Win32.Adware.Dropperper

benguigui -  
 Utilisateur anonyme -
Bonjour,
je suis infecté par ce virus adware " Win32.Adware.Dropperper "

J'ai lancé HikackThis et j'ai obtenu ceci :
Quelqu'un peut me dire quoi faire ensuite .?

Merci à vous..

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:24:10, on 10/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clichyportail.ineo/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-aim.ineo:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.ineo;*.suez;*.capclichy;rcs-*;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: embarque
O1 - Hosts: 200.10.10.1 CLUSLC1 # Cluster serveur SLC 1
O1 - Hosts: 200.10.10.2 CLUSLC2 # Cluster serveur SLC 2
O1 - Hosts: 200.10.10.1 CLUSAETR1 # Cluster serveur SAETR 1
O1 - Hosts: 200.10.10.2 CLUSAETR2 # Cluster serveur SAETR 2
O1 - Hosts: 200.10.10.1 CLUSAI1 # Cluster serveur SAI 1
O1 - Hosts: 200.10.10.2 CLUSAI2 # Cluster serveur SAI2
O1 - Hosts: R_TOURC # Routeur Belgacom
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: IPSec Dial Client.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /300
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://pari.transpole.fr//SNX/CSHELL/extender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Unknown owner - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Unknown owner - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

10 réponses

Réponse 1 / 10
Utilisateur anonyme
 
Bonsoir,


Télécharge LopSD.exe sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Clique sur le raccourci LopSD présent sur le Bureau pour lancer LopSD.

Choisis la langue F pour Français puis valide par Entrée.

Choisis l'option suppression en saisissant 2 puis valide par Entrée
.
* Patiente jusqu'à la fin du scan
* Poste le rapport généré qui se trouve ici => (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

a+
0
Réponse 2 / 10
benguigui
 
MERCI MEC..

Voici le log :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
USER : Ben ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/01/2010|18:38 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[23/01/2009|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
[11/09/2009|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[19/08/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
[29/07/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29/07/2008|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[11/09/2009|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/09/2009|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[10/01/2010|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[03/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[20/06/2008|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[24/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[19/06/2008|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[24/05/2009|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[22/12/2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[17/07/2008|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[27/04/2009|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[23/06/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[19/10/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LGMOBILEAX
[14/10/2008|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[30/07/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[07/01/2010|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[09/12/2009|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OfficeRecovery
[09/12/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[23/09/2009|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[22/12/2009|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[10/01/2010|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/05/2009|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[23/01/2009|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[20/06/2008|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/07/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[22/12/2009|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[27/04/2009|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zeon

[20/06/2008|11:33] C:\DOCUME~1\Ben\APPLIC~1\3M
[28/06/2009|15:00] C:\DOCUME~1\Ben\APPLIC~1\Adobe
[07/07/2008|15:56] C:\DOCUME~1\Ben\APPLIC~1\AdobeUM
[21/09/2009|11:22] C:\DOCUME~1\Ben\APPLIC~1\Apple Computer
[24/09/2008|18:31] C:\DOCUME~1\Ben\APPLIC~1\CyberLink
[20/06/2008|08:03] C:\DOCUME~1\Ben\APPLIC~1\DAEMON Tools Pro
[27/08/2008|20:19] C:\DOCUME~1\Ben\APPLIC~1\DeepBurner
[19/06/2008|15:59] C:\DOCUME~1\Ben\APPLIC~1\Dell
[22/10/2008|16:36] C:\DOCUME~1\Ben\APPLIC~1\DivX
[25/09/2009|19:22] C:\DOCUME~1\Ben\APPLIC~1\dvdcss
[26/09/2008|15:33] C:\DOCUME~1\Ben\APPLIC~1\eMule
[23/07/2009|10:11] C:\DOCUME~1\Ben\APPLIC~1\Ethereal
[07/01/2010|15:45] C:\DOCUME~1\Ben\APPLIC~1\FileZilla
[09/11/2009|11:29] C:\DOCUME~1\Ben\APPLIC~1\Google
[22/12/2009|16:10] C:\DOCUME~1\Ben\APPLIC~1\Grisoft
[14/08/2008|16:15] C:\DOCUME~1\Ben\APPLIC~1\Help
[19/06/2008|14:35] C:\DOCUME~1\Ben\APPLIC~1\Identities
[24/05/2009|16:00] C:\DOCUME~1\Ben\APPLIC~1\ImgBurn
[19/06/2008|15:35] C:\DOCUME~1\Ben\APPLIC~1\InstallShield
[23/06/2008|11:00] C:\DOCUME~1\Ben\APPLIC~1\Intel
[19/10/2008|21:34] C:\DOCUME~1\Ben\APPLIC~1\LG Electronics
[14/10/2008|15:12] C:\DOCUME~1\Ben\APPLIC~1\Macromedia
[09/12/2009|11:06] C:\DOCUME~1\Ben\APPLIC~1\Microsoft
[20/06/2008|08:16] C:\DOCUME~1\Ben\APPLIC~1\Microsoft Web Folders
[14/08/2008|08:23] C:\DOCUME~1\Ben\APPLIC~1\Mozilla
[29/09/2009|15:11] C:\DOCUME~1\Ben\APPLIC~1\Notepad++
[21/07/2008|15:06] C:\DOCUME~1\Ben\APPLIC~1\Nvu
[09/12/2009|11:18] C:\DOCUME~1\Ben\APPLIC~1\OfficeRecovery
[09/12/2009|10:55] C:\DOCUME~1\Ben\APPLIC~1\PC Tools
[24/09/2009|17:53] C:\DOCUME~1\Ben\APPLIC~1\pdfforge
[24/09/2009|17:53] C:\DOCUME~1\Ben\APPLIC~1\Search Settings
[10/01/2010|18:01] C:\DOCUME~1\Ben\APPLIC~1\stickies
[25/09/2008|23:16] C:\DOCUME~1\Ben\APPLIC~1\Sun
[30/09/2008|13:06] C:\DOCUME~1\Ben\APPLIC~1\TomTom
[23/01/2009|23:34] C:\DOCUME~1\Ben\APPLIC~1\TuneUp Software
[20/06/2008|11:35] C:\DOCUME~1\Ben\APPLIC~1\vlc
[25/09/2008|22:54] C:\DOCUME~1\Ben\APPLIC~1\WinRAR
[21/01/2009|15:08] C:\DOCUME~1\Ben\APPLIC~1\Wireshark
[22/12/2009|16:06] C:\DOCUME~1\Ben\APPLIC~1\Yahoo!
[27/04/2009|08:16] C:\DOCUME~1\Ben\APPLIC~1\zeon

[23/06/2008|11:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[19/06/2008|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[04/08/2008|17:02] C:\DOCUME~1\Ineo\APPLIC~1\Dell
[08/02/2009|10:20] C:\DOCUME~1\Ineo\APPLIC~1\DivX
[04/08/2008|17:01] C:\DOCUME~1\Ineo\APPLIC~1\Identities
[23/06/2008|11:00] C:\DOCUME~1\Ineo\APPLIC~1\Intel
[08/02/2009|10:26] C:\DOCUME~1\Ineo\APPLIC~1\Microsoft

[21/08/2008|16:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Acronis
[23/06/2008|11:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[20/06/2008|07:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[23/06/2008|11:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[19/06/2008|14:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/01/2010 18:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[10/01/2010 17:59][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[10/01/2010 18:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003UA.job
[05/01/2010 13:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003Core.job
[10/01/2010 17:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[19/08/2008|22:33] C:\Program Files\Acronis
[07/11/2009|12:38] C:\Program Files\Adobe
[27/11/2008|23:10] C:\Program Files\AGEIA Technologies
[10/06/2009|11:25] C:\Program Files\Ahead
[11/09/2009|06:50] C:\Program Files\Apple Software Update
[27/11/2009|08:37] C:\Program Files\a-squared Free
[27/08/2008|20:06] C:\Program Files\Astonsoft
[16/09/2008|14:10] C:\Program Files\AstroSoft
[10/01/2010|18:31] C:\Program Files\Avira
[03/02/2009|12:36] C:\Program Files\Blighty Design
[11/09/2009|06:53] C:\Program Files\Bonjour
[19/06/2008|14:54] C:\Program Files\Broadcom
[20/03/2009|15:34] C:\Program Files\CartoGps V2.9
[22/12/2009|16:06] C:\Program Files\CCleaner
[22/12/2009|16:46] C:\Program Files\CheckPoint
[20/06/2008|09:32] C:\Program Files\Ciel
[19/06/2008|14:25] C:\Program Files\ComPlus Applications
[19/06/2008|15:49] C:\Program Files\CONEXANT
[07/07/2008|10:02] C:\Program Files\CoSine Communications
[24/09/2008|18:30] C:\Program Files\CyberLink
[20/06/2008|13:56] C:\Program Files\DAEMON Tools Pro
[19/06/2008|15:59] C:\Program Files\Dell
[19/06/2008|15:36] C:\Program Files\Digital Line Detect
[22/10/2008|16:34] C:\Program Files\DivX
[24/05/2009|15:34] C:\Program Files\DVD Shrink
[16/11/2009|14:14] C:\Program Files\DVDVIDEOSOFT
[31/12/2009|11:13] C:\Program Files\ElcomSoft
[26/09/2008|15:33] C:\Program Files\eMule
[07/07/2008|10:01] C:\Program Files\Equant
[03/07/2009|07:11] C:\Program Files\Ethereal
[09/12/2009|10:55] C:\Program Files\Fichiers communs
[07/01/2010|13:46] C:\Program Files\FileZilla Client
[28/05/2009|22:04] C:\Program Files\FolderAccess
[24/09/2009|09:53] C:\Program Files\Free PDF to Word Doc Converter
[19/11/2009|10:49] C:\Program Files\G_I
[29/12/2009|15:34] C:\Program Files\Google
[22/12/2009|16:09] C:\Program Files\Grisoft
[17/07/2009|10:25] C:\Program Files\HD Tune
[26/12/2008|19:29] C:\Program Files\Hewlett-Packard
[10/01/2010|18:19] C:\Program Files\hijackthis
[11/09/2009|09:50] C:\Program Files\HP
[03/11/2009|08:40] C:\Program Files\InstallShield Installation Information
[27/02/2009|12:36] C:\Program Files\Intel
[11/12/2009|08:47] C:\Program Files\Internet Explorer
[11/09/2009|06:54] C:\Program Files\iPod
[11/09/2009|06:55] C:\Program Files\iTunes
[02/10/2008|09:00] C:\Program Files\IVT Corporation
[09/11/2009|14:04] C:\Program Files\Java
[10/07/2009|13:18] C:\Program Files\KontextViewer
[19/10/2008|21:33] C:\Program Files\LG Electronics
[19/10/2008|21:33] C:\Program Files\LG PC Suite 2
[07/12/2009|15:22] C:\Program Files\Look@LAN
[19/06/2008|15:41] C:\Program Files\lotus
[14/10/2008|15:10] C:\Program Files\Macromedia
[05/09/2008|09:52] C:\Program Files\MagicPDF
[19/06/2008|15:46] C:\Program Files\Ma‹do Production
[20/01/2009|16:34] C:\Program Files\Messenger
[26/09/2008|15:49] C:\Program Files\Messenger Plus! Live
[14/11/2009|23:23] C:\Program Files\Microsoft
[11/12/2009|08:48] C:\Program Files\Microsoft ActiveSync
[19/06/2008|14:28] C:\Program Files\microsoft frontpage
[09/09/2009|10:39] C:\Program Files\Microsoft Office
[12/11/2009|14:11] C:\Program Files\Microsoft Visual Studio
[09/09/2009|10:39] C:\Program Files\Microsoft.NET
[16/06/2009|13:29] C:\Program Files\Motorola
[31/10/2008|04:00] C:\Program Files\Movie Maker
[10/01/2010|18:06] C:\Program Files\Mozilla Firefox
[03/06/2009|15:39] C:\Program Files\MSBuild
[24/02/2009|10:56] C:\Program Files\MSECache
[19/06/2008|14:24] C:\Program Files\MSN
[19/06/2008|14:24] C:\Program Files\MSN Gaming Zone
[20/01/2009|16:25] C:\Program Files\MSXML 4.0
[20/11/2008|14:28] C:\Program Files\NETGEAR ReadyNAS
[27/01/2009|10:19] C:\Program Files\NetMeeting
[29/09/2009|15:03] C:\Program Files\Notepad++
[31/10/2008|04:16] C:\Program Files\Nvu
[09/12/2009|11:17] C:\Program Files\OfficeRecovery
[19/06/2008|14:24] C:\Program Files\Online Services
[31/10/2008|04:17] C:\Program Files\Ontrack
[20/06/2008|11:16] C:\Program Files\OrangeBS
[12/09/2009|19:42] C:\Program Files\Outlook Express
[03/11/2009|08:40] C:\Program Files\PC Inspector File Recovery
[24/09/2009|10:30] C:\Program Files\PDFCreator
[24/09/2009|10:30] C:\Program Files\pdfforge Toolbar
[24/09/2009|16:08] C:\Program Files\Plasma Pong
[19/09/2008|11:05] C:\Program Files\PowerQuest
[12/11/2009|14:12] C:\Program Files\Publication Web
[11/09/2009|06:52] C:\Program Files\QuickTime
[19/11/2009|11:32] C:\Program Files\Recuva
[03/06/2009|15:39] C:\Program Files\Reference Assemblies
[07/12/2009|23:14] C:\Program Files\RegCleaner
[31/12/2009|11:14] C:\Program Files\Save Flash
[27/04/2009|08:16] C:\Program Files\ScanSoft
[19/06/2008|14:27] C:\Program Files\Services en ligne
[19/06/2008|15:47] C:\Program Files\SigmaTel
[19/05/2009|16:19] C:\Program Files\SIW
[06/07/2009|18:38] C:\Program Files\Sony Ericsson
[09/12/2009|15:16] C:\Program Files\Spybot - Search & Destroy
[09/12/2009|15:06] C:\Program Files\Spyware Doctor
[20/06/2008|11:34] C:\Program Files\Stickies
[20/06/2008|07:30] C:\Program Files\TaskSwitchXP
[30/09/2008|11:32] C:\Program Files\TomTom DesktopSuite
[26/05/2009|09:26] C:\Program Files\TomTom HOME
[26/05/2009|09:37] C:\Program Files\TomTom HOME 2
[26/05/2009|09:38] C:\Program Files\TomTom International B.V
[01/07/2009|11:51] C:\Program Files\Trend Micro
[17/10/2008|03:34] C:\Program Files\UltraISO
[01/12/2009|10:06] C:\Program Files\UltraVNC
[10/06/2009|13:11] C:\Program Files\Uninstall Information
[20/06/2008|11:35] C:\Program Files\VideoLAN
[03/06/2009|16:07] C:\Program Files\WBFS
[09/10/2009|08:29] C:\Program Files\Windows CE 5.0 Emulator
[25/09/2008|12:12] C:\Program Files\Windows Live
[25/12/2008|23:57] C:\Program Files\Windows Live SkyDrive
[20/06/2008|07:22] C:\Program Files\Windows Media Connect 2
[16/11/2009|14:47] C:\Program Files\Windows Media Player
[31/10/2008|03:55] C:\Program Files\Windows NT
[19/06/2008|14:27] C:\Program Files\WindowsUpdate
[08/09/2008|10:01] C:\Program Files\WinPcap
[30/09/2008|18:49] C:\Program Files\WinRAR
[08/09/2008|10:01] C:\Program Files\Wireshark
[19/06/2008|14:28] C:\Program Files\xerox
[22/12/2009|16:06] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[19/08/2008|22:34] C:\Program Files\Fichiers communs\Acronis
[07/11/2009|12:39] C:\Program Files\Fichiers communs\Adobe
[29/07/2008|11:12] C:\Program Files\Fichiers communs\Adobe Systems Shared
[10/06/2009|11:24] C:\Program Files\Fichiers communs\Ahead
[11/09/2009|06:54] C:\Program Files\Fichiers communs\Apple
[19/05/2009|11:13] C:\Program Files\Fichiers communs\Ciel
[12/11/2009|14:11] C:\Program Files\Fichiers communs\DESIGNER
[07/07/2008|10:02] C:\Program Files\Fichiers communs\Deterministic Networks
[16/11/2009|14:14] C:\Program Files\Fichiers communs\DVDVIDEOSOFT
[17/10/2008|03:34] C:\Program Files\Fichiers communs\EZB Systems
[20/06/2008|11:20] C:\Program Files\Fichiers communs\France Telecom
[26/12/2008|19:28] C:\Program Files\Fichiers communs\Hewlett-Packard
[27/04/2009|08:16] C:\Program Files\Fichiers communs\InstallShield
[25/09/2008|23:12] C:\Program Files\Fichiers communs\Java
[21/07/2008|14:02] C:\Program Files\Fichiers communs\Macromedia
[10/01/2010|18:30] C:\Program Files\Fichiers communs\Microsoft Shared
[19/06/2008|14:26] C:\Program Files\Fichiers communs\MSSoap
[10/06/2009|11:26] C:\Program Files\Fichiers communs\Nero
[19/06/2008|16:19] C:\Program Files\Fichiers communs\ODBC
[09/12/2009|10:56] C:\Program Files\Fichiers communs\PC Tools
[27/04/2009|08:16] C:\Program Files\Fichiers communs\Scansoft Shared
[19/06/2008|14:26] C:\Program Files\Fichiers communs\Services
[19/06/2008|16:19] C:\Program Files\Fichiers communs\SpeechEngines
[08/12/2009|14:43] C:\Program Files\Fichiers communs\System
[25/09/2008|12:09] C:\Program Files\Fichiers communs\Windows Live
[30/07/2008|19:30] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 18:49:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:25][D:19]-> C:\DOCUME~1\Ben\LOCALS~1\Temp
[F:30][D:0]-> C:\DOCUME~1\Ben\Cookies
[F:658][D:5]-> C:\DOCUME~1\Ben\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2010|18:52 - Option : [2]

--------------------\\ Fin du rapport a 18:52:36
0
Réponse 3 / 10
Utilisateur anonyme
 
Bon...un coup pour rien.... c'est pas grave !

Télécharges AD-REMOVER
ou
AD-REMOVER

(de Cyrildu17 / C_XX) sur ton Bureau.

Déconnectes-toi et ferme toutes applications en cours

Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
Double-clique sur l'icône [AD-Remover située sur ton Bureau.
Au menu principal, choisis l'option L.Postes le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

a+
0
Réponse 4 / 10
benguigui
 
Ouhh . long ce scan..!

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.01.2010 à 18:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:30:22, 10/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\PROGRA~1\AD-REM~1\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: RCS-BAIVIER | Utilisateur actuel: Ben

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
C:\Program Files\pdfforge Toolbar
C:\DOCUME~1\Ben\APPLIC~1\pdfforge
C:\DOCUME~1\Ben\APPLIC~1\Search Settings
C:\Windows\Installer\4429192.msi

(!) -- Fichiers temporaires supprimés.

.
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\pdfforge
HKCU\software\Search Settings
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
HKLM\software\pdfforge
HKLM\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: 08qge200.default (Ben)
.
(Ben, prefs.js) Browser.download.lastDir, C:\temp
(Ben, prefs.js) Browser.startup.homepage, hxxp://www.google.fr
(Ben, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,LogMeInClient@logmein.com:1.0.0.407,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1,search@searchsettings.com:1.2.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7,{173487d0-5384-11dd-ae16-0800200c9a66}:0.5
(Ben, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Local Page: C:\WINDOWS\system32\blank.htm
Do404Search: 01000000
Enable Browser Extensions: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5164 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\Ben\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\PROGRA~1\AD-REM~1\BACKUP
79 Fichier(s) - C:\PROGRA~1\AD-REM~1\QUARANTINE
.
Fin à: 19:47:51 | 10/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Utilisateur anonyme
 
Très bien...

Fais maintenant un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+
0
Réponse 6 / 10
benguigui
 
Penbdant le scan mon antiv a détecté des choses et les a supprimé, mais a la fin du scan le soft a qd meme detecté 4 choses et les a supp ..

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3536
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/01/2010 21:05:09
mbam-log-2010-01-10 (21-05-09).txt

Type de recherche: Examen rapide
Eléments examinés: 121680
Temps écoulé: 9 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 7 / 10
benguigui
 
Apparement plus de virus... trop fort mec !
Comment fais tu pour savoir quoi executé d'aprés les log des soft ??

encore merci à toi et bonne soirée
0
Réponse 8 / 10
Utilisateur anonyme
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

0
Réponse 9 / 10
benguigui
 
Voili voila mec..

ComboFix 10-01-04.01 - Ben 10/01/2010 22:59:28.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.532 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ben\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {3AA695C5-24F4-40C5-8CAF-77B2339B0BEB}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\AegisP.inf
c:\windows\system32\ntSVc.ocx

----- BITS: Il y a peut-être des sites infectés -----

hxxp://10.27.12.52
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 ))))))))))))))))))))))))))))))))))))
.

2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\documents and settings\Ben\Application Data\Malwarebytes
2010-01-10 19:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 19:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 19:43 . 2010-01-10 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 18:27 . 2010-01-10 18:47 -------- d-----w- c:\program files\Ad-Remover
2010-01-10 17:37 . 2010-01-10 17:52 -------- d-----w- C:\Lop SD
2010-01-10 17:31 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-10 17:31 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-10 17:31 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-10 17:31 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-10 17:31 . 2010-01-10 17:31 -------- d-----w- c:\program files\Avira
2010-01-10 17:31 . 2010-01-10 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-07 12:57 . 2010-01-07 13:14 -------- d-----w- c:\temp\base maubeuge
2010-01-07 12:46 . 2010-01-07 14:45 -------- d-----w- c:\documents and settings\Ben\Application Data\FileZilla
2010-01-07 12:46 . 2010-01-07 12:46 -------- d-----w- c:\program files\FileZilla Client
2009-12-22 15:46 . 2009-12-22 15:46 -------- d-----w- c:\program files\CheckPoint
2009-12-22 15:10 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\Ben\Application Data\Grisoft
2009-12-22 15:10 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2009-12-22 15:10 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-12-22 15:06 . 2009-12-22 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\documents and settings\Ben\Application Data\Yahoo!
2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\program files\Yahoo!
2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 22:14 . 2008-06-20 10:34 -------- d-----w- c:\documents and settings\Ben\Application Data\stickies
2010-01-10 22:10 . 2008-09-02 10:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-10 17:19 . 2010-01-10 17:19 388096 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-10 17:02 . 2004-08-05 12:00 36484 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-10 17:02 . 2004-08-05 12:00 16406 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-10 17:02 . 2009-07-01 10:51 2 ----a-w- c:\windows\system32\perfh040.dat
2010-01-10 17:02 . 2009-07-01 10:51 2 ----a-w- c:\windows\system32\perfc040.dat
2009-12-31 10:14 . 2009-09-25 14:20 -------- d-----w- c:\program files\Save Flash
2009-12-31 10:13 . 2009-01-29 16:26 -------- d-----w- c:\program files\ElcomSoft
2009-12-29 14:34 . 2009-11-09 10:20 -------- d-----w- c:\program files\Google
2009-12-22 15:46 . 2009-12-22 15:46 4710 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{864689d2-c3c2-4a4e-bc02-6a8a170e9b41}\ARPPRODUCTICON.exe
2009-12-22 15:08 . 2009-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 07:48 . 2009-02-09 10:30 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-09 14:16 . 2009-12-09 14:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-09 14:06 . 2009-12-09 09:55 -------- d-----w- c:\program files\Spyware Doctor
2009-12-09 10:18 . 2009-12-09 10:18 -------- d-----w- c:\documents and settings\Ben\Application Data\OfficeRecovery
2009-12-09 10:17 . 2009-12-09 10:17 -------- d-----w- c:\program files\OfficeRecovery
2009-12-09 10:17 . 2009-12-09 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeRecovery
2009-12-09 09:56 . 2009-12-09 09:55 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-12-09 09:55 . 2009-12-09 09:55 -------- d-----w- c:\documents and settings\Ben\Application Data\PC Tools
2009-12-09 09:55 . 2009-12-09 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-07 22:14 . 2009-12-07 22:14 -------- d-----w- c:\program files\RegCleaner
2009-12-07 14:22 . 2009-02-03 15:17 -------- d-----w- c:\program files\Look@LAN
2009-12-01 09:06 . 2009-12-01 09:06 -------- d-----w- c:\program files\UltraVNC
2009-11-27 07:37 . 2009-11-26 16:53 -------- d-----w- c:\program files\a-squared Free
2009-11-21 18:01 . 2009-06-04 10:33 344272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:32 . 2009-11-19 10:32 -------- d-----w- c:\program files\Recuva
2009-11-19 09:49 . 2008-06-20 08:25 -------- d-----w- c:\program files\G_I
2009-11-16 13:14 . 2009-11-16 13:14 -------- d-----w- c:\program files\Fichiers communs\DVDVIDEOSOFT
2009-11-16 13:14 . 2009-11-16 13:14 -------- d-----w- c:\program files\DVDVIDEOSOFT
2009-11-14 22:23 . 2009-11-14 22:23 -------- d-----w- c:\program files\Microsoft
2009-11-12 13:12 . 2009-11-12 13:12 -------- d-----w- c:\program files\Publication Web
2009-11-10 09:28 . 2009-12-09 09:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 09:28 . 2009-12-09 09:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 09:28 . 2009-12-09 09:56 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 09:26 . 2009-12-09 09:56 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 13:03 . 2009-11-09 13:03 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-09 10:20 . 2009-12-09 09:55 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-06 16:04 . 2008-07-10 15:51 70 ----a-w- c:\windows\system32\mslck.dat
2009-11-01 13:01 . 2009-11-01 12:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 10:11 . 2009-12-09 09:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-29 07:44 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2004-08-05 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-28 00:36 . 2009-12-09 09:56 1152444 ----a-w- c:\windows\UDB.zip
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 15:06 . 2009-06-16 13:12 0 ----a-w- C:\ADFHexSendTest.dat
2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"Google Update"="c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2007-10-30 102400]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-23 2616488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2008-06-17 179536]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"PDF Converter Registry Controller"="c:\program files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe" [2004-08-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Ben\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-3 1044480]
IPSec Dial Client.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2008-7-7 65588]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 19:45 20616]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/12/2009 10:55 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/06/2008 08:00 685816]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 18:31 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/12/2009 10:56 112592]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [07/07/2008 10:03 467002]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [07/07/2008 10:03 119352]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [01/07/2009 11:51 50192]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [17/09/2007 14:40 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [17/09/2007 14:40 36368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [20/06/2008 08:06 6016]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [07/07/2008 10:02 36188]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 11:21 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [06/07/2009 18:38 13224]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 13:58 26248]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [09/12/2009 10:55 359624]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [19/06/2008 16:00 652552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 10:20]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 10:20]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003Core.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 08:18]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-261903793-725345543-1003UA.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 08:18]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://clichyportail.ineo/
uInternet Settings,ProxyServer = proxy-aim.ineo:80
uInternet Settings,ProxyOverride = 10.*;*.ineo;*.suez;*.capclichy;rcs-*;*.local;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir le fichier PDF dans Word (PDF Converter 2.0) - c:\program files\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /300
Trusted Zone: localhost
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://pari.transpole.fr//SNX/CSHELL/extender.cab
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\08qge200.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\08qge200.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-AVG Anti-Spyware Driver



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 23:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x86F7C8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7686f28
\Driver\ACPI -> ACPI.sys @ 0xf74d6cb8
\Driver\atapi -> atapi.sys @ 0xf7453b40
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7332bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7321a0d
SendHandler -> NDIS.sys @ 0xf7335b40
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1964)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(2020)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Equant\Dialer\EACSvrMngr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-01-10 23:20:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-10 22:20

Avant-CF: 4 519 227 392 octets libres
Après-CF: 4 414 832 640 octets libres

- - End Of File - - 361B0C2F484CED402C803FE000923FD0
0
Réponse 10 / 10
Utilisateur anonyme
 
Tu sembles en sourire...mais ton pc est salement infecté....!!!!

Supprimes Combofix ainsi:
>Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :

ComboFix /uninstall


-->Valides .

Rends toi sur ce site:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

et retélécharges Combofix...


Imperatif::

INSTALLES LA CONSOLE DE RÉCUPÉRATION ....et relances
Combo en mode sans échec

https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/

a+
-
.
........
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses