Sujet Précédent Sujet Suivant

Win 32 : BHO-KD

Fermé
ninouche85 - 10 févr. 2008 à 20:28
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 28 févr. 2008 à 21:17
Bonsoir, je voudrais de l'aide pour me débarasser de ce fameux trojan, Win32: BHO-KD.
Avast l'a detecté il y a deja un moment mais ne veut pas le supprimer. J'ai essayé avec plusieurs antivirus : AVG, ad-Aware, a-squared, mais rien ne marche.
Quelqu'un pourrait-il m'aider s'il vous plait?!!
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
10 févr. 2008 à 21:48
Bonsoir

Télécharge sur le bureau

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
0
Réponse 2 / 37
ninouche85
11 févr. 2008 à 10:36
Voila le rapport de Hijack,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:30, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nshB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DD624302-A5B6-4B15-8878-2AB00C98DF49} - C:\WINDOWS\system32\dbnmpnt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://194.7.150.2/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1DB61-29C5-4134-8934-18ADAFEBBF7F}: NameServer = 80.10.246.130 81.253.149.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
0
Réponse 3 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
11 févr. 2008 à 20:14
Bonsoir

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici


ensuite
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

@+
0
Réponse 4 / 37
ninouche85
11 févr. 2008 à 21:49
Bonsoir,
j'ai fais le scan avec Vundo mais il ne trouve rien. Est-ce normal??
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
11 févr. 2008 à 21:59
poste le rapport
même si il ne trouve rien tu doit avoir un rapport
ensuite lance combofix
0
Réponse 6 / 37
ninouche85
12 févr. 2008 à 13:59
Rapport de Vundofix

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 22:42:01 07/02/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:26:09 11/02/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 22:20:11 11/02/2008

Listing files found while scanning....


VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 22:22:12 11/02/2008

Listing files found while scanning....


VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:08:41 12/02/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...
0
Réponse 7 / 37
ninouche85
12 févr. 2008 à 14:04
Rapport VBG,


[02/12/2008, 14:03:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\NiNoUcHe\Bureau\VirtumundoBeGone.exe" )
[02/12/2008, 14:03:14] - Detected System Information:
[02/12/2008, 14:03:14] - Windows Version: 5.1.2600, Service Pack 2
[02/12/2008, 14:03:14] - Current Username: NiNoUcHe (Admin)
[02/12/2008, 14:03:14] - Windows is in NORMAL mode.
[02/12/2008, 14:03:14] - Searching for Browser Helper Objects:
[02/12/2008, 14:03:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 14:03:14] - BHO 2: {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} (Adssite Search Assistant)
[02/12/2008, 14:03:14] - BHO 3: {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (BrowserCmp)
[02/12/2008, 14:03:14] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[02/12/2008, 14:03:14] - BHO 5: {733716E1-76D2-4003-AC39-845281C0EF85} (dcads)
[02/12/2008, 14:03:14] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 14:03:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/12/2008, 14:03:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 14:03:14] - No filename found. Continuing.
[02/12/2008, 14:03:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/12/2008, 14:03:14] - BHO 9: {DD624302-A5B6-4B15-8878-2AB00C98DF49} ()
[02/12/2008, 14:03:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 14:03:14] - Checking for HKLM\...\Winlogon\Notify\dbnmpnt
[02/12/2008, 14:03:14] - Key not found: HKLM\...\Winlogon\Notify\dbnmpnt, continuing.
[02/12/2008, 14:03:14] - Finished Searching Browser Helper Objects
[02/12/2008, 14:03:14] - Finishing up...
[02/12/2008, 14:03:14] - Nothing found! Exiting...
0
Réponse 8 / 37
ninouche85
12 févr. 2008 à 14:30
Rapport Combofix

ComboFix 08-02-12.1 - NiNoUcHe 2008-02-12 14:11:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.146 [GMT 1:00]Endroit: C:\Documents and Settings\NiNoUcHe\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Michel\err.log
C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\#SharedObjects\5D6TRC5H\iforex.com
C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\#SharedObjects\5D6TRC5H\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\NiNa\err.log
C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\Fichiers communs\{2F9E4~1
C:\Program Files\Fichiers communs\{2F9E4~2
C:\Program Files\Fichiers communs\{3F9E4~1
C:\Program Files\Fichiers communs\{3F9E4~1\Bar888.dll
C:\Program Files\Fichiers communs\{3F9E4~1\UnInstall.exe
C:\Program Files\Fichiers communs\uninstall information
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\blprlawfv.dat
C:\WINDOWS\system32\blprlawfv_navps.dat
C:\WINDOWS\system32\gupoqmsif.dat
C:\WINDOWS\system32\gupoqmsif_nav.dat
C:\WINDOWS\system32\gupoqmsif_navps.dat
C:\WINDOWS\system32\khlqurvcec.dat
C:\WINDOWS\system32\khlqurvcec_navps.dat
C:\WINDOWS\system32\majylucr.dat
C:\WINDOWS\system32\majylucr_nav.dat
C:\WINDOWS\system32\majylucr_navps.dat
C:\WINDOWS\system32\mkieud.dat
C:\WINDOWS\system32\mkieud_nav.dat
C:\WINDOWS\system32\mkieud_navps.dat
C:\WINDOWS\system32\nsl96.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qmstrefak.dat
C:\WINDOWS\system32\qmstrefak_nav.dat
C:\WINDOWS\system32\qmstrefak_navps.dat
C:\WINDOWS\system32\qmstrefak_navup.dat
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\uiewfqjkm.dat
C:\WINDOWS\system32\uiewfqjkm_nav.dat
C:\WINDOWS\system32\uiewfqjkm_navps.dat
C:\WINDOWS\system32\ybjngfxi.dat
C:\WINDOWS\system32\ybjngfxi_nav.dat
C:\WINDOWS\system32\ybjngfxi_navps.dat
C:\WINDOWS\system32\ymihgnopz.dat
C:\WINDOWS\system32\ymihgnopz_nav.dat
C:\WINDOWS\system32\ymihgnopz_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 21:26 . 2008-02-11 21:26 <REP> d-------- C:\VundoFix Backups
2008-02-11 10:33 . 2008-02-11 10:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-09 18:30 . 2008-02-09 18:30 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Shared
2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Incomplete
2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\LimeWire
2008-02-09 12:48 . 2008-02-09 12:50 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-02-09 12:48 . 2008-02-09 12:48 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-02-09 10:56 . 2008-02-09 10:56 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Grisoft
2008-02-08 11:12 . 2008-02-09 12:17 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-02-07 21:50 . 2008-02-07 21:50 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 21:50 . 2008-02-07 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 21:49 . 2008-02-07 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-04 22:20 . 2008-02-04 22:20 <REP> d-------- C:\Documents and Settings\NiNa\Application Data\Okayticknoun
2008-01-31 20:11 . 2008-01-31 20:11 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Okayticknoun
2008-01-28 14:58 . 2008-01-28 14:58 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Okayticknoun
2008-01-28 09:02 . 2008-01-28 09:02 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Okayticknoun
2008-01-27 22:10 . 2008-01-27 22:10 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-01-27 11:59 . 2008-02-10 23:09 <REP> d-------- C:\Documents and Settings\Nomii 2\Application Data\BitDownload
2008-01-27 11:56 . 2008-01-27 11:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
2008-01-27 11:55 . 2008-01-27 11:55 <REP> d-------- C:\Program Files\Okayticknoun
2008-01-27 11:55 . 2008-02-10 22:01 <REP> d-------- C:\Program Files\BitDownload
2008-01-19 19:01 . 2008-02-12 09:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 19:01 . 2008-01-19 19:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iTunes
2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iPod
2008-01-19 18:56 . 2008-01-19 18:56 <REP> d-------- C:\Program Files\Bonjour
2008-01-19 18:50 . 2008-01-19 18:50 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-19 18:47 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-18 11:06 . 2008-01-18 11:06 294,912 --a------ C:\WINDOWS\system32\iebrowserc.dll
2008-01-15 22:39 . 2008-01-15 22:39 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Samsung
2008-01-15 14:16 . 2008-02-10 14:12 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Apple Computer
2008-01-13 18:32 . 2008-01-14 07:31 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\AdobeUM
2008-01-13 12:11 . 2008-02-05 20:19 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-01-13 11:33 . 2008-01-13 11:33 <REP> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 09:07 --------- d-----w C:\Program Files\eMule
2008-02-09 11:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-04 21:21 --------- d-----w C:\Program Files\AdVantage
2008-02-02 20:56 --------- d-----w C:\Documents and Settings\Marie\Application Data\Skype
2008-02-02 16:07 --------- d-----w C:\Documents and Settings\Marie\Application Data\skypePM
2008-01-27 18:35 --------- d-----w C:\Program Files\Zoom Player
2008-01-27 14:27 24,736 ----a-w C:\Documents and Settings\Nomii 2\Application Data\GDIPFONTCACHEV1.DAT
2008-01-27 10:56 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Okayticknoun
2008-01-20 16:32 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Ableton
2008-01-20 16:31 --------- d-----w C:\Program Files\Ableton
2008-01-19 17:56 --------- d-----w C:\Program Files\QuickTime
2008-01-14 10:05 --------- d-----w C:\Documents and Settings\NiNa\Application Data\OpenOffice.org2
2008-01-13 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 15:53 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\vlc
2008-01-10 19:20 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\MaxiMemo
2008-01-07 21:24 --------- d-----w C:\Program Files\n-CASE.180
2008-01-07 17:56 --------- d-----w C:\Documents and Settings\NiNa\Application Data\PC Tools
2008-01-06 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-03 18:11 --------- d-----w C:\Program Files\FotoSketcher
2007-12-24 12:04 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Apple Computer
2007-12-20 21:18 --------- d-----w C:\Program Files\MSN Messenger
2007-12-20 21:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-20 10:24 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2007-12-19 20:40 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2007-12-19 20:39 5,632 --sha-w C:\Program Files\Thumbs.db
2007-12-19 11:49 --------- d-----w C:\Documents and Settings\NiNa\Application Data\Skype
2007-12-19 11:10 --------- d-----w C:\Documents and Settings\NiNa\Application Data\skypePM
2007-12-18 20:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-18 20:49 --------- d-----w C:\Program Files\Java
2007-12-18 09:40 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
2007-12-17 09:38 --------- d-----w C:\Program Files\TimeAdjuster
2007-12-16 21:57 --------- d-----w C:\Documents and Settings\Marie\Application Data\MaxiMemo
2007-12-16 17:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-16 17:25 --------- d-----w C:\Program Files\Skype
2007-12-16 17:25 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-16 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-16 12:57 --------- d-----w C:\Documents and Settings\Michel\Application Data\MaxiMemo
2007-12-14 18:28 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\MaxiMemo
2007-12-13 12:12 24,736 ----a-w C:\Documents and Settings\NiNa\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 09:53 --------- d-----w C:\Program Files\Windows Live
2007-12-13 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2005-06-23 06:53 147 ----a-w C:\Program Files\INSTALL.LOG
.
[code]<pre>
----a-w 6,567,120 2005-11-03 18:18:51 C:\Documents and Settings\NiNoUcHe\Bureau\age of empires\AOE - Patch Officiel - Multilangues - V 1.01 - aoe3patch-10to101 - .exe
</pre>[/code]

[color=red]Files Infected - Win32.Agent.zb[/color]
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD624302-A5B6-4B15-8878-2AB00C98DF49}]
2004-08-20 00:09 99840 --a------ C:\WINDOWS\system32\dbnmpnt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"stupid creative poll axis"="C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe" [2008-02-12 10:10 6372352]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 01:04 5562368]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-11-28 18:44:41 954475]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{2F9E4904-0A27-1036-1212-030310020021}"= "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411

R0 rfhmmdtb;rfhmmdtb;C:\WINDOWS\system32\drivers\lxczpjco.dat []
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-02-04 16:42]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-02-04 16:42]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S2 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S4 COMkFwd;COMkFwd;C:\WINDOWS\system32\drivers\nv4isagp.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-09 15:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 13:00:00 C:\WINDOWS\Tasks\B53D7D8395F6F09B.job"
- c:\docume~1\nomii2~1\applic~1\okayti~1\That view draw.exe
"2008-02-12 13:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 14:21:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-12 14:27:28
ComboFix-quarantined-files.txt 2008-02-12 13:27:20
.
2008-01-09 11:00:49 --- E O F ---
0
Réponse 9 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
12 févr. 2008 à 20:54
Bonsoir je regarde ton rapport
et je te donne réponse tout à l'heure
vous êtes combien à utiliser le pc ?
Michel;NiNa;ninouche;Nomii;marie...
0
Réponse 10 / 37
ninouche85
12 févr. 2008 à 20:58
on est 5
merci d'avance
0
Réponse 11 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
12 févr. 2008 à 23:13
regarde dans ajout/suppression de programmes si tu as ceci
BitDownload ou BitGrabber si oui supprime et regarde situ as cid help
si tu as aussi supprime

selectionne ceci

driver::

lxczpjco.dat


registry::


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerBrowser Helper Objects\{DD624302-A5B6-4B15-8878-2AB00C98DF49}]


File::

C:\WINDOWS\system32\drivers\lxczpjco.dat
C:\WINDOWS\system32\iebrowserc.dll
C:\Program Files\Okayticknoun
C:\Program Files\BitDownload


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ensuite

Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

ensuite on va faire un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
plus un nouveau rapport hijack stp
@+
0
Réponse 12 / 37
ninouche85
13 févr. 2008 à 15:19
Nouveau rapport Combofix,

ComboFix 08-02-12.1 - NiNoUcHe 2008-02-13 15:02:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.154 [GMT 1:00]Endroit: C:\Documents and Settings\NiNoUcHe\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\NiNoUcHe\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\Program Files\BitDownload
C:\Program Files\Okayticknoun
C:\WINDOWS\system32\drivers\lxczpjco.dat
C:\WINDOWS\system32\iebrowserc.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lxczpjco.dat . . . . Echec de suppression
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32\drivers\lxczpjco.dat . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 21:26 . 2008-02-11 21:26 <REP> d-------- C:\VundoFix Backups
2008-02-11 10:33 . 2008-02-11 10:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-09 18:30 . 2008-02-09 18:30 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Shared
2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Incomplete
2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\LimeWire
2008-02-09 12:48 . 2008-02-09 12:50 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-02-09 12:48 . 2008-02-09 12:48 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-02-09 10:56 . 2008-02-09 10:56 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Grisