Sujet Précédent Sujet Suivant

Pages CiD

Résolu
DianeAndD -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

Voilà cela fait plus de 4 mois au moins que je me trouve avec ces saletées de pub CiD qui s'affichenet tout le temps, j'ai tout essayé, nettoyages... mais rien n'y fait, je me lance donc à vous écrire,
J'ai bien installé HiJackThis et voici le rapport qu'il me donne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:09, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\SafeSoft\Chaos Shredder\Chaos Shredder.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.89.98.219 v.chiqing.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StatsTool - {0A2A22E9-C506-4079-94A9-3653B7927D69} - C:\Program Files\Anonystat\Anonystat-2.dll
O2 - BHO: ContextHelper - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-3.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ErrorHelper - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-2.dll
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BODY AMOK LIST FLAG] C:\Documents and Settings\All Users\Application Data\dupe global body amok\ATOMBIB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1125563802000.kit.sexequalite.com/11536/CD/NewHentai.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://monsite.club-internet.fr/album_admin/ActiveX/ImageUploader3.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer = 194.117.200.10,194.117.200.15
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

28 réponses

  • 1
  • 2
Réponse 1 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci: (by Moe) : http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe ; sur le bureau.
Double-clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à ce que l'on demande d'appuyer sur une touche ==> appuyer !
Une rapport sera alors créé, à copier/coller en entier sur le forum.

++
0
Réponse 2 / 28
DianeAndD
 
merci beaucoup de ton aide
Voici le rapport

Rapport Lopxp fait le 03/01/2008 à 10:45:00
Exécuté dans : C:\Program Files\Lopxp

Liste des processus actifs :

PID : 636 C:\WINDOWS\System32\smss.exe
PID : 688 C:\WINDOWS\system32\csrss.exe
PID : 724 C:\WINDOWS\system32\winlogon.exe
PID : 772 C:\WINDOWS\system32\services.exe
PID : 784 C:\WINDOWS\system32\lsass.exe
PID : 924 C:\WINDOWS\system32\Ati2evxx.exe
PID : 940 C:\WINDOWS\system32\svchost.exe
PID : 1076 C:\WINDOWS\system32\svchost.exe
PID : 1184 C:\WINDOWS\System32\svchost.exe
PID : 1252 C:\WINDOWS\system32\svchost.exe
PID : 1336 C:\WINDOWS\System32\svchost.exe
PID : 1520 C:\WINDOWS\system32\Ati2evxx.exe
PID : 1552 C:\WINDOWS\System32\svchost.exe
PID : 1612 C:\WINDOWS\Explorer.EXE
PID : 1808 C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
PID : 1972 C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
PID : 348 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
PID : 988 C:\WINDOWS\system32\spoolsv.exe
PID : 1572 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID : 1700 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PID : 1740 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PID : 1776 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PID : 144 C:\WINDOWS\System32\svchost.exe
PID : 2220 C:\WINDOWS\System32\alg.exe
PID : 2948 C:\windows\system\hpsysdrv.exe
PID : 2980 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PID : 2992 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PID : 3024 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PID : 3120 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PID : 3132 C:\Program Files\iTunes\iTunesHelper.exe
PID : 3148 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
PID : 3180 C:\WINDOWS\system32\ctfmon.exe
PID : 3192 C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID : 3592 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID : 2460 C:\Program Files\iPod\bin\iPodService.exe
PID : 2848 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PID : 2896 C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PID : 5604 C:\Program Files\Internet Explorer\iexplore.exe
PID : 1884 C:\WINDOWS\system32\cmd.exe
PID : 5364 C:\Program Files\Lopxp\tools\pv.exe

/!\ Suspect PID : 3192 iexplore.exe => C:\Documents and Settings\All Users\Application Data\dupe global body amok\mapiwmacity

___________________________________________________________________________

[Tâches planifiées]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Cr : 26/06/2007 à 17:32
Mo : 17/10/2007 à 15:38
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task

C:\WINDOWS\tasks\Norton Internet Security - Analyse système complète - Propriétaire.job

Fichier exécuté : C\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"

C:\WINDOWS\tasks\A87835C5918BAD89.job

Cr : 10/06/2007 à 00:12
Mo : 03/01/2008 à 10:00
Fichier exécuté : c:\docume~1\propri~1\applic~1\userbu~1\Settings Option Deaf.exe

___________________________________________________________________________

[Listing des dossiers Application Data]

cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)

+- C:\Documents and Settings\Administrateur\Application Data

cr: 15/10/2007 11:29:24 | mo: 02/01/2003 12:30:37 -=- Adobe ----= Adobe
cr: 15/10/2007 11:29:24 | mo: 02/01/2003 11:23:11 -=- IDENTI~1 -= Identities
cr: 15/10/2007 11:29:24 | mo: 02/01/2003 12:30:37 -=- INTERT~1 -= InterTrust
cr: 15/10/2007 11:29:24 | mo: 02/01/2003 11:48:23 -=- MICROS~1 -= Microsoft
cr: 15/10/2007 11:29:24 | mo: 02/01/2003 12:35:54 -=- SAMPLE~1 -= SampleView
cr: 15/10/2007 11:29:24 | mo: 02/01/2003 12:25:06 -=- Sonic ----= Sonic
cr: 15/10/2007 11:29:24 | mo: 01/01/2003 20:32:20 -=- Symantec -= Symantec

+- C:\Documents and Settings\Administrateur\Local Settings\Application Data

cr: 15/10/2007 11:29:24 | mo: 01/01/2003 11:37:31 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\All Users\Application Data

cr: 16/05/2006 18:11:06 | mo: 08/07/2007 20:35:44 -=- Adobe ----= Adobe
cr: 30/06/2007 11:42:56 | mo: 30/06/2007 11:42:56 -=- Apple ----= Apple
cr: 25/07/2004 17:47:07 | mo: 26/06/2007 17:32:52 -=- APPLEC~1 -= Apple Computer
cr: 10/01/2007 20:54:41 | mo: 01/07/2007 17:42:40 -=- CYBERL~1 -= CyberLink
cr: 09/12/2006 17:58:52 | mo: 03/09/2007 18:32:15 -=- DUPEGL~1 -= dupe global body amok
cr: 14/07/2004 17:46:08 | mo: 25/07/2004 17:56:40 -=- DVDSHR~1 -= DVD Shrink
cr: 30/09/2007 11:00:16 | mo: 30/09/2007 11:00:16 -=- Google ---= Google
cr: 02/02/2007 19:01:15 | mo: 02/02/2007 19:01:15 -=- HP -------= HP
cr: 14/10/2007 10:18:53 | mo: 14/10/2007 10:18:53 -=- MESSEN~1 -= Messenger Plus!
cr: 02/01/2003 11:14:15 | mo: 31/12/2006 11:44:46 -=- MICROS~1 -= Microsoft
cr: 29/09/2007 17:43:35 | mo: 29/09/2007 17:43:35 -=- Mozilla --= Mozilla
cr: 07/01/2004 12:34:16 | mo: 07/01/2004 12:34:16 -=- MSN6 -----= MSN6
cr: 22/01/2006 18:22:03 | mo: 22/01/2006 18:22:04 -=- MUVEET~1 -= muvee Technologies
cr: 20/07/2007 14:54:41 | mo: 20/07/2007 14:54:41 -=- OFFICE~1 -= Office Genuine Advantage
cr: 23/04/2006 10:04:47 | mo: 31/12/2006 11:43:49 -=- PCSUIT~1 -= PC Suite
cr: 25/12/2006 10:15:26 | mo: 26/12/2006 12:39:22 -=- Pinnacle -= Pinnacle
cr: 25/12/2006 10:17:47 | mo: 26/12/2006 12:40:40 -=- PINNAC~1 -= Pinnacle Studio
cr: 25/07/2004 17:47:23 | mo: 09/04/2005 17:16:11 -=- QUICKT~1 -= QuickTime
cr: 02/01/2003 11:29:01 | mo: 02/01/2003 11:29:01 -=- SBSI -----= SBSI
cr: 12/05/2006 17:47:55 | mo: 12/05/2006 17:47:55 -=- Skype ----= Skype
cr: 01/01/2003 20:32:11 | mo: 03/01/2008 10:37:34 -=- Symantec -= Symantec
cr: 31/05/2006 06:15:26 | mo: 31/05/2006 06:15:26 -=- WINDOW~1 -= Windows Genuine Advantage
cr: 04/02/2007 11:17:58 | mo: 04/02/2007 11:17:58 -=- WINDOW~2 -= Windows Live Toolbar
cr: 03/01/2008 10:10:20 | mo: 03/01/2008 10:10:20 -=- YAHOO!~1 -= Yahoo! Companion

+- C:\Documents and Settings\Default User\Application Data

cr: 07/01/2004 12:05:32 | mo: 02/01/2003 12:30:37 -=- Adobe ----= Adobe
cr: 20/11/2007 20:03:02 | mo: 20/11/2007 20:03:02 -=- APPLEC~1 -= Apple Computer
cr: 02/01/2003 11:23:11 | mo: 02/01/2003 11:23:11 -=- IDENTI~1 -= Identities
cr: 07/01/2004 12:05:32 | mo: 02/01/2003 12:30:37 -=- INTERT~1 -= InterTrust
cr: 02/01/2003 11:14:15 | mo: 02/01/2003 11:48:23 -=- MICROS~1 -= Microsoft
cr: 07/01/2004 12:05:32 | mo: 02/01/2003 12:35:54 -=- SAMPLE~1 -= SampleView
cr: 07/01/2004 12:05:32 | mo: 02/01/2003 12:25:06 -=- Sonic ----= Sonic
cr: 07/01/2004 12:05:32 | mo: 01/01/2003 20:32:20 -=- Symantec -= Symantec

+- C:\Documents and Settings\Default User\Local Settings\Application Data

cr: 20/11/2007 20:02:27 | mo: 20/11/2007 20:03:02 -=- APPLEC~1 -= Apple Computer
cr: 07/01/2004 12:05:32 | mo: 01/01/2003 11:37:31 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\LocalService\Application Data

cr: 02/01/2003 11:27:03 | mo: 25/12/2006 11:15:10 -=- MICROS~1 -= Microsoft
cr: 29/09/2006 14:44:55 | mo: 29/09/2006 14:44:55 -=- Symantec -= Symantec

+- C:\Documents and Settings\LocalService\Local Settings\Application Data

cr: 02/01/2003 11:27:03 | mo: 27/12/2004 10:50:45 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\NetworkService\Application Data

cr: 02/01/2003 11:27:02 | mo: 09/04/2005 07:43:12 -=- MICROS~1 -= Microsoft
cr: 31/01/2005 11:28:28 | mo: 31/01/2005 11:28:28 -=- Symantec -= Symantec

+- C:\Documents and Settings\NetworkService\Local Settings\Application Data

cr: 02/07/2007 12:18:01 | mo: 02/07/2007 12:18:01 -=- Apple ----= Apple
cr: 02/01/2003 11:27:02 | mo: 01/02/2005 19:55:58 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\Propri‚taire\Local Settings\Application Data

cr: 24/05/2007 17:27:51 | mo: 24/05/2007 17:27:51 -=- MICROS~1 -= Microsoft

___________________________________________________________________________

[Listing du dossier Program Files]

+- C:\Program Files

cr: 10/06/2006 12:00:24 | mo: 08/07/2007 20:34:50 -=- Adobe ----= Adobe
cr: 25/12/2006 11:00:19 | mo: 25/12/2006 11:00:24 -=- ADORAG~1 -= AdorageI-SAL
cr: 13/03/2006 20:09:42 | mo: 13/03/2006 20:09:42 -=- AGD ------= AGD
cr: 10/01/2004 19:48:33 | mo: 27/07/2005 11:18:51 -=- Ahead ----= Ahead
cr: 08/10/2006 18:38:16 | mo: 08/10/2006 18:38:16 -=- AIST -----= AIST
cr: 04/08/2005 08:31:33 | mo: 04/08/2005 08:31:33 -=- Alsyd ----= Alsyd
cr: 22/05/2007 22:05:50 | mo: 03/01/2008 07:50:35 -=- ANONYS~1 -= Anonystat
cr: 07/05/2006 09:26:43 | mo: 07/05/2006 09:56:28 -=- ANTI-B~1.18 -= Anti-Blaxx 1.18
cr: 19/08/2007 17:46:28 | mo: 14/09/2007 07:59:57 -=- APPLES~1 -= Apple Software Update
cr: 26/02/2006 19:25:41 | mo: 26/02/2006 19:29:59 -=- ASCIIA~1 -= ASCII Art Generator
cr: 05/01/2007 23:56:51 | mo: 09/05/2007 18:54:00 -=- ASTONS~1 -= Astonsoft
cr: 07/01/2004 12:06:53 | mo: 19/07/2006 09:57:07 -=- ATITEC~1 -= ATI Technologies
cr: 22/01/2006 18:18:38 | mo: 22/01/2006 18:18:39 -=- Autofr ---= Autofr
cr: 10/06/2007 15:36:20 | mo: 13/06/2007 09:25:04 -=- BITTOR~2 -= BitTorrent
cr: 04/01/2006 16:17:25 | mo: 04/01/2006 16:17:25 -=- BLACKS~1.NET -= BlackSunSoft.net
cr: 30/01/2005 18:08:30 | mo: 02/04/2005 12:49:05 -=- BLAXXU~1 -= blaxxun Contact
cr: 12/06/2007 17:44:36 | mo: 13/06/2007 09:57:47 -=- BSPLAY~1 -= BSplayer_WhenUSave_Installer
cr: 14/10/2007 09:11:55 | mo: 14/10/2007 09:11:55 -=- CCleaner -= CCleaner
cr: 05/06/2006 19:40:07 | mo: 05/06/2006 19:40:07 -=- CMDATA~1 -= CM Data Software
cr: 02/01/2003 11:19:39 | mo: 02/01/2003 11:19:39 -=- COMPLU~1 -= ComPlus Applications
cr: 22/05/2007 22:05:13 | mo: 03/01/2008 10:37:32 -=- CONTEX~1 -= ContextTool
cr: 02/03/2007 20:09:40 | mo: 04/03/2007 20:34:32 -=- CREATU~1 -= Creatures 2
cr: 12/01/2004 19:44:52 | mo: 01/07/2007 17:42:41 -=- CYBERL~1 -= CyberLink
cr: 23/04/2006 10:06:23 | mo: 31/12/2006 11:41:14 -=- DIFX -----= DIFX
cr: 29/01/2005 16:24:30 | mo: 29/01/2005 16:24:30 -=- directx --= directx
cr: 07/12/2006 21:13:13 | mo: 30/09/2007 10:59:58 -=- DivX -----= DivX
cr: 03/11/2004 19:57:13 | mo: 28/06/2007 18:19:53 -=- EAGAME~1 -= EA Games
cr: 02/01/2003 12:35:40 | mo: 17/01/2006 20:00:09 -=- EASYIN~1 -= Easy Internet signup
cr: 04/07/2004 20:52:35 | mo: 04/07/2004 20:52:35 -=- EIDOSI~1 -= Eidos Interactive
cr: 03/07/2006 19:20:28 | mo: 03/07/2006 19:39:20 -=- eMule ----= eMule
cr: 22/05/2007 22:05:34 | mo: 03/01/2008 07:50:38 -=- ERRORS~1 -= ErrorsTool
cr: 04/06/2006 18:10:40 | mo: 16/07/2006 10:03:15 -=- FAKEWE~1 -= Fake Webcam
cr: 02/01/2003 11:14:50 | mo: 20/10/2007 18:15:54 -=- FICHIE~1 -= Fichiers communs
cr: 25/05/2006 20:36:16 | mo: 03/07/2006 19:12:55 -=- FlashGet -= FlashGet
cr: 23/05/2007 17:38:56 | mo: 23/05/2007 17:38:56 -=- GOA ------= GOA
cr: 11/03/2005 19:56:50 | mo: 13/01/2007 08:06:36 -=- Google ---= Google
cr: 02/02/2007 18:56:04 | mo: 02/02/2007 19:46:13 -=- HEWLET~1 -= Hewlett-Packard
cr: 02/02/2007 18:25:28 | mo: 02/02/2007 19:54:38 -=- HP -------= HP
cr: 22/01/2006 18:19:43 | mo: 15/02/2006 12:07:11 -=- HTVIDE~1.0 -------= HT Video Editor 6.0
cr: 19/03/2006 12:42:21 | mo: 19/03/2006 12:42:50 -=- Icons ----= Icons
cr: 02/01/2003 12:25:53 | mo: 09/10/2007 19:32:10 -=- INSTAL~1 -= InstallShield Installation Information
cr: 09/01/2004 21:07:22 | mo: 07/11/2006 21:22:13 -=- INTERA~1 -= InterActual
cr: 02/01/2003 11:19:57 | mo: 11/12/2007 22:52:25 -=- INTERN~1 -= Internet Explorer
cr: 02/01/2003 12:25:53 | mo: 07/01/2004 12:09:11 -=- INTERV~1 -= InterVideo
cr: 10/10/2007 15:49:25 | mo: 10/10/2007 15:49:26 -=- iPod -----= iPod
cr: 16/05/2004 18:56:08 | mo: 26/12/2004 18:55:47 -=- ISpy -----= ISpy
cr: 10/10/2007 15:49:18 | mo: 10/10/2007 15:49:37 -=- iTunes ---= iTunes
cr: 26/03/2006 17:33:25 | mo: 26/03/2006 17:33:51 -=- JASCSO~1 -= Jasc Software Inc
cr: 02/01/2003 12:42:39 | mo: 10/12/2007 13:17:51 -=- Java -----= Java
cr: 29/01/2005 16:23:00 | mo: 14/10/2007 10:55:30 -=- Labtec ---= Labtec
cr: 29/08/2004 19:49:42 | mo: 29/08/2004 19:49:42 -=- LASERM~1 -= Lasermedia
cr: 19/07/2006 12:39:48 | mo: 19/07/2006 12:39:48 -=- Lavasoft -= Lavasoft
cr: 27/12/2004 13:25:24 | mo: 10/10/2007 21:35:20 -=- LimeWire -= LimeWire
cr: 16/09/2006 10:42:27 | mo: 16/09/2006 11:11:47 -=- LIVREA~1 -= Livre Album Fuji Photo
cr: 03/01/2008 10:44:31 | mo: 03/01/2008 10:45:05 -=- Lopxp ----= Lopxp
cr: 18/01/2004 11:34:02 | mo: 31/12/2004 18:03:54 -=- Maxis ----= Maxis
cr: 04/06/2006 18:13:30 | mo: 18/07/2006 19:59:15 -=- MEEGOS~1 -= Meegos Creator
cr: 02/01/2003 11:18:44 | mo: 05/11/2006 16:13:51 -=- MESSEN~1 -= Messenger
cr: 14/10/2007 10:07:39 | mo: 03/01/2008 10:10:16 -=- MESSEN~3 -= Messenger Plus! Live
cr: 24/04/2005 08:18:23 | mo: 16/04/2006 15:16:17 -=- MESSEN~2 -= MessengerPlus! 3
cr: 25/01/2007 20:45:41 | mo: 26/01/2007 07:09:52 -=- MESSEN~4 -= MessengerSkinner
cr: 06/01/2005 19:01:34 | mo: 15/01/2007 19:39:13 -=- MICROA~1 -= Micro Application
cr: 09/05/2007 06:35:54 | mo: 09/05/2007 06:35:54 -=- MICROS~1.2 -= Microsoft CAPICOM 2.1.0.2
cr: 02/01/2003 11:23:14 | mo: 02/01/2003 11:23:14 -=- MICROS~1 -= microsoft frontpage
cr: 08/04/2006 11:14:31 | mo: 08/04/2006 11:14:31 -=- MICROS~2 -= Microsoft Office
cr: 25/12/2006 10:34:07 | mo: 25/12/2006 10:34:07 -=- MICROS~3 -= Microsoft SQL Server
cr: 01/01/2003 11:37:33 | mo: 01/01/2003 11:38:01 -=- MICROS~4 -= Microsoft Works
cr: 07/01/2004 12:36:32 | mo: 24/01/2004 17:55:19 -=- MONTEC~1 -= Monte Cristo
cr: 02/01/2003 11:20:03 | mo: 27/02/2007 12:38:47 -=- MOVIEM~1 -= Movie Maker
cr: 29/09/2007 17:43:42 | mo: 09/10/2007 19:28:03 -=- MOZILL~1 -= Mozilla Firefox
cr: 02/01/2003 11:18:42 | mo: 02/01/2003 11:18:42 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 29/04/2006 07:40:52 | mo: 16/10/2007 21:09:48 -=- MSNMES~1 -= MSN Messenger
cr: 18/11/2006 22:15:40 | mo: 18/11/2006 22:15:40 -=- MSXML4~1.0 -= MSXML 4.0
cr: 12/11/2006 16:51:45 | mo: 12/11/2006 17:33:08 -=- Neodivx --= Neodivx
cr: 29/11/2005 19:17:06 | mo: 29/11/2005 19:17:06 -=- Nero -----= Nero
cr: 02/01/2003 11:20:00 | mo: 29/01/2005 20:18:44 -=- NETMEE~1 -= NetMeeting
cr: 12/12/2005 22:22:41 | mo: 31/08/2007 16:39:57 -=- Nokia ----= Nokia
cr: 03/02/2005 16:30:43 | mo: 29/01/2007 17:03:09 -=- NORTON~1 -= Norton AntiVirus
cr: 29/01/2007 17:24:48 | mo: 22/11/2007 07:56:12 -=- NORTON~2 -= Norton Internet Security
cr: 26/09/2007 18:26:40 | mo: 28/09/2007 07:17:08 -=- OPENOF~1.3 -= OpenOffice.org 2.3
cr: 12/01/2006 17:39:07 | mo: 12/01/2006 18:32:27 -=- ORANGE~1 -= Orange Messenger
cr: 02/01/2003 11:20:00 | mo: 13/06/2007 10:19:58 -=- OUTLOO~1 -= Outlook Express
cr: 31/12/2006 11:41:02 | mo: 31/12/2006 11:41:04 -=- PCCONN~1 -= PC Connectivity Solution
cr: 16/05/2006 17:16:01 | mo: 14/10/2007 10:35:30 -=- Picasa2 --= Picasa2
cr: 25/12/2006 10:15:23 | mo: 02/04/2007 17:49:01 -=- Pinnacle -= Pinnacle
cr: 20/05/2007 16:10:14 | mo: 20/05/2007 16:10:14 -=- PINNAC~1 -= Pinnacle Systems
cr: 19/03/2006 12:09:09 | mo: 19/03/2006 12:09:09 -=- Plus! ----= Plus!
cr: 17/12/2005 09:54:37 | mo: 17/12/2005 09:54:37 -=- Polaroid -= Polaroid
cr: 25/12/2006 11:08:32 | mo: 25/12/2006 11:08:32 -=- proDAD ---= proDAD
cr: 30/06/2007 11:44:26 | mo: 18/07/2007 08:12:10 -=- QUICKT~1 -= QuickTime
cr: 29/01/2005 16:24:20 | mo: 29/01/2005 16:24:20 -=- Real -----= Real
cr: 03/01/2006 19:55:59 | mo: 22/01/2006 19:14:13 -=- RM-XPL~1 -= RM-X Player V4
cr: 13/03/2004 18:44:56 | mo: 13/03/2004 18:44:56 -=- RTE ------= RTE
cr: 03/01/2008 10:21:59 | mo: 03/01/2008 10:21:59 -=- SafeSoft -= SafeSoft
cr: 19/02/2007 17:50:34 | mo: 19/02/2007 17:50:34 -=- Samsung --= Samsung
cr: 07/08/2006 09:46:32 | mo: 07/08/2006 09:46:32 -=- Seagrand -= Seagrand
cr: 02/01/2003 11:18:50 | mo: 02/01/2003 12:45:19 -=- SERVIC~1 -= Services en ligne
cr: 31/05/2005 19:20:02 | mo: 31/05/2005 19:20:02 -=- SIERRA~1 -= Sierra On-Line
cr: 27/01/2007 22:05:54 | mo: 03/01/2008 10:32:44 -=- Singles --= Singles
cr: 31/08/2006 21:36:01 | mo: 31/08/2006 21:52:48 -=- SM -------= SM
cr: 25/12/2006 10:24:01 | mo: 25/12/2006 10:24:01 -=- SMARTS~1 -= SmartSound Software
cr: 01/01/2003 20:32:10 | mo: 03/10/2007 20:35:46 -=- Symantec -= Symantec
cr: 23/02/2006 20:38:00 | mo: 23/02/2006 21:04:42 -=- TALLST~1 -= TallStick
cr: 09/02/2004 07:49:44 | mo: 29/11/2005 18:45:52 -=- TLC-ED~1 -= TLC-Edusoft
cr: 03/01/2008 10:33:13 | mo: 03/01/2008 10:33:13 -=- TRENDM~1 -= Trend Micro
cr: 29/01/2006 20:15:51 | mo: 29/01/2006 20:15:51 -=- ULEADS~1 -= Ulead Systems
cr: 06/12/2006 18:20:40 | mo: 06/12/2006 18:20:40 -=- UNINST~1 -= Uninstall Information
cr: 10/06/2007 00:11:34 | mo: 10/06/2007 00:11:34 -=- USERBU~1 -= User Burn Mix
cr: 24/01/2007 19:53:29 | mo: 05/02/2007 18:42:37 -=- VideoLAN -= VideoLAN
cr: 04/10/2005 18:33:48 | mo: 26/11/2005 08:52:21 -=- VISICO~1 -= Visicom Media
cr: 08/01/2004 21:14:26 | mo: 08/01/2004 21:14:26 -=- Wanadoo --= Wanadoo
cr: 25/03/2006 22:21:02 | mo: 25/03/2006 23:02:50 -=- webcamXP -= webcamXP
cr: 12/06/2007 17:44:02 | mo: 13/06/2007 11:10:35 -=- Webteh ---= Webteh
cr: 11/04/2005 18:50:26 | mo: 11/04/2005 18:50:26 -=- WINDOW~4 -= Windows Journal Viewer
cr: 03/01/2008 10:10:11 | mo: 03/01/2008 10:10:11 -=- WI1F86~1 -= Windows Live
cr: 06/11/2006 20:47:50 | mo: 16/12/2007 17:45:46 -=- WIE5D0~1 -= Windows Live Safety Center
cr: 04/02/2007 11:16:10 | mo: 14/10/2007 10:38:22 -=- WI81E8~1 -= Windows Live Toolbar
cr: 15/12/2006 18:43:08 | mo: 15/12/2006 18:43:12 -=- WI4DF6~1 -= Windows Media Connect 2
cr: 02/01/2003 11:18:49 | mo: 15/12/2006 18:44:12 -=- WINDOW~2 -= Windows Media Player
cr: 02/01/2003 11:18:28 | mo: 23/06/2006 11:40:20 -=- WINDOW~1 -= Windows NT
cr: 02/01/2003 11:18:50 | mo: 26/12/2004 14:18:25 -=- WINDOW~3 -= WindowsUpdate
cr: 28/07/2005 18:05:42 | mo: 11/10/2007 12:28:25 -=- WinRAR ---= WinRAR
cr: 02/01/2003 11:23:14 | mo: 02/01/2003 11:23:14 -=- xerox ----= xerox
cr: 09/02/2006 10:25:17 | mo: 03/01/2008 09:56:04 -=- Yahoo! ---= Yahoo!
cr: 27/12/2004 13:24:54 | mo: 11/06/2006 20:23:47 -=- ZEROGR~1 -= Zero G Registry

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]

C:\Program Files\MessengerPlus! 3
C:\Program Files\Messenger Plus! Live

___________________________________________________________________________

[Clés registre de démarrage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BODY AMOK LIST FLAG REG_SZ C:\Documents and Settings\All Users\Application Data\dupe global body amok\ATOMBIB.exe

___________________________________________________________________________

[Popups autorisés]

[-] Internet Explorer :

chat.ados.fr
www.france-examen.com
forum.aceboard.net
www.paroles.net
jellevy.yellis.net
www.cyberpapy.com
www.journalsecret.com
www.start4u.nl
www.moustiq.com
go.zoneados.com
www.systranbox.com
chat9.x-echo.com
www.uptotech.com
chat4.x-echo.com
chat7.x-echo.com
searchweb2.com
www.searchweb2.com
www.skyrock.com
gueledange.skyrock.com
*.club.free.fr
lily-nouill-orc.skyrock.com
*.hotmail.msn.com
fr.netlog.com
rockstardu78.skyrock.com
harrypotterrpg.forumactif.name
annkara.skyrock.com
floflo50101.skyrock.com
*.badoo.com
www.cowblog.fr
www.studyrama.com
www.govoyages.com
*.parier.pmu.fr

[-] Mozilla Firefox

[-] Suite Mozilla / SeaMonkey

___________________________________________________________________________

[Suggestion nettoyage registre]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BODY AMOK LIST FLAG"=-

- Fin du rapport -
0
Réponse 3 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

tu as beaucoup de version d'msn !

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\tasks\A87835C5918BAD89.job
c:\docume~1\propri~1\applic~1\userbu~1\Settings Option Deaf.exe
C:\Program Files\User Burn Mix
C:\Program Files\MessengerSkinner
C:\Documents and Settings\All Users\Application Data\dupe global body amok

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

ensuite, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

@+

0
Réponse 4 / 28
DianeAndD
 
D'accord voici le rapport

C:\WINDOWS\tasks\A87835C5918BAD89.job moved successfully.
File/Folder c:\docume~1\propri~1\applic~1\userbu~1\Settings Option Deaf.exe not found.
C:\Program Files\User Burn Mix moved successfully.
C:\Program Files\MessengerSkinner moved successfully.
Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\dupe global body amok scheduled to be deleted on reboot.

Created on 01/03/2008 18:46:24

Je vais maintenant suivre votre lien et vous transmettre les 3 autres rapports demandés
je vous remercie vraiment de votre aide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
DianeAndD
 
Re bonjour,

Désolé du temps de réponse, je n'ai pas pu le faire plus rapidement,
Alors je vous poste tout d'abord le premier rapport réalisé avec AVG anti-spyware

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:47:35 03/01/2008

+ Résultat de l'analyse:

HKU\S-1-5-21-1643591301-3181337419-2175288203-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Aucune action entreprise.
C:\Program Files\ContextTool\ContextTool-3.dll -> Not-A-Virus.Adware.Agent : Aucune action entreprise.
C:\Documents and Settings\Propri‚taire\Cookies\propriétaire@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Propri‚taire\Cookies\propriétaire@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Propri‚taire\Cookies\propriétaire@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Propri‚taire\Cookies\propriétaire@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.

Fin du rapport

Puis le lendemain j'ai voulu en refaire un de vérification et il m'a à nouveau trouvé quelques cookies:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:06:22 04/01/2008

+ Résultat de l'analyse:

C:\Documents and Settings\Propriétaire\Cookies\propriétaire@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

Fin du rapport

Enfin je viens de réaliser l'analyse avec BitDefender et voici le rapport

BitDefender Online Scanner

Scan report generated at: Fri, Jan 04, 2008 - 13:44:09

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time
02:30:56

Files
408007

Folders
9286

Boot Sectors
3

Archives
20789

Packed Files
18050

Results

Identified Viruses
2

Infected Files
14

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
14

Engines Info

Virus Definitions
885326

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\All Users\Application Data\dupe global body amok\Play meet.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\All Users\Application Data\dupe global body amok\Play meet.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\dupe global body amok\Play meet.exe
Deleted

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\btkanuhp.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\btkanuhp.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\btkanuhp.exe
Deleted

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\qztjlzjd.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\qztjlzjd.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\qztjlzjd.exe
Deleted

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\rruxtiqg.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\rruxtiqg.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\rruxtiqg.exe
Deleted

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\yvbettra.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\yvbettra.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix\yvbettra.exe
Deleted

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161454.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161454.exe
Disinfection failed

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161454.exe
Deleted

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161455.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161455.exe
Disinfection failed

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161455.exe
Deleted

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161456.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161456.exe
Disinfection failed

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161456.exe
Deleted

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161457.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161457.exe
Disinfection failed

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161457.exe
Deleted

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161458.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161458.exe
Disinfection failed

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP1014\A0161458.exe
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Disinfection failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\ATOMBIB.exe
Infected with: Trojan.FatObfus.Gen

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\ATOMBIB.exe
Disinfection failed

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\ATOMBIB.exe
Deleted

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\dvd two.exe
Infected with: Trojan.FatObfus.Gen

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\dvd two.exe
Disinfection failed

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\dvd two.exe
Deleted

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\Hide download.exe
Infected with: Trojan.FatObfus.Gen

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\Hide download.exe
Disinfection failed

C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\dupe global body amok\Hide download.exe
Deleted

Pour le dernier rapport à transmettre via d'Hijackthis je vous le transmet dans quelques instants
Merci de l'attention que vous voudez bien y porter.
0
Réponse 6 / 28
DianeAndD
 
Le voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:31, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.89.98.219 v.chiqing.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StatsTool - {0A2A22E9-C506-4079-94A9-3653B7927D69} - C:\Program Files\Anonystat\Anonystat-2.dll
O2 - BHO: ContextHelper - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-3.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ErrorHelper - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-2.dll
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1125563802000.kit.sexequalite.com/11536/CD/NewHentai.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://monsite.club-internet.fr/album_admin/ActiveX/ImageUploader3.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer = 194.117.200.10,194.117.200.15
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 7 / 28
Maxou1012
 
Juste pour info --> essaye de désinstaller MSN+, BitDownloader ou CiD Helper dans ajout, suppression de programme !
0
Réponse 8 / 28
DianeAndD
 
Merci mais à part msn + je n'ai aucuns des 2 autres logiciels (du moins visibles sur ajout/ suppression)
Je n'ai plus de problèmes avec les pages CiD, merci encore Green Day mais je voudrais tout de même savoir si il est préférable que je supprime encore quelques trucs, ou bien que je fasse des manips (si vous voyez qq chose dans mes 3 rapports)
Merci beaucoup
0
Réponse 9 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

* Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
* Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.bat
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le !

@+

0
Réponse 10 / 28
DianeAndD
 
Bonsoir, voici le rapport

Search Navipromo version 3.3.8 commencé le 05/01/2008 à 21:33:06,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\application data" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Propriétaire\local settings\application data" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

lapqmnr.dat trouvé !
lapqmnr_nav.dat trouvé !

* Dans "C:\Documents and Settings\Propriétaire\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

*** Analyse terminée le 05/01/2008 à 21:45:28,31 ***
0
Réponse 11 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

o Double-cliquer sur navilog1.bat
o Arriver au menu principal, choisir l'option 2 et valider.
o Indiquer le mode de nettoyage "automatique"
o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
o Patienter jusqu'au message : Nettoyage Termine le ...
o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt), poste le stp avec un nouveau hijack

++

0
Réponse 12 / 28
DianeAndD
 
Clean Navipromo version 3.3.8 commencé le 06/01/2008

à 13:54:01,75

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de

la recherche)

*** Suppression avec sauvegardes résultats

GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and

Settings\Propriétaire\local settings\application

data" *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans

C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and

Settings\Propriétaire\application data" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and

Settings\Propri‚taire\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers

Instant Access :

2)Recherche, création sauvegardes et suppression

Heuristique :

* Dans C:\WINDOWS\system32 *

lapqmnr.dat trouvé !
Copie lapqmnr.dat réalisée avec succès !
lapqmnr.dat supprimé !

lapqmnr_nav.dat trouvé !
Copie lapqmnr_nav.dat réalisée avec succès !
lapqmnr_nav.dat supprimé !

lapqmnr_navps.dat trouvé !
Copie lapqmnr_navps.dat réalisée avec succès !
lapqmnr_navps.dat supprimé !

* Dans "C:\Documents and Settings\Propriétaire\local

settings\application data" *

*** Sauvegarde du Registre vers dossier Backupnavi

***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 06/01/2008 à 13:58:20,06 ***

Et voici le rapport HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:14, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.89.98.219 v.chiqing.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StatsTool - {0A2A22E9-C506-4079-94A9-3653B7927D69} - C:\Program Files\Anonystat\Anonystat-2.dll
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ErrorHelper - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-2.dll
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1125563802000.kit.sexequalite.com/11536/CD/NewHentai.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://monsite.club-internet.fr/album_admin/ActiveX/ImageUploader3.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer = 194.117.200.10,194.117.200.15
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 13 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

supprime ces deux porgrammes dans ajout/supprimer un programme :

ErrorsTool
Anonystat


# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

++

0
Réponse 14 / 28
DianeAndD
 
Oki, alors j'ai pu supprimer ErrorsTool en revanche je ne trouve pas Anonystat
Cependant il y'a un logiciel avec presque le même nom: Stats Tool
est celui ci?
0
Réponse 15 / 28
DianeAndD
 
Et voilà le rapport généré

SmitFraudFix v2.274

Rapport fait à 14:29:35,15, 06/01/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15

Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 16 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Cependant il y'a un logiciel avec presque le même nom: Stats Tool
est celui ci?

Oui !

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

ensuite poste un hijackthis stp

++
0
Réponse 17 / 28
DianeAndD
 
ok

SmitFraudFix v2.274

Rapport fait à 14:39:31,87, 06/01/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
222.89.98.219 v.chiqing.com

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 18 / 28
DianeAndD
 
Puis le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:20, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.89.98.219 v.chiqing.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StatsTool - {0A2A22E9-C506-4079-94A9-3653B7927D69} - C:\Program Files\Anonystat\Anonystat-2.dll (file missing)
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ErrorHelper - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-2.dll (file missing)
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1125563802000.kit.sexequalite.com/11536/CD/NewHentai.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://monsite.club-internet.fr/album_admin/ActiveX/ImageUploader3.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B0E37C-3AF2-41A2-8FEB-5A3FB5682E26}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{950CA8FD-1523-4276-B650-CFFA704509E0}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D1F7FA-1124-448A-A4B0-DE867F2AB36F}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 19 / 28
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Ouvre une page IE : menu Outils > Bloqueur de fenêtres publicitaire intempestives > paramètre du bloqueur de fenêtres publicitaires intempestives, puis dans la liste, sélectionne les sites suivants et supprime les : ( si présents )

bin.errorprotector.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 de.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 download.cdn.winsoftware.com
127.0.0.1 download.errorsafe.com
127.0.0.1 download.systemdoctor.com
127.0.0.1 download.winantispyware.com
127.0.0.1 download.windrivecleaner.com
127.0.0.1 download.winfixer.com
127.0.0.1 drivecleaner.com
127.0.0.1 dynamique.drivecleaner.com
127.0.0.1 errorprotector.com
127.0.0.1 errorsafe.com
127.0.0.1 es.winantivirus.com
127.0.0.1 fr.winantivirus.com
127.0.0.1 fr.winfixer.com
127.0.0.1 go.drivecleaner.com
127.0.0.1 go.errorsafe.com
127.0.0.1 go.winantispyware.com
127.0.0.1 go.winantivirus.com
127.0.0.1 hk.winantivirus.com
127.0.0.1 instlog.errorsafe.com
127.0.0.1 instlog.winantivirus.com
127.0.0.1 jsp.drivecleaner.com
127.0.0.1 kb.errorsafe.com
127.0.0.1 kb.winantivirus.com
127.0.0.1 nl.errorsafe.com
127.0.0.1 se.errorsafe.com
127.0.0.1 secure.drivecleaner.com
127.0.0.1 secure.errorsafe.com
127.0.0.1 secure.winantispam.com
127.0.0.1 secure.winantispy.com
127.0.0.1 secure.winantivirus.com
127.0.0.1 support.winantivirus.com
127.0.0.1 ulog.winantivirus.com
127.0.0.1 utils.errorsafe.com
127.0.0.1 utils.winantivirus.com
127.0.0.1 winantispyware.com
127.0.0.1 winantivirus.com
127.0.0.1 winfixer.com
127.0.0.1 www.drivecleaner.com
127.0.0.1 www.errorprotector.com
127.0.0.1 www.errorsafe.com
127.0.0.1 www.systemdoctor.com
127.0.0.1 www.win-anti-virus-pro.com
127.0.0.1 www.win-virus-pro.com
127.0.0.1 www.winantispam.com
127.0.0.1 www.winantispy.com
127.0.0.1 www.winantispyware.com
127.0.0.1 www.winantivirus.com
127.0.0.1 www.winantiviruspro.com
127.0.0.1 www.windrivecleaner.com
127.0.0.1 www.windrivesafe.com
127.0.0.1 www.winfixer.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 download.cdn.drivecleaner.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 instlog.winfixer.com
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 utils.winfixer.com
127.0.0.1 winfixer2006.com
127.0.0.1 winsoftware.com
127.0.0.1 www.utils.winfixer.com
127.0.0.1 www.winfixer2006.com
127.0.0.1 www.winsoftware.com

ensuite :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 20 / 28
DianeAndD
 
D'accord merci beaucoup,
Je n'ai supprimé aucuns sites car aucuns ne figurant dans ma liste

voici le scan

ComboFix 08-01-04.1 - Propriétaire 2008-01-06 15:35:50.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1005 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.

2008-01-06 15:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:39 . 2008-01-06 14:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-06 14:39 . 2008-01-06 14:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-06 14:39 . 2008-01-06 14:39 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-06 14:39 . 2008-01-06 14:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-06 14:39 . 2008-01-06 14:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-06 14:39 . 2008-01-06 14:39 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-06 14:29 . 2008-01-06 14:39 3,424 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 21:31 . 2008-01-06 13:58 <REP> d-------- C:\Program Files\Navilog1
2008-01-04 15:10 . 2008-01-04 15:33 <REP> d-------- C:\Program Files\RegCleaner
2008-01-04 11:10 . 2008-01-04 13:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 19:11 . 2008-01-03 19:11 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-01-03 19:11 . 2008-01-03 19:11 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-01-03 19:11 . 2008-01-03 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 19:11 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 10:44 . 2008-01-03 10:45 <REP> d-------- C:\Program Files\Lopxp
2008-01-03 10:33 . 2008-01-03 10:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-03 10:21 . 2008-01-03 18:58 <REP> d-------- C:\Program Files\SafeSoft
2008-01-03 10:10 . 2008-01-03 10:10 <REP> d-------- C:\Program Files\Windows Live
2008-01-03 10:10 . 2008-01-03 10:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 14:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 13:25 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-04 15:21 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-04 10:38 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix
2008-01-04 10:38 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\User Burn Mix
2008-01-04 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\dupe global body amok
2008-01-03 09:32 --------- d-----w C:\Program Files\Singles
2008-01-03 09:10 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-03 08:56 --------- d-----w C:\Program Files\Yahoo!
2007-12-10 12:17 --------- d---a-w C:\Program Files\Java
2007-11-27 18:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2007-11-27 18:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2007-11-22 06:56 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-09-29 09:51 976,020 -c--a-w C:\Program Files\BDAXP.cab
2005-09-29 09:51 916,815 -c--a-w C:\Program Files\Oct2005_MDX_x86.cab
2005-09-29 09:51 86,784 -c--a-w C:\Program Files\Oct2005_xinput_x64.cab
2005-09-29 09:51 74,448 -c--a-w C:\Program Files\DSETUP.dll
2005-09-29 09:51 74,430 -c--a-w C:\Program Files\dxupdate.cab
2005-09-29 09:51 703,080 -c--a-w C:\Program Files\BDA.cab
2005-09-29 09:51 488,656 -c--a-w C:\Program Files\DXSETUP.exe
2005-09-29 09:51 46,085 -c--a-w C:\Program Files\Oct2005_xinput_x86.cab
2005-09-29 09:51 41,888 -c--a-w C:\Program Files\dxdllreg_x86.cab
2005-09-29 09:51 2,245,840 -c--a-w C:\Program Files\dsetup32.dll
2005-09-29 09:51 15,493,481 -c--a-w C:\Program Files\DirectX.cab
2005-09-29 09:51 13,265,040 -c--a-w C:\Program Files\dxnt.cab
2005-09-29 09:51 1,351,430 -c--a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-09-29 09:51 1,156,363 -c--a-w C:\Program Files\BDANT.cab
2005-09-29 09:51 1,078,532 -c--a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A2A22E9-C506-4079-94A9-3653B7927D69}]
C:\Program Files\Anonystat\Anonystat-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E82E0739-0AAE-4E99-9052-B40F7DABFA34}]
C:\Program Files\ErrorsTool\ErrorsTool-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 06:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 06:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 20:10 335872]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 14:11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BODY AMOK LIST FLAG]
C:\Documents and Settings\All Users\Application Data\dupe global body amok\Play meet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 21:59 115816 --a------ C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-20 00:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2003-09-04 10:45 135214 --a------ C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 04:42 212992 --a--c--- C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegsEggs]
C:\DOCUME~1\PROPRI~1\APPLIC~1\USERBU~1\dvd one stop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-03-06 02:00 118784 --a--c--- C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 03:10 49263 --a--c--- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-05-26 16:46]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 14:46]
S2 vvlppc2;vvlppc2;C:\WINDOWS\system32\drivers\vvlppc2.sys [1999-01-06 10:47]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 17:43]
S3 nenum13E;nenum13E;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\nenum13E.sys []
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-03-09 00:12]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 05:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1354b0b0-4f69-11dc-8d59-000ea61ea829}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55106eff-c18e-11db-8bf4-000ea61ea829}]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-17 14:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 19:00:13 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Propriétaire.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 15:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 15:41:59
ComboFix-quarantined-files.txt 2008-01-06 14:41:27
.
2007-12-11 21:54:50 --- E O F ---
0

Discussions similaires

Retour en arrière avec Pages sur Mac ?
alex 2510 -
emma.plv -

13 réponses
Impossible de créer ou gérer une page Facebook
Cathou18 -
Cathou18 -

4 réponses
supprimer le surlignage de couleur jaune
clem613 -
hanae -

12 réponses
Comment supprimer une page sur pages de mac
Gaspouille -
Utilisateur anonyme -

7 réponses