Sujet Précédent Sujet Suivant

Trojan Win32:BHO-KD

Résolu/Fermé
Utilisateur anonyme - 1 janv. 2008 à 18:25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 - 21 févr. 2008 à 20:47
Bonjour, j'ai un problème avec mon ordinateur depuis ce matin.

Avast a détecté un Cheval de Troie (Win32:BHO-KD sur le fichier cnetcf). Cependant, je n'arrive pas à réparer ce fichier, car l'accès m'y est refusé. Voici un scan avec Hijack This.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:50, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {56686B29-F0A9-41FF-B913-B907BB764600} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nss36.dll
O2 - BHO: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsk188.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Annabac Série S 2001 - Planning .lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jérôme\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Voilà.
Merci d'avance et bonne année.
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
1 janv. 2008 à 18:33
Bonjour,

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un nouveau rapport Hijackthis.

FillPCA
0
Réponse 2 / 24
Utilisateur anonyme
1 janv. 2008 à 18:50
Voilà.

J'ai suivi ce que vous m'aviez demandé. Voici le rapport de Combofix :

ComboFix 07-12-31.4 - Jérôme 2008-01-01 18:37:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
Running from: C:\Documents and Settings\Jérôme\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cynthia\Application Data\ShoppingReport
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Cynthia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Jérôme\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport
C:\Program Files\ShoppingReport
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\nsk188.dll
C:\WINDOWS\system32\nss36.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 18:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:57 . 2008-01-01 17:57 <REP> d-------- C:\VundoFix Backups
2008-01-01 17:40 . 2008-01-01 17:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-01 17:28 . 2008-01-01 17:28 <REP> d-------- C:\Program Files\Avira
2008-01-01 17:28 . 2008-01-01 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-01 13:13 . 2008-01-01 13:13 <REP> d-------- C:\Documents and Settings\Jérôme\Application Data\Grisoft
2008-01-01 13:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-01 13:12 . 2008-01-01 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 12:48 . 2008-01-01 12:48 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 12:38 . 2007-04-22 12:32 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-01 12:38 . 2008-01-01 12:42 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-01 12:38 . 2002-09-10 10:43 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-01 12:38 . 2002-09-10 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-01 12:38 . 2008-01-01 12:42 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-01-01 12:38 . 2007-04-22 12:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-12-27 14:53 . 2007-12-27 14:53 <REP> d-------- C:\Documents and Settings\Jérôme\Application Data\Home Sweet Home
2007-12-25 23:44 . 2007-12-25 23:44 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-25 23:44 . 2007-12-25 23:44 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-25 23:39 . 2007-12-25 23:39 <REP> d-------- C:\Program Files\Atari
2007-12-25 11:59 . 19,456 C:\WINDOWS\system32\drivers\lzlywpip.dat
2007-12-25 11:52 . 2001-08-28 11:00 84,992 --a------ C:\WINDOWS\system32\cnetcf.dll
2007-12-22 12:08 . 2007-12-22 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-22 12:02 . 2007-12-22 12:02 <REP> d-------- C:\Program Files\Bonjour
2007-12-22 11:42 . 2007-12-22 11:42 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-19 06:42 . 2007-12-19 06:42 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-19 06:38 . 2007-12-19 06:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\Dcads_sidebar.dll
2007-12-17 15:30 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-17 15:30 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-17 15:30 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-17 15:30 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-17 15:30 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-17 15:30 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-17 15:30 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-17 15:23 . 2006-06-02 20:32 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-10 19:52 . 2007-12-10 19:52 303,104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-05 12:28 . 2007-12-31 23:13 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-03 15:49 . 2007-12-20 06:42 77,360 --a------ C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:37 --------- d-----w C:\Program Files\MultiMedia France Toolbar
2007-12-31 23:17 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-31 23:17 --------- d-----w C:\Program Files\LimeWire
2007-12-29 15:06 --------- d-----w C:\Documents and Settings\Jérôme\Application Data\LimeWire
2007-12-27 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 14:47 --------- d-----w C:\Program Files\Gamenext
2007-12-27 13:35 --------- d-----w C:\Program Files\GamesBar
2007-12-25 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-18 07:27 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-06 17:20 --------- d-----w C:\Documents and Settings\Jérôme\Application Data\Image Zone Express
2007-12-06 17:19 --------- d-----w C:\Documents and Settings\Jérôme\Application Data\HP
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-01 12:21 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-30 17:27 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-11-28 06:06 --------- d-----w C:\Program Files\Windows Live
2007-11-20 12:48 --------- d-----w C:\Program Files\Secured_eMule
2007-11-20 12:48 --------- d-----w C:\Program Files\Online_TV
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:44 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-11-12 16:09 --------- d-----w C:\Documents and Settings\Jérôme\Application Data\Printer Info Cache
2007-11-12 16:08 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-11-11 12:52 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-10 16:37 --------- d-----w C:\Program Files\HomePlayer1.5.2
2007-11-05 16:52 --------- d-----w C:\Program Files\RealMedia
2007-11-03 16:29 --------- d-----w C:\Program Files\Java
2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-05-27 09:57 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-10 19:52 303104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-09-26 12:10 1453080 --a------ C:\Program Files\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56686B29-F0A9-41FF-B913-B907BB764600}]
2001-08-28 11:00 84992 --a------ C:\WINDOWS\system32\cnetcf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7009FCD4-05BE-44F4-9583-93FE419AB7B0}
{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}
{40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSec1.dll [2007-09-26 12:10 1453080]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-04-15 16:14 208946]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Update Service"="C:\Program Files\Fichiers communs\Teknum Systems\update.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 22:19 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-27 15:57 290816]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 17:51 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"ActivSurf"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2007-04-22 12:40 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Annabac S‚rie S 2001 - Planning .lnk - C:\Program Files\Hatier\Annabac S‚rie S 2001\planning.exe [2007-09-28 16:25:32]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R0 eunarqnb;eunarqnb;C:\WINDOWS\system32\drivers\lzlywpip.dat []
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 20:52]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 05:41]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 17:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 17:43]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 15:09]

