15:32 . 2009-04-14 13:55 13312 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\6563E87F\AA2AC949\FlvEncoder.exe
2009-04-08 15:32 . 2009-04-14 13:55 158208 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\EC9AEE9D\AA2AC949\Iminent.Workflow.dll
2009-04-08 15:32 . 2009-04-14 13:55 278528 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\426DA447\AA2AC949\Iminent.Business.XmlSerializers.dll
2009-04-08 15:32 . 2009-04-14 13:55 92160 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\74360055\AA2AC949\Iminent.Business.dll
2009-03-17 03:38 . 2009-04-15 08:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-15 08:38 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:38 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 08:38 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 08:38 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:38 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:38 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:38 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 08:38 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:38 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:38 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:38 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 08:38 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 13:04 . 2009-04-14 13:55 905216 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\F3D3330D\AA2AC949\TVE2.dll
2009-03-02 13:04 . 2009-04-14 13:55 831488 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\36234DD\AA2AC949\Turbine.TVE2.dll
2009-03-02 13:04 . 2009-04-14 13:55 187904 ----a-w c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\offline\7DC6F9B1\AA2AC949\Iminent.AxImp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-26_18.48.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 01:58 . 2009-05-26 17:31 62368 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 01:58 . 2009-05-27 08:34 62368 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-27 08:35 72372 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 15:58 . 2009-05-27 16:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 15:58 . 2009-05-26 17:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 15:58 . 2009-05-26 17:29 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 15:58 . 2009-05-27 16:32 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 15:58 . 2009-05-27 16:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-17 15:58 . 2009-05-26 17:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-17 16:02 . 2009-05-27 08:35 9218 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-572559793-2897589519-2926831775-1000_UserData.bin
+ 2009-05-27 16:32 . 2009-05-27 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-26 17:29 . 2009-05-26 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-26 17:29 . 2009-05-26 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-27 16:32 . 2009-05-27 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-27 08:40 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-26 17:37 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-26 17:37 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-27 08:40 101052 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
2009-02-16 13:44 1882136 ----a-w c:\program files\Shareware.Pro-FR\tbShar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6a7400d6-6615-4a06-a4d1-48979fa6e868}]
2008-09-15 04:47 1784856 ----a-w c:\program files\iminent-en\tbimin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2009-04-08 16:34 102912 ----a-w c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
2009-02-23 13:12 117248 ----a-w c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 68856]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-07 1561840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-17 24064]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2009-04-08 365568]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2009-04-09 496640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3381893-2AA0-4938-A355-21044CC1FD38}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{726EBDFD-BD05-4FBD-8217-24BE7CD31641}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2833FA7-F393-4028-90D9-94D8954EB299}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{95A5B6F1-AB4A-4C0F-B316-3D358944C376}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8309974B-3708-450B-A465-BDD545F4C568}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{8275CD3F-1453-4C44-A1F3-8C90FF18ED20}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{AA097394-2D5A-4B89-A22C-D684290F69B8}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{5CFAD744-915B-4F15-8DEA-B7244EC4EBD8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D6ADAA43-FB47-4EE8-B085-ECF97F8CB172}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{9773C304-2055-4323-B6F9-58F8A64358B0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E6598C06-23F9-45A7-AA87-F69F70F6DE5D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{8C9F5832-0AF5-452C-8980-70EB60337190}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D2142065-9160-4F84-93F2-0275EA85408C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/04/2009 12:19 114768]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [14/04/2009 17:02 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/04/2009 12:19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/04/2009 12:19 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12/05/2008 19:16 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [18/11/2008 11:01 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [18/11/2008 11:01 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [18/11/2008 11:01 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [18/11/2008 11:01 139912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [12/05/2008 12:42 43552]
R3 PAC207;Webcam 1200;c:\windows\System32\drivers\PFC027.SYS [18/02/2009 18:39 611584]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [18/11/2008 11:01 15496]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17/02/2009 18:01 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 18:34
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\mayron\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm 284 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3428)
c:\program files\Iminent\IMBooster\Iminent.WinCore.dll
c:\windows\system32\NVSVC.DLL
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\progra~1\ArcSoft\PHOTOI~1\share\pihook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Fighters\Spywarefighter\SpywarefighterTray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-05-27 18:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-27 16:37
ComboFix2.txt 2009-05-26 18:49

Avant-CF: 106 436 812 800 octets libres
Après-CF: 106 407 985 152 octets libres

281 --- E O F --- 2009-05-26 06:18
0
Réponse 17 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
27 mai 2009 à 18:42
Ok, fais redémarrer ton ordinateur et poste un nouveau rapport hijackthis stp

0
Réponse 18 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
27 mai 2009 à 18:54
voici le rapport
gfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:56, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEDE.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S8F25.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
0
Réponse 19 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
27 mai 2009 à 19:11
"Scan saved at 21:36:56, on 22/05/2009 "

Ce n'est pas un rapport d'aujourd'hui


Relance hijackthis par un clic-droit --> "Exécuter en temps qu'administrateur"
Puis poste le nouveau rapport stp

0
Réponse 20 / 28
rach02 Messages postés 52 Date d'inscription dimanche 1 mars 2009 Statut Membre Dernière intervention 6 janvier 2011 8
27 mai 2009 à 20:02
vraiment désolé!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:32, on 27/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: iminent-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimin.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter -
0

Discussions similaires

Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses