Win32.Adware.Dropperper

benguigui -  
 archet9 -
Bonjour,
je suis infecté par ce virus adware " Win32.Adware.Dropperper "

J'ai lancé HikackThis et j'ai obtenu ceci :
Quelqu'un peut me dire quoi faire ensuite .?

Merci à vous..

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:24:10, on 10/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clichyportail.ineo/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-aim.ineo:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.ineo;*.suez;*.capclichy;rcs-*;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: embarque
O1 - Hosts: 200.10.10.1 CLUSLC1 # Cluster serveur SLC 1
O1 - Hosts: 200.10.10.2 CLUSLC2 # Cluster serveur SLC 2
O1 - Hosts: 200.10.10.1 CLUSAETR1 # Cluster serveur SAETR 1
O1 - Hosts: 200.10.10.2 CLUSAETR2 # Cluster serveur SAETR 2
O1 - Hosts: 200.10.10.1 CLUSAI1 # Cluster serveur SAI 1
O1 - Hosts: 200.10.10.2 CLUSAI2 # Cluster serveur SAI2
O1 - Hosts: R_TOURC # Routeur Belgacom
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: IPSec Dial Client.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /300
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://pari.transpole.fr//SNX/CSHELL/extender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Unknown owner - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Unknown owner - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 18061 bytes
Configuration: Windows XP
Firefox 3.5.7

10 réponses

  1. archet9
     
    Bonsoir,

    Télécharge LopSD.exe sur ton Bureau
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Clique sur le raccourci LopSD présent sur le Bureau pour lancer LopSD.

    Choisis la langue F pour Français puis valide par Entrée.

    Choisis l'option suppression en saisissant 2 puis valide par Entrée
    .
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré qui se trouve ici => (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    a+
    0
  2. benguigui
     
    MERCI MEC..

    Voici le log :

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
    USER : Ben ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
    D:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 10/01/2010|18:38 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [23/01/2009|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
    [11/09/2009|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [19/08/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
    [29/07/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [29/07/2008|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    [11/09/2009|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [11/09/2009|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [10/01/2010|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [03/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
    [20/06/2008|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
    [24/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [19/06/2008|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
    [24/05/2009|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [22/12/2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [17/07/2008|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [27/04/2009|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [23/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
    [19/10/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LGMOBILEAX
    [14/10/2008|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [30/07/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [07/01/2010|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [09/12/2009|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OfficeRecovery
    [09/12/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    [23/09/2009|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [22/12/2009|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [10/01/2010|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [26/05/2009|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    [23/01/2009|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
    [20/06/2008|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [28/07/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [22/12/2009|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [27/04/2009|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zeon

    [20/06/2008|11:33] C:\DOCUME~1\Ben\APPLIC~1\3M
    [28/06/2009|15:00] C:\DOCUME~1\Ben\APPLIC~1\Adobe
    [07/07/2008|15:56] C:\DOCUME~1\Ben\APPLIC~1\AdobeUM
    [21/09/2009|11:22] C:\DOCUME~1\Ben\APPLIC~1\Apple Computer
    [24/09/2008|18:31] C:\DOCUME~1\Ben\APPLIC~1\CyberLink
    [20/06/2008|08:03] C:\DOCUME~1\Ben\APPLIC~1\DAEMON Tools Pro
    [27/08/2008|20:19] C:\DOCUME~1\Ben\APPLIC~1\DeepBurner
    [19/06/2008|15:59] C:\DOCUME~1\Ben\APPLIC~1\Dell
    [22/10/2008|16:36] C:\DOCUME~1\Ben\APPLIC~1\DivX
    [25/09/2009|19:22] C:\DOCUME~1\Ben\APPLIC~1\dvdcss
    [26/09/2008|15:33] C:\DOCUME~1\Ben\APPLIC~1\eMule
    [23/07/2009|10:11] C:\DOCUME~1\Ben\APPLIC~1\Ethereal
    [07/01/2010|15:45] C:\DOCUME~1\Ben\APPLIC~1\FileZilla
    [09/11/2009|11:29] C:\DOCUME~1\Ben\APPLIC~1\Google
    [22/12/2009|16:10] C:\DOCUME~1\Ben\APPLIC~1\Grisoft
    [14/08/2008|16:15] C:\DOCUME~1\Ben\APPLIC~1\Help
    [19/06/2008|14:35] C:\DOCUME~1\Ben\APPLIC~1\Identities
    [24/05/2009|16:00] C:\DOCUME~1\Ben\APPLIC~1\ImgBurn
    [19/06/2008|15:35] C:\DOCUME~1\Ben\APPLIC~1\InstallShield
    [23/06/2008|11:00] C:\DOCUME~1\Ben\APPLIC~1\Intel
    [19/10/2008|21:34] C:\DOCUME~1\Ben\APPLIC~1\LG Electronics
    [14/10/2008|15:12] C:\DOCUME~1\Ben\APPLIC~1\Macromedia
    [09/12/2009|11:06] C:\DOCUME~1\Ben\APPLIC~1\Microsoft
    [20/06/2008|08:16] C:\DOCUME~1\Ben\APPLIC~1\Microsoft Web Folders
    [14/08/2008|08:23] C:\DOCUME~1\Ben\APPLIC~1\Mozilla
    [29/09/2009|15:11] C:\DOCUME~1\Ben\APPLIC~1\Notepad++
    [21/07/2008|15:06] C:\DOCUME~1\Ben\APPLIC~1\Nvu
    [09/12/2009|11:18] C:\DOCUME~1\Ben\APPLIC~1\OfficeRecovery
    [09/12/2009|10:55] C:\DOCUME~1\Ben\APPLIC~1\PC Tools
    [24/09/2009|17:53] C:\DOCUME~1\Ben\APPLIC~1\pdfforge
    [24/09/2009|17:53] C:\DOCUME~1\Ben\APPLIC~1\Search Settings
    [10/01/2010|18:01] C:\DOCUME~1\Ben\APPLIC~1\stickies
    [25/09/2008|23:16] C:\DOCUME~1\Ben\APPLIC~1\Sun
    [30/09/2008|13:06] C:\DOCUME~1\Ben\APPLIC~1\TomTom
    [23/01/2009|23:34] C:\DOCUME~1\Ben\APPLIC~1\TuneUp Software
    [20/06/2008|11:35] C:\DOCUME~1\Ben\APPLIC~1\vlc
    [25/09/2008|22:54] C:\DOCUME~1\Ben\APPLIC~1\WinRAR
    [21/01/2009|15:08] C:\DOCUME~1\Ben\APPLIC~1\Wireshark
    [22/12/2009|16:06] C:\DOCUME~1\Ben\APPLIC~1\Yahoo!
    [27/04/2009|08:16] C:\DOCUME~1\Ben\APPLIC~1\zeon

    [23/06/2008|11:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
    [19/06/2008|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [04/08/2008|17:02] C:\DOCUME~1\Ineo\APPLIC~1\Dell
    [08/02/2009|10:20] C:\DOCUME~1\Ineo\APPLIC~1\DivX
    [04/08/2008|17:01] C:\DOCUME~1\Ineo\APPLIC~1\Identities
    [23/06/2008|11:00] C:\DOCUME~1\Ineo\APPLIC~1\Intel
    [08/02/2009|10:26] C:\DOCUME~1\Ineo\APPLIC~1\Microsoft

    [21/08/2008|16:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Acronis
    [23/06/2008|11:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
    [20/06/2008|07:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [23/06/2008|11:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
    [19/06/2008|14:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [10/01/2010 18:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [10/01/2010 17:59][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [10/01/2010 18:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003UA.job
    [05/01/2010 13:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003Core.job
    [10/01/2010 17:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [19/08/2008|22:33] C:\Program Files\Acronis
    [07/11/2009|12:38] C:\Program Files\Adobe
    [27/11/2008|23:10] C:\Program Files\AGEIA Technologies
    [10/06/2009|11:25] C:\Program Files\Ahead
    [11/09/2009|06:50] C:\Program Files\Apple Software Update
    [27/11/2009|08:37] C:\Program Files\a-squared Free
    [27/08/2008|20:06] C:\Program Files\Astonsoft
    [16/09/2008|14:10] C:\Program Files\AstroSoft
    [10/01/2010|18:31] C:\Program Files\Avira
    [03/02/2009|12:36] C:\Program Files\Blighty Design
    [11/09/2009|06:53] C:\Program Files\Bonjour
    [19/06/2008|14:54] C:\Program Files\Broadcom
    [20/03/2009|15:34] C:\Program Files\CartoGps V2.9
    [22/12/2009|16:06] C:\Program Files\CCleaner
    [22/12/2009|16:46] C:\Program Files\CheckPoint
    [20/06/2008|09:32] C:\Program Files\Ciel
    [19/06/2008|14:25] C:\Program Files\ComPlus Applications
    [19/06/2008|15:49] C:\Program Files\CONEXANT
    [07/07/2008|10:02] C:\Program Files\CoSine Communications
    [24/09/2008|18:30] C:\Program Files\CyberLink
    [20/06/2008|13:56] C:\Program Files\DAEMON Tools Pro
    [19/06/2008|15:59] C:\Program Files\Dell
    [19/06/2008|15:36] C:\Program Files\Digital Line Detect
    [22/10/2008|16:34] C:\Program Files\DivX
    [24/05/2009|15:34] C:\Program Files\DVD Shrink
    [16/11/2009|14:14] C:\Program Files\DVDVIDEOSOFT
    [31/12/2009|11:13] C:\Program Files\ElcomSoft
    [26/09/2008|15:33] C:\Program Files\eMule
    [07/07/2008|10:01] C:\Program Files\Equant
    [03/07/2009|07:11] C:\Program Files\Ethereal
    [09/12/2009|10:55] C:\Program Files\Fichiers communs
    [07/01/2010|13:46] C:\Program Files\FileZilla Client
    [28/05/2009|22:04] C:\Program Files\FolderAccess
    [24/09/2009|09:53] C:\Program Files\Free PDF to Word Doc Converter
    [19/11/2009|10:49] C:\Program Files\G_I
    [29/12/2009|15:34] C:\Program Files\Google
    [22/12/2009|16:09] C:\Program Files\Grisoft
    [17/07/2009|10:25] C:\Program Files\HD Tune
    [26/12/2008|19:29] C:\Program Files\Hewlett-Packard
    [10/01/2010|18:19] C:\Program Files\hijackthis
    [11/09/2009|09:50] C:\Program Files\HP
    [03/11/2009|08:40] C:\Program Files\InstallShield Installation Information
    [27/02/2009|12:36] C:\Program Files\Intel
    [11/12/2009|08:47] C:\Program Files\Internet Explorer
    [11/09/2009|06:54] C:\Program Files\iPod
    [11/09/2009|06:55] C:\Program Files\iTunes
    [02/10/2008|09:00] C:\Program Files\IVT Corporation
    [09/11/2009|14:04] C:\Program Files\Java
    [10/07/2009|13:18] C:\Program Files\KontextViewer
    [19/10/2008|21:33] C:\Program Files\LG Electronics
    [19/10/2008|21:33] C:\Program Files\LG PC Suite 2
    [07/12/2009|15:22] C:\Program Files\Look@LAN
    [19/06/2008|15:41] C:\Program Files\lotus
    [14/10/2008|15:10] C:\Program Files\Macromedia
    [05/09/2008|09:52] C:\Program Files\MagicPDF
    [19/06/2008|15:46] C:\Program Files\Ma‹do Production
    [20/01/2009|16:34] C:\Program Files\Messenger
    [26/09/2008|15:49] C:\Program Files\Messenger Plus! Live
    [14/11/2009|23:23] C:\Program Files\Microsoft
    [11/12/2009|08:48] C:\Program Files\Microsoft ActiveSync
    [19/06/2008|14:28] C:\Program Files\microsoft frontpage
    [09/09/2009|10:39] C:\Program Files\Microsoft Office
    [12/11/2009|14:11] C:\Program Files\Microsoft Visual Studio
    [09/09/2009|10:39] C:\Program Files\Microsoft.NET
    [16/06/2009|13:29] C:\Program Files\Motorola
    [31/10/2008|04:00] C:\Program Files\Movie Maker
    [10/01/2010|18:06] C:\Program Files\Mozilla Firefox
    [03/06/2009|15:39] C:\Program Files\MSBuild
    [24/02/2009|10:56] C:\Program Files\MSECache
    [19/06/2008|14:24] C:\Program Files\MSN
    [19/06/2008|14:24] C:\Program Files\MSN Gaming Zone
    [20/01/2009|16:25] C:\Program Files\MSXML 4.0
    [20/11/2008|14:28] C:\Program Files\NETGEAR ReadyNAS
    [27/01/2009|10:19] C:\Program Files\NetMeeting
    [29/09/2009|15:03] C:\Program Files\Notepad++
    [31/10/2008|04:16] C:\Program Files\Nvu
    [09/12/2009|11:17] C:\Program Files\OfficeRecovery
    [19/06/2008|14:24] C:\Program Files\Online Services
    [31/10/2008|04:17] C:\Program Files\Ontrack
    [20/06/2008|11:16] C:\Program Files\OrangeBS
    [12/09/2009|19:42] C:\Program Files\Outlook Express
    [03/11/2009|08:40] C:\Program Files\PC Inspector File Recovery
    [24/09/2009|10:30] C:\Program Files\PDFCreator
    [24/09/2009|10:30] C:\Program Files\pdfforge Toolbar
    [24/09/2009|16:08] C:\Program Files\Plasma Pong
    [19/09/2008|11:05] C:\Program Files\PowerQuest
    [12/11/2009|14:12] C:\Program Files\Publication Web
    [11/09/2009|06:52] C:\Program Files\QuickTime
    [19/11/2009|11:32] C:\Program Files\Recuva
    [03/06/2009|15:39] C:\Program Files\Reference Assemblies
    [07/12/2009|23:14] C:\Program Files\RegCleaner
    [31/12/2009|11:14] C:\Program Files\Save Flash
    [27/04/2009|08:16] C:\Program Files\ScanSoft
    [19/06/2008|14:27] C:\Program Files\Services en ligne
    [19/06/2008|15:47] C:\Program Files\SigmaTel
    [19/05/2009|16:19] C:\Program Files\SIW
    [06/07/2009|18:38] C:\Program Files\Sony Ericsson
    [09/12/2009|15:16] C:\Program Files\Spybot - Search & Destroy
    [09/12/2009|15:06] C:\Program Files\Spyware Doctor
    [20/06/2008|11:34] C:\Program Files\Stickies
    [20/06/2008|07:30] C:\Program Files\TaskSwitchXP
    [30/09/2008|11:32] C:\Program Files\TomTom DesktopSuite
    [26/05/2009|09:26] C:\Program Files\TomTom HOME
    [26/05/2009|09:37] C:\Program Files\TomTom HOME 2
    [26/05/2009|09:38] C:\Program Files\TomTom International B.V
    [01/07/2009|11:51] C:\Program Files\Trend Micro
    [17/10/2008|03:34] C:\Program Files\UltraISO
    [01/12/2009|10:06] C:\Program Files\UltraVNC
    [10/06/2009|13:11] C:\Program Files\Uninstall Information
    [20/06/2008|11:35] C:\Program Files\VideoLAN
    [03/06/2009|16:07] C:\Program Files\WBFS
    [09/10/2009|08:29] C:\Program Files\Windows CE 5.0 Emulator
    [25/09/2008|12:12] C:\Program Files\Windows Live
    [25/12/2008|23:57] C:\Program Files\Windows Live SkyDrive
    [20/06/2008|07:22] C:\Program Files\Windows Media Connect 2
    [16/11/2009|14:47] C:\Program Files\Windows Media Player
    [31/10/2008|03:55] C:\Program Files\Windows NT
    [19/06/2008|14:27] C:\Program Files\WindowsUpdate
    [08/09/2008|10:01] C:\Program Files\WinPcap
    [30/09/2008|18:49] C:\Program Files\WinRAR
    [08/09/2008|10:01] C:\Program Files\Wireshark
    [19/06/2008|14:28] C:\Program Files\xerox
    [22/12/2009|16:06] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [19/08/2008|22:34] C:\Program Files\Fichiers communs\Acronis
    [07/11/2009|12:39] C:\Program Files\Fichiers communs\Adobe
    [29/07/2008|11:12] C:\Program Files\Fichiers communs\Adobe Systems Shared
    [10/06/2009|11:24] C:\Program Files\Fichiers communs\Ahead
    [11/09/2009|06:54] C:\Program Files\Fichiers communs\Apple
    [19/05/2009|11:13] C:\Program Files\Fichiers communs\Ciel
    [12/11/2009|14:11] C:\Program Files\Fichiers communs\DESIGNER
    [07/07/2008|10:02] C:\Program Files\Fichiers communs\Deterministic Networks
    [16/11/2009|14:14] C:\Program Files\Fichiers communs\DVDVIDEOSOFT
    [17/10/2008|03:34] C:\Program Files\Fichiers communs\EZB Systems
    [20/06/2008|11:20] C:\Program Files\Fichiers communs\France Telecom
    [26/12/2008|19:28] C:\Program Files\Fichiers communs\Hewlett-Packard
    [27/04/2009|08:16] C:\Program Files\Fichiers communs\InstallShield
    [25/09/2008|23:12] C:\Program Files\Fichiers communs\Java
    [21/07/2008|14:02] C:\Program Files\Fichiers communs\Macromedia
    [10/01/2010|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
    [19/06/2008|14:26] C:\Program Files\Fichiers communs\MSSoap
    [10/06/2009|11:26] C:\Program Files\Fichiers communs\Nero
    [19/06/2008|16:19] C:\Program Files\Fichiers communs\ODBC
    [09/12/2009|10:56] C:\Program Files\Fichiers communs\PC Tools
    [27/04/2009|08:16] C:\Program Files\Fichiers communs\Scansoft Shared
    [19/06/2008|14:26] C:\Program Files\Fichiers communs\Services
    [19/06/2008|16:19] C:\Program Files\Fichiers communs\SpeechEngines
    [08/12/2009|14:43] C:\Program Files\Fichiers communs\System
    [25/09/2008|12:09] C:\Program Files\Fichiers communs\Windows Live
    [30/07/2008|19:30] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 77 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-10 18:49:39
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:25][D:19]-> C:\DOCUME~1\Ben\LOCALS~1\Temp
    [F:30][D:0]-> C:\DOCUME~1\Ben\Cookies
    [F:658][D:5]-> C:\DOCUME~1\Ben\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 10/01/2010|18:52 - Option : [2]

    --------------------\\ Fin du rapport a 18:52:36
    0
  3. archet9
     
    Bon...un coup pour rien.... c'est pas grave !

    Télécharges AD-REMOVER
    ou
    AD-REMOVER

    (de Cyrildu17 / C_XX) sur ton Bureau.

    Déconnectes-toi et ferme toutes applications en cours

    Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    Double-clique sur l'icône [AD-Remover située sur ton Bureau.
    Au menu principal, choisis l'option L.Postes le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    a+
    0
  4. benguigui
     
    Ouhh . long ce scan..!

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 05.01.2010 à 18:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 19:30:22, 10/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\PROGRA~1\AD-REM~1\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: RCS-BAIVIER | Utilisateur actuel: Ben

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
    C:\Program Files\pdfforge Toolbar
    C:\DOCUME~1\Ben\APPLIC~1\pdfforge
    C:\DOCUME~1\Ben\APPLIC~1\Search Settings
    C:\Windows\Installer\4429192.msi

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\software\pdfforge
    HKCU\software\Search Settings
    HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKLM\software\microsoft\windows\currentversion\uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
    HKLM\software\pdfforge
    HKLM\software\Search Settings
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.7 [fr] *
    .
    Nom du profil: 08qge200.default (Ben)
    .
    (Ben, prefs.js) Browser.download.lastDir, C:\temp
    (Ben, prefs.js) Browser.startup.homepage, hxxp://www.google.fr
    (Ben, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,LogMeInClient@logmein.com:1.0.0.407,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1,search@searchsettings.com:1.2.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7,{173487d0-5384-11dd-ae16-0800200c9a66}:0.5
    (Ben, prefs.js) Privacy.popups.showBrowserMessage, false
    .
    .
    * Internet Explorer Version 7.0.5730.11 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Local Page: C:\WINDOWS\system32\blank.htm
    Do404Search: 01000000
    Enable Browser Extensions: yes
    Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    5164 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    0 Fichier(s) - C:\DOCUME~1\Ben\LOCALS~1\Temp
    1 Fichier(s) - C:\WINDOWS\Temp
    0 Fichier(s) - C:\WINDOWS\Prefetch
    .
    17 Fichier(s) - C:\PROGRA~1\AD-REM~1\BACKUP
    79 Fichier(s) - C:\PROGRA~1\AD-REM~1\QUARANTINE
    .
    Fin à: 19:47:51 | 10/01/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. archet9
     
    Très bien...

    Fais maintenant un scan avec cet antispyware :
    Malwarebytes + tutoriel

    Tu l´installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l´onglet recherche et coche la case :
    "Executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    A la fin du scan, clique sur Afficher les résultats
    Si des elements on ete trouvés :
    > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s´ouvrir;
    sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    a+
    0
  7. benguigui
     
    Penbdant le scan mon antiv a détecté des choses et les a supprimé, mais a la fin du scan le soft a qd meme detecté 4 choses et les a supp ..

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3536
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    10/01/2010 21:05:09
    mbam-log-2010-01-10 (21-05-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 121680
    Temps écoulé: 9 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    0
  8. benguigui
     
    Apparement plus de virus... trop fort mec !
    Comment fais tu pour savoir quoi executé d'aprés les log des soft ??

    encore merci à toi et bonne soirée
    0
  9. archet9
     
    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    a+

    0
  10. benguigui
     
    Voili voila mec..

    ComboFix 10-01-04.01 - Ben 10/01/2010 22:59:28.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.532 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Ben\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {3AA695C5-24F4-40C5-8CAF-77B2339B0BEB}

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\AegisP.inf
    c:\windows\system32\ntSVc.ocx

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://10.27.12.52
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_OREANS32
    -------\Service_oreans32

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\documents and settings\Ben\Application Data\Malwarebytes
    2010-01-10 19:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-10 19:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-10 18:27 . 2010-01-10 18:47 -------- d-----w- c:\program files\Ad-Remover
    2010-01-10 17:37 . 2010-01-10 17:52 -------- d-----w- C:\Lop SD
    2010-01-10 17:31 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-01-10 17:31 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-01-10 17:31 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-01-10 17:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-01-10 17:31 . 2010-01-10 17:31 -------- d-----w- c:\program files\Avira
    2010-01-10 17:31 . 2010-01-10 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-01-07 12:57 . 2010-01-07 13:14 -------- d-----w- c:\temp\base maubeuge
    2010-01-07 12:46 . 2010-01-07 14:45 -------- d-----w- c:\documents and settings\Ben\Application Data\FileZilla
    2010-01-07 12:46 . 2010-01-07 12:46 -------- d-----w- c:\program files\FileZilla Client
    2009-12-22 15:46 . 2009-12-22 15:46 -------- d-----w- c:\program files\CheckPoint
    2009-12-22 15:10 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\Ben\Application Data\Grisoft
    2009-12-22 15:10 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
    2009-12-22 15:10 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
    2009-12-22 15:06 . 2009-12-22 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\documents and settings\Ben\Application Data\Yahoo!
    2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\program files\Yahoo!
    2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\program files\CCleaner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-10 22:14 . 2008-06-20 10:34 -------- d-----w- c:\documents and settings\Ben\Application Data\stickies
    2010-01-10 22:10 . 2008-09-02 10:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-01-10 17:19 . 2010-01-10 17:19 388096 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-01-10 17:02 . 2004-08-05 12:00 36484 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-10 17:02 . 2004-08-05 12:00 16406 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-10 17:02 . 2009-07-01 10:51 2 ----a-w- c:\windows\system32\perfh040.dat
    2010-01-10 17:02 . 2009-07-01 10:51 2 ----a-w- c:\windows\system32\perfc040.dat
    2009-12-31 10:14 . 2009-09-25 14:20 -------- d-----w- c:\program files\Save Flash
    2009-12-31 10:13 . 2009-01-29 16:26 -------- d-----w- c:\program files\ElcomSoft
    2009-12-29 14:34 . 2009-11-09 10:20 -------- d-----w- c:\program files\Google
    2009-12-22 15:46 . 2009-12-22 15:46 4710 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{864689d2-c3c2-4a4e-bc02-6a8a170e9b41}\ARPPRODUCTICON.exe
    2009-12-22 15:08 . 2009-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-11 07:48 . 2009-02-09 10:30 -------- d-----w- c:\program files\Microsoft ActiveSync
    2009-12-09 14:16 . 2009-12-09 14:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-09 14:06 . 2009-12-09 09:55 -------- d-----w- c:\program files\Spyware Doctor
    2009-12-09 10:18 . 2009-12-09 10:18 -------- d-----w- c:\documents and settings\Ben\Application Data\OfficeRecovery
    2009-12-09 10:17 . 2009-12-09 10:17 -------- d-----w- c:\program files\OfficeRecovery
    2009-12-09 10:17 . 2009-12-09 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeRecovery
    2009-12-09 09:56 . 2009-12-09 09:55 -------- d-----w- c:\program files\Fichiers communs\PC Tools
    2009-12-09 09:55 . 2009-12-09 09:55 -------- d-----w- c:\documents and settings\Ben\Application Data\PC Tools
    2009-12-09 09:55 . 2009-12-09 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2009-12-07 22:14 . 2009-12-07 22:14 -------- d-----w- c:\program files\RegCleaner
    2009-12-07 14:22 . 2009-02-03 15:17 -------- d-----w- c:\program files\Look@LAN
    2009-12-01 09:06 . 2009-12-01 09:06 -------- d-----w- c:\program files\UltraVNC
    2009-11-27 07:37 . 2009-11-26 16:53 -------- d-----w- c:\program files\a-squared Free
    2009-11-21 18:01 . 2009-06-04 10:33 344272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-19 10:32 . 2009-11-19 10:32 -------- d-----w- c:\program files\Recuva
    2009-11-19 09:49 . 2008-06-20 08:25 -------- d-----w- c:\program files\G_I
    2009-11-16 13:14 . 2009-11-16 13:14 -------- d-----w- c:\program files\Fichiers communs\DVDVIDEOSOFT
    2009-11-16 13:14 . 2009-11-16 13:14 -------- d-----w- c:\program files\DVDVIDEOSOFT
    2009-11-14 22:23 . 2009-11-14 22:23 -------- d-----w- c:\program files\Microsoft
    2009-11-12 13:12 . 2009-11-12 13:12 -------- d-----w- c:\program files\Publication Web
    2009-11-10 09:28 . 2009-12-09 09:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2009-11-10 09:28 . 2009-12-09 09:56 165840 ----a-w- c:\windows\PCTBDRes.dll
    2009-11-10 09:28 . 2009-12-09 09:56 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2009-11-10 09:26 . 2009-12-09 09:56 767952 ----a-w- c:\windows\BDTSupport.dll
    2009-11-09 13:03 . 2009-11-09 13:03 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-09 10:20 . 2009-12-09 09:55 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-11-06 16:04 . 2008-07-10 15:51 70 ----a-w- c:\windows\system32\mslck.dat
    2009-11-01 13:01 . 2009-11-01 12:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-10-30 10:11 . 2009-12-09 09:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-10-29 07:44 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2009-10-29 07:44 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-10-29 07:44 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-10-28 00:36 . 2009-12-09 09:56 1152444 ----a-w- c:\windows\UDB.zip
    2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-20 15:06 . 2009-06-16 13:12 0 ----a-w- C:\ADFHexSendTest.dat
    2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
    "Google Update"="c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
    "BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2007-10-30 102400]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-23 2616488]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
    "B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2008-06-17 179536]
    "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
    "PDF Converter Registry Controller"="c:\program files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe" [2004-08-18 98304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\Ben\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-3 1044480]
    IPSec Dial Client.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2008-7-7 65588]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 19:45 20616]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/12/2009 10:55 207792]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/06/2008 08:00 685816]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 18:31 108289]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/12/2009 10:56 112592]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [07/07/2008 10:03 467002]
    R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [07/07/2008 10:03 119352]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [01/07/2009 11:51 50192]
    R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [17/09/2007 14:40 225808]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [17/09/2007 14:40 36368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [20/06/2008 08:06 6016]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [07/07/2008 10:02 36188]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 11:21 135664]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [06/07/2009 18:38 13224]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 13:58 26248]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [09/12/2009 10:55 359624]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [19/06/2008 16:00 652552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 10:20]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 10:20]

    2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003Core.job
    - c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 08:18]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003UA.job
    - c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 08:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://clichyportail.ineo/
    uInternet Settings,ProxyServer = proxy-aim.ineo:80
    uInternet Settings,ProxyOverride = 10.*;*.ineo;*.suez;*.capclichy;rcs-*;*.local;<local>
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Ouvrir le fichier PDF dans Word (PDF Converter 2.0) - c:\program files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /300
    Trusted Zone: localhost
    DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://pari.transpole.fr//SNX/CSHELL/extender.cab
    FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\08qge200.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - plugin: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\08qge200.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SafeBoot-AVG Anti-Spyware Driver

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-10 23:13
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x86F7C8AC]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7686f28
    \Driver\ACPI -> ACPI.sys @ 0xf74d6cb8
    \Driver\atapi -> atapi.sys @ 0xf7453b40
    IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
    ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
    \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
    ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
    NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7332bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7321a0d
    SendHandler -> NDIS.sys @ 0xf7335b40
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1964)
    c:\windows\system32\netprovcredman.dll

    - - - - - - - > 'lsass.exe'(2020)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'explorer.exe'(3812)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Equant\Dialer\EACSvrMngr.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
    c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Microsoft ActiveSync\Wcescomm.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-10 23:20:08 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-10 22:20

    Avant-CF: 4 519 227 392 octets libres
    Après-CF: 4 414 832 640 octets libres

    - - End Of File - - 361B0C2F484CED402C803FE000923FD0
    0
  11. archet9
     
    Tu sembles en sourire...mais ton pc est salement infecté....!!!!

    Supprimes Combofix ainsi:
    >Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :

    ComboFix /uninstall

    -->Valides .

    Rends toi sur ce site:
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    et retélécharges Combofix...

    Imperatif::

    INSTALLES LA CONSOLE DE RÉCUPÉRATION ....et relances
    Combo en mode sans échec

    https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/

    a+
    -
    .
    ........
    0