*Newly Created Service* - AVGIO
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 18:49:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 17:42:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 18:43:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 18:46:56
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 17:46:44
.
2007-12-18 08:02:33 --- E O F ---

Maintenant, voici le rapport Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:33, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {56686B29-F0A9-41FF-B913-B907BB764600} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Annabac Série S 2001 - Planning .lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jérôme\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 3 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
1 janv. 2008 à 20:57
Re,

Cette infection se propage par p2p. Il faudra changer les habitude de surf.

1/ * Sélectionne le texte suivant :

Driver::
eunarqnb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56686B29-F0A9-41FF-B913-B907BB764600}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

File::
C:\WINDOWS\system32\drivers\lzlywpip.dat
C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\adssite_sidebar.dll

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Edite un nouveau rapport Hijackthis.
0
Réponse 4 / 24
Utilisateur anonyme
1 janv. 2008 à 21:22
Re.

Voici le rapport de Combofix avec le fichier CFScript :

ComboFix 07-12-31.4 - Jérôme 2008-01-01 21:02:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\Jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jérôme\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\drivers\lzlywpip.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\cnetcf.dll
C:\WINDOWS\system32\drivers\lzlywpip.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_EUNARQNB
-------\eunarqnb


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 18:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:57 . 2008-01-01 17:57 <REP> d-------- C:\VundoFix Backups
2008-01-01 17:40 . 2008-01-01 17:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-01 17:28 . 2008-01-01 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-01 13:13 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-01 13:12 . 2008-01-01 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 12:48 . 2008-01-01 12:48 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 12:38 . 2007-04-22 12:32 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-01 12:38 . 2002-09-10 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-01 12:38 . 2008-01-01 12:42 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-01 12:38 . 2002-09-10 10:43 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-01 12:38 . 2002-09-10 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-01 12:38 . 2008-01-01 12:42 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-01-01 12:38 . 2007-04-22 12:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-12-25 23:44 . 2007-12-25 23:44 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-25 23:44 . 2007-12-25 23:44 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-25 23:39 . 2007-12-25 23:39 <REP> d-------- C:\Program Files\Atari
2007-12-22 12:08 . 2007-12-22 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-22 12:02 . 2007-12-22 12:02 <REP> d-------- C:\Program Files\Bonjour
2007-12-22 11:42 . 2007-12-22 11:42 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-19 06:42 . 2007-12-19 06:42 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-19 06:38 . 2007-12-19 06:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\Dcads_sidebar.dll
2007-12-17 15:30 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-17 15:30 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-17 15:30 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-17 15:30 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-17 15:30 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-17 15:30 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-17 15:30 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-17 15:23 . 2006-06-02 20:32 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-05 12:28 . 2008-01-01 20:58 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-03 15:49 . 2007-12-20 06:42 77,360 --a------ C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:37 --------- d-----w C:\Program Files\MultiMedia France Toolbar
2007-12-31 23:17 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-31 23:17 --------- d-----w C:\Program Files\LimeWire
2007-12-27 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 14:47 --------- d-----w C:\Program Files\Gamenext
2007-12-27 13:35 --------- d-----w C:\Program Files\GamesBar
2007-12-25 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 06:06 --------- d-----w C:\Program Files\Windows Live
2007-11-20 12:48 --------- d-----w C:\Program Files\Secured_eMule
2007-11-20 12:48 --------- d-----w C:\Program Files\Online_TV
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:44 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-11-12 16:08 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-11-10 16:37 --------- d-----w C:\Program Files\HomePlayer1.5.2
2007-11-05 16:52 --------- d-----w C:\Program Files\RealMedia
2007-11-03 16:29 --------- d-----w C:\Program Files\Java
2007-05-27 09:57 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_18.46.02,56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-01 20:11:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4bc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-09-26 12:10 1453080 --a------ C:\Program Files\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7009FCD4-05BE-44F4-9583-93FE419AB7B0}
{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}
{40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSec1.dll [2007-09-26 12:10 1453080]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-04-15 16:14 208946]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Update Service"="C:\Program Files\Fichiers communs\Teknum Systems\update.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 22:19 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-27 15:57 290816]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 17:51 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"ActivSurf"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2007-04-22 12:40 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 20:52]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 05:41]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 17:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 17:43]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 15:09]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-06 18:49:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 19:42:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Puis le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21, on 2008-01-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Annabac Série S 2001 - Planning .lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jérôme\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
1 janv. 2008 à 21:28
Re,

1/ * Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
* Fais un clic droit ici : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger toolbar.bfu (de Chercheur). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : toolbar.bfu
o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\toolbar.bfu
o Clique sur Execute et laisse-le faire son travail.
o Attendre que Complete script execution apparaîsse et clique sur OK.
o Clique Exit pour fermer le programme BFU.
* Redémarre normalement.

2/ Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

3/ Edite aussi un nouveau rapport Hijackthis.

FillPCA
0
Réponse 6 / 24
Utilisateur anonyme
1 janv. 2008 à 21:47
Re.

Voici le rapport de lopxpMH :

Rapport lopxpMH2 version 2.0 fait à 21:44:44.12 le 2008-01-01
C:\Documents and Settings\Jérôme\Bureau\lopxpMH2\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Administrateur\Application Data

2008-01-01 12:38 <REP> .
2008-01-01 12:38 <REP> ..
2008-01-01 12:38 <REP> Adobe
2008-01-01 12:38 <REP> Identities
2008-01-01 12:38 <REP> InterTrust
2008-01-01 12:38 <REP> Microsoft
2008-01-01 12:38 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 94,312,148,992 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

2008-01-01 12:38 <REP> .
2008-01-01 12:38 <REP> ..
2008-01-01 12:38 <REP> Microsoft
2008-01-01 12:38 2,205,544 IconCache.db
1 fichier(s) 2,205,544 octets
3 Rép(s) 94,312,148,992 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\All Users\Application Data

2002-09-10 10:43 <REP> .
2002-09-10 10:43 <REP> ..
2007-06-13 20:26 <REP> Adobe
2007-06-13 20:31 <REP> Adobe Systems
2007-10-06 19:49 <REP> Apple
2007-09-12 15:43 <REP> Apple Computer
2008-01-01 17:28 <REP> Avira
2007-07-04 15:06 <REP> BufferZone
2007-04-22 12:49 <REP> CyberLink
2007-07-21 16:03 <REP> Escape From Paradise
2007-12-22 12:08 <REP> FLEXnet
2007-07-07 15:05 <REP> Google
2008-01-01 13:12 <REP> Grisoft
2007-10-13 12:56 <REP> HipSoft
2007-04-24 11:07 <REP> HP
2002-09-10 10:43 <REP> Microsoft
2007-08-14 12:54 <REP> MSN6
2007-09-22 13:25 <REP> MSScanAppDataDir
2007-07-21 19:07 <REP> NannyMania
2007-07-21 09:58 <REP> Oberon Games
2007-07-18 14:13 <REP> PlayFirst
2007-09-29 19:38 <REP> Sandlot Games
2002-09-10 11:11 <REP> SBSI
2007-08-09 20:46 <REP> SpinTop Games
2007-05-25 15:48 <REP> Spybot - Search & Destroy
2007-07-18 14:33 <REP> TEMP
2007-04-22 12:40 <REP> Ulead Systems
2007-04-28 17:08 <REP> Windows Genuine Advantage
2007-10-28 09:44 <REP> Windows Live Toolbar
2007-07-04 12:49 <REP> WindowsLiveInstaller
2007-07-04 12:49 <REP> WLInstaller
2007-07-18 13:55 <REP> Zylom
2008-01-01 17:32 305 addr_file.html
2002-09-10 10:43 62 desktop.ini
2007-04-24 10:58 849 hpzinstall.log
3 fichier(s) 1,216 octets
32 Rép(s) 94,312,148,992 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Cynthia\Application Data

2007-08-15 16:50 <REP> .
2007-08-15 16:50 <REP> ..
2007-08-15 16:50 <REP> Adobe
2007-09-24 16:07 <REP> DesktopPlayer
2007-08-15 16:51 <REP> HP
2007-08-15 16:50 <REP> Identities
2007-08-15 16:50 <REP> InterTrust
2007-10-17 15:48 <REP> LimeWire
2007-08-15 16:58 <REP> Macromedia
2007-08-15 16:50 <REP> Microsoft
2007-08-15 16:57 <REP> Mozilla
2007-08-25 15:21 <REP> Sun
2007-08-24 22:45 <REP> vlc
2007-10-10 14:00 <REP> Windows Desktop Search
2007-09-12 12:27 <REP> Zylom
2007-08-15 16:50 62 desktop.ini
1 fichier(s) 62 octets
15 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Cynthia\Local Settings\Application Data

2007-08-15 16:50 <REP> .
2007-08-15 16:50 <REP> ..
2007-09-12 15:43 <REP> Apple
2007-09-12 15:42 <REP> Apple Computer
2007-08-15 17:00 <REP> Google
2007-10-10 14:00 <REP> Identities
2007-08-20 20:53 <REP> IM
2007-08-15 16:50 <REP> Microsoft
2007-08-15 16:57 <REP> Mozilla
2007-09-14 19:05 <REP> Multi_Media_France
2007-08-15 17:05 <REP> PCHealth
2007-09-14 19:05 <REP> Secured_eMule
2007-09-01 18:22 6,144 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-08-15 16:51 91,544 GDIPFONTCACHEV1.DAT
2007-08-15 16:50 3,772,362 IconCache.db
3 fichier(s) 3,870,050 octets
12 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Default User\Application Data

2002-09-10 10:43 <REP> .
2002-09-10 10:43 <REP> ..
2007-04-22 13:23 <REP> Adobe
2007-04-22 13:23 <REP> Identities
2007-04-22 13:23 <REP> InterTrust
2002-09-10 10:43 <REP> Microsoft
2002-09-10 10:43 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

2002-09-10 10:43 <REP> .
2002-09-10 10:43 <REP> ..
2007-04-22 13:23 <REP> Microsoft
2007-04-22 13:23 2,688,838 IconCache.db
1 fichier(s) 2,688,838 octets
3 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Joanie\Application Data

2007-08-12 08:36 <REP> .
2007-08-12 08:36 <REP> ..
2007-08-12 08:36 <REP> Adobe
2007-08-12 08:37 <REP> HP
2007-08-12 08:36 <REP> Identities
2007-08-12 08:36 <REP> InterTrust
2007-08-12 08:36 <REP> Microsoft
2007-08-12 08:36 62 desktop.ini
1 fichier(s) 62 octets
7 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Joanie\Local Settings\Application Data

2007-08-12 08:36 <REP> .
2007-08-12 08:36 <REP> ..
2007-08-12 08:36 <REP> Microsoft
2007-08-12 08:36 90,360 GDIPFONTCACHEV1.DAT
2007-08-12 08:36 3,242,028 IconCache.db
2 fichier(s) 3,332,388 octets
3 Rép(s) 94,312,144,896 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Jrme

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Jrme\Local Settings

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Jérôme\Application Data

2007-04-22 13:23 <REP> .
2007-04-22 13:23 <REP> ..
2007-04-22 13:23 <REP> Adobe
2007-10-03 16:45 <REP> Adssite Advanced Toolbar
2007-09-14 09:53 <REP> Apple Computer
2007-06-09 19:52 <REP> Enc64owns
2008-01-01 13:13 <REP> Grisoft
2007-08-11 14:50 <REP> gtk-2.0
2007-07-15 13:08 <REP> Help
2007-12-27 14:53 <REP> Home Sweet Home
2007-04-24 11:10 <REP> HP
2007-04-22 13:23 <REP> Identities
2007-11-12 17:09 <REP> Image Zone Express
2007-07-23 20:57 <REP> IMVU
2007-04-22 13:23 <REP> InterTrust
2007-09-25 15:42 <REP> LimeWire
2007-04-22 16:59 <REP> Macromedia
2007-04-22 13:23 <REP> Microsoft
2007-04-23 10:56 <REP> Mozilla
2007-08-14 12:54 <REP> MSN6
2007-07-28 15:07 <REP> My Games
2007-10-03 17:52 <REP> NeroVision
2007-07-18 14:13 <REP> PlayFirst
2007-11-12 17:09 <REP> Printer Info Cache
2007-05-27 10:54 <REP> Real
2007-06-08 22:04 <REP> SecuROM
2007-05-06 15:00 <REP> Sun
2007-10-16 15:45 <REP> VERITAS
2007-05-06 14:31 <REP> vlc
2007-10-10 16:59 <REP> Windows Desktop Search
2007-05-29 19:14 <REP> WinRAR
2007-07-28 15:07 <REP> Zylom
2007-04-22 13:23 62 desktop.ini
1 fichier(s) 62 octets
32 Rép(s) 94,312,140,800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Jérôme\Local Settings\Application Data

2007-04-22 13:23 <REP> .
2007-04-22 13:23 <REP> ..
2007-06-13 20:32 <REP> Adobe
2007-09-15 19:23 <REP> Apple
2007-09-14 09:52 <REP> Apple Computer
2007-07-22 17:05 <REP> Axialis
2007-07-07 15:05 <REP> Google
2007-07-15 13:08 <REP> Help
2007-04-28 11:18 <REP> Identities
2007-04-22 16:55 <REP> IM
2007-04-22 13:23 <REP> Microsoft
2007-04-23 10:57 <REP> Mozilla
2007-06-09 19:51 <REP> Multi_Media_France
2007-09-23 09:33 <REP> Online_TV
2007-07-17 16:02 <REP> PCHealth
2007-10-29 16:03 <REP> Secured_eMule
2007-10-28 13:20 <REP> Secured_eMule(2)
2007-05-06 14:25 16,384 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-04-24 10:58 91,544 GDIPFONTCACHEV1.DAT
2007-04-22 13:23 1,930,984 IconCache.db
3 fichier(s) 2,038,912 octets
17 Rép(s) 94,312,140,800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\LocalService\Application Data

2002-09-10 10:59 <REP> .
2002-09-10 10:59 <REP> ..
2002-09-10 10:59 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 94,312,140,800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

2002-09-10 10:59 <REP> .
2002-09-10 10:59 <REP> ..
2002-09-10 10:59 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 94,312,140,800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\NetworkService\Application Data

2002-09-10 10:59 <REP> .
2002-09-10 10:59 <REP> ..
2002-09-10 10:59 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 94,312,140,800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

2002-09-10 10:59 <REP> .
2002-09-10 10:59 <REP> ..
2007-09-22 19:23 <REP> Apple
2002-09-10 10:59 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Propriétaire\Application Data

2002-09-10 11:00 <REP> .
2002-09-10 11:00 <REP> ..
2007-04-22 12:39 <REP> Adobe
2002-09-10 11:00 <REP> Identities
2007-04-22 12:39 <REP> InterTrust
2002-09-10 11:00 <REP> Microsoft
2002-09-10 11:00 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Propriétaire\Local Settings\Application Data

2002-09-10 11:00 <REP> .
2002-09-10 11:00 <REP> ..
2002-09-10 11:00 <REP> Microsoft
2002-09-10 11:24 2,688,838 IconCache.db
1 fichier(s) 2,688,838 octets
3 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Sylvie\Application Data

2007-04-26 07:25 <REP> .
2007-04-26 07:25 <REP> ..
2007-04-26 07:25 <REP> Adobe
2007-04-26 07:25 <REP> HP
2007-04-26 07:25 <REP> Identities
2007-04-26 07:25 <REP> InterTrust
2007-06-23 12:07 <REP> Macromedia
2007-04-26 07:25 <REP> Microsoft
2007-06-23 12:04 <REP> Mozilla
2007-10-19 05:41 <REP> Windows Desktop Search
2007-04-26 07:25 62 desktop.ini
1 fichier(s) 62 octets
10 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Documents and Settings\Sylvie\Local Settings\Application Data

2007-04-26 07:25 <REP> .
2007-04-26 07:25 <REP> ..
2007-04-26 07:25 <REP> Microsoft
2007-06-23 12:04 <REP> Mozilla
2007-05-19 10:21 87,944 GDIPFONTCACHEV1.DAT
2007-04-26 07:25 4,319,932 IconCache.db
2 fichier(s) 4,407,876 octets
4 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

2002-09-10 10:58 <REP> .
2002-09-10 10:58 <REP> ..
2007-04-22 13:23 <REP> Adobe
2007-04-22 13:23 <REP> Identities
2007-04-22 13:23 <REP> InterTrust
2002-09-10 10:58 <REP> Microsoft
2002-09-10 10:58 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 94,312,136,704 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

2002-09-10 10:58 <REP> .
2002-09-10 10:58 <REP> ..
2007-04-22 13:23 <REP> Microsoft
2007-10-10 12:30 <REP> WindowsLiveInstaller
2007-04-22 13:23 2,688,838 IconCache.db
1 fichier(s) 2,688,838 octets
4 Rép(s) 94,312,136,704 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
s  €! : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - t a s k  S Y S T E M    0 ×


C:\WINDOWS\Tasks\Vérifier
Vérifier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 3088-573C

Répertoire de C:\Program Files

2008-01-01 21:38 <REP> .
2008-01-01 21:38 <REP> ..
2007-12-22 12:04 <REP> Adobe
2007-11-13 09:44 <REP> Adssite Advanced Toolbar
2007-10-29 16:13 <REP> Ahead
2007-04-22 13:26 <REP> Alwil Software
2007-10-06 19:49 <REP> Apple Software Update
2007-12-25 23:39 <REP> Atari
2007-04-22 12:41 <REP> Audioneer
2007-04-22 12:40 <REP> BackWeb
2007-07-04 16:40 <REP> BitTorrent Fastest Tool
2007-12-22 12:02 <REP> Bonjour
2007-05-27 09:32 <REP> CD Audio Reader Filter
2002-09-10 10:50 <REP> ComPlus Applications
2007-07-18 15:08 <REP> Conquest_at
2007-04-22 12:49 <REP> CyberLink
2007-05-30 16:44 <REP> Dekovir.com
2007-07-18 15:08 <REP> DesignPro 2000
2007-05-27 09:30 <REP> DirectVobSub
2007-07-18 15:08 <REP> DivX
2007-07-18 15:09 <REP> DScaler5
2007-05-27 09:30 <REP> DS-MP3 Source
2007-06-09 19:52 <REP> Enc64owns
2007-12-27 15:47 <REP> Fichiers communs
2007-08-14 11:10 <REP> FileZilla
2007-12-27 15:47 <REP> Gamenext
2008-01-01 17:28 <REP> Grisoft
2007-05-27 09:31 <REP> Haali
2007-04-22 12:45 <REP> HandyBits
2007-09-28 16:25 <REP> Hatier
2007-04-24 11:05 <REP> Hewlett-Packard
2007-11-10 17:37 <REP> HomePlayer1.5.2
2007-04-24 11:07 <REP> HP
2007-04-22 19:08 <REP> IncrediMail
2008-01-01 12:50 <REP> Internet Explorer
2007-11-03 17:29 <REP> Java
2007-10-29 16:03 <REP> Java(2)
2007-10-17 15:21 <REP> LG Electronics
2007-10-29 16:11 <REP> LGGSM
2008-01-01 00:17 <REP> LimeWire
2007-09-26 18:41 <REP> Messenger
2002-09-10 10:55 <REP> microsoft frontpage
2007-04-22 12:45 <REP> Microsoft Money
2007-04-23 10:35 <REP> Microsoft Office
2007-04-23 10:35 <REP> Microsoft Visual Studio
2007-04-23 10:35 <REP> Microsoft Works
2007-04-23 10:36 <REP> Microsoft.NET
2007-04-22 12:32 <REP> MouseWare
2007-07-18 15:09 <REP> Movie Maker
2008-01-01 21:41 <REP> Mozilla Firefox
2002-09-10 10:49 <REP> MSN
2007-10-29 16:01 <REP> MSN Apps(2)
2002-09-10 10:49 <REP> MSN Gaming Zone
2007-04-28 17:00 <REP> MSXML 4.0
2007-09-26 12:09 <REP> Multi_Media_France
2008-01-01 17:37 <REP> MultiMedia France Toolbar
2007-07-21 10:47 <REP> NetMeeting
2007-11-20 13:48 <REP> Online_TV
2007-05-27 09:31 <REP> OpenSource Flash Video Splitter
2007-06-13 21:56 <REP> Outlook Express
2007-05-30 13:55 <REP> Player Tool
2007-05-27 10:57 <REP> Real
2007-11-05 17:52 <REP> RealMedia
2007-05-27 12:25 <REP> ReflexiveArcade
2007-08-05 08:02 <REP> Ricochet Xtreme
2007-05-27 10:57 774,144 RngInterstitial.dll
2007-04-22 12:39 <REP> SBApps
2007-10-02 15:29 <REP> Secured eMule
2007-11-20 13:48 <REP> Secured_eMule
2002-09-10 10:49 <REP> Services en ligne
2007-05-27 09:31 <REP> SHOUTcast Source
2007-05-25 15:54 <REP> Spybot - Search & Destroy
2008-01-01 17:40 <REP> Trend Micro
2007-06-30 20:11 <REP> TRUST 320 SPACEC@M
2007-04-22 12:40 <REP> Ulead Systems
2007-10-29 16:05 <REP> USB Drum
2007-08-23 18:05 <REP> VideoLAN
2007-04-22 12:45 <REP> Virtual CD v4 SDK
2007-10-10 13:07 <REP> Windows Desktop Search
2007-11-28 07:06 <REP> Windows Live
2007-12-19 06:42 <REP> Windows Live Favorites
2008-01-01 00:17 <REP> Windows Live Toolbar
2007-07-21 10:47 <REP> Windows Media Connect 2
2007-07-21 10:47 <REP> Windows Media Player
2007-04-29 10:55 <REP> Windows NT
2007-07-21 10:47 <REP> WinRAR
2002-09-10 10:55 <REP> xerox
2007-10-23 19:27 <REP> Zylom Games
1 fichier(s) 774,144 octets
87 Rép(s) 94,312,128,512 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY 00000000
*.zylomgames.com REG_BINARY 00000000
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\JRâME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LUJ2WSRV.DEFAULT\HOSTPERM.1
host popup 1 www.ultimate-guitar.com
host popup 1 www2.jeux.com
host popup 1 programmes.france3.fr
host popup 1 www.hornygamer.com
host popup 1 actionssolidaires.msn.fr
host popup 1 www.1980-games.com
host popup 1 www.planete-ados.com
host popup 1 toowam.france3.fr
host popup 1 www.johnlouly.com
host popup 1 www.puydufou.com
host popup 1 www.tf1.fr
host popup 1 jt.france3.fr
host popup 1 www.skyrock.fm
host popup 1 www.jeux.fr
host popup 1 www.fillestv.com
host popup 1 www.911tabs.com

******************************************
## Registre

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Puis, celui de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47, on 2008-01-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Annabac Série S 2001 - Planning .lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jérôme\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 7 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
1 janv. 2008 à 22:12
Re,

1/ Désinstalle ceci dans ajout/suppression des programmes : Adssite Advanced Toolbar

2/ Redémarre le pc et supprime ceci :
C:\Program Files\Adssite Advanced Toolbar

3/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

4/ Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

5/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

6/ Edite les rapports demandés (AVGantispyware, Kaspersky).

7/ Dis-moi comment le pc se porte.

FillPCA
0
Réponse 8 / 24
Utilisateur anonyme
1 janv. 2008 à 23:52
Re,

Voici le rapport d'AVG Anti-Spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:07 2008-01-01

+ Résultat de l'analyse:



C:\QooBox\Quarantine\catchme2008-01-01_211222.62.zip/cnetcf.dll -> Trojan.BHO.agz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP321\A0047874.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

Pour l'instant, je ne ferai que ce rapport - N'a pas vu l'heure passée -
Je ferai l'autre scan demain matin.

Merci beaucoup de m'avoir aidée aujourd'hui et passez une bonne nuit
0
Réponse 9 / 24
Utilisateur anonyme
2 janv. 2008 à 09:58
Bonjour,

Voici le rapport de Kaspersky :

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 02, 2008 9:56:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501328
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 86811
Number of viruses found 8
Number of infected objects 20
Number of suspicious objects 0
Duration of the scan process 01:41:18

Infected Object Name Virus Name Last Action
C:\APPS\ActivSurf\4448364\Users\Default\Data\chandir.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\chandir.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\chn.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\chn.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\inuse.txt Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\main.log Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_die.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_die.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\storydb.dat Object is locked skipped
C:\APPS\ActivSurf\4448364\Users\Default\Data\storydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.65.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.65.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl155.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy55.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf7.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_818.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\history.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\key3.db Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jérôme\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe/data0000.bin/stream/data0006 Infected: not-a-virus:AdWare.Win32.NaviPromo.ce skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe/data0000.bin/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.ce skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.NaviPromo.ce skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe EmbeddedEXE: infected - 3 skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe UPX: infected - 3 skipped
C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\Jérôme\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\Working\database_4C30_8864_3088_573C\dfsr.db Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\Working\database_4C30_8864_3088_573C\fsr.log Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\Working\database_4C30_8864_3088_573C\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Messenger\pot_de_miel@msn.com\SharingMetadata\Working\database_4C30_8864_3088_573C\tmp.edb Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Windows Live Contacts\pot_de_miel@msn.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Microsoft\Windows Live Contacts\pot_de_miel@msn.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Application Data\Mozilla\Firefox\Profiles\luj2wsrv.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Historique\History.IE5\MSHist012008010220080103\index.dat Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temp\~DF7C44.tmp Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temp\~DF7D0C.tmp Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temp\~DF8F15.tmp Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temp\~DF8F3E.tmp Object is locked skipped
C:\Documents and Settings\Jérôme\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jérôme\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jérôme\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jérôme\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll Infected: not-a-virus:AdWare.Win32.BHO.pm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\lzlywpip.dat.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nsk188.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.zn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nss36.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.yr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP322\A0047965.exe/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP322\A0047965.exe/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP322\A0047965.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP324\A0048078.dll Infected: not-a-virus:AdWare.Win32.Agent.zn skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP324\A0048079.dll Infected: not-a-virus:AdWare.Win32.Agent.yr skipped
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP325\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\WINDOWS\RESTORE.INS ARJ: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{83B797C9-93A8-41A5-BB7F-EFCAA1A63DDA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\WINDOWS\system\RESTORE.INS ARJ: infected - 1 skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\Dcads_sidebar.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Sinon, l'ordi se porte bien, mais j'ai 7 virus sur mon ordinateur, et Avast n'en a vu qu'un seul...
0
Réponse 10 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
2 janv. 2008 à 10:28
Re,

Webmediaplayer est une vérole.

* Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\system32\Dcads_sidebar.dll

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Edite ce rapport.

FillPCA
0
Réponse 11 / 24
maya
2 janv. 2008 à 18:33
Bonsoir meilleur voeux à tous je crois que je suis dans la meme situation que d'autres personnes avec le virus win32:BHO-KD

voici le rapport avec hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:20, on 02/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6FD234EC-D74E-452F-99D8-02983A535373} - c:\windows\system32\dnsrslvrl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93558887-5D56-4C31-9661-1D41ED99D5FD} - C:\WINDOWS\System32\drprovw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe -s
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: yilmtsps - C:\WINDOWS\SYSTEM32\dnsrslvrl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
0
Réponse 12 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
2 janv. 2008 à 19:33
Bonjour,

Il faudrait que tu crées ton propre sujet.

FillPCA
0
Réponse 13 / 24
maya198313 Messages postés 7 Date d'inscription mercredi 2 janvier 2008 Statut Membre Dernière intervention 6 janvier 2008
2 janv. 2008 à 20:23
ah d'accord merci FillPCA je ne savais pas je viens de découvrir ce site
0
Réponse 14 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
2 janv. 2008 à 21:20
Pas de quoi.

FillPCA
0
Réponse 15 / 24
almara22
3 janv. 2008 à 19:24
Même soucis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:44, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Adeline BADOUAL\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EBAC387B-58DC-487B-93B4-98FD51666517} - C:\WINDOWS\system32\dbmsvin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O24 - Desktop Component 0: (no name) - http://l.yimg.com/eur.yimg.com/i/fr/hp/yfr.gif
0
Réponse 16 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
3 janv. 2008 à 19:42
Même réponse : crée ton sujet.
0
Réponse 17 / 24
Utilisateur anonyme
12 janv. 2008 à 11:59
Bonjour

Désolée si je ne réponds que maintenant, mais je n'étais plus disponible depuis le 2 Janvier é_è

Sinon, voici le rapport OT Move It

C:\Documents and Settings\Jérôme\Bureau\webmediaplayer_setup.exe moved successfully.
LoadLibrary failed for C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll NOT unregistered.
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll moved successfully.
C:\WINDOWS\system32\Dcads_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\Dcads_sidebar.dll moved successfully.

Created on 01-12-2008 11:57:17
0
Réponse 18 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
12 janv. 2008 à 12:08
Bonjour,

Comment le pc se porte ?

FillPCA
0
Réponse 19 / 24
Utilisateur anonyme
12 janv. 2008 à 12:09
Le Pc se porte bien. En tout cas, Avast ne détecte plus de Virus
0
Réponse 20 / 24
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
12 janv. 2008 à 12:14
Re,

* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarrer l'ordinateur.
4/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
5/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Ton infection : DELF ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM
6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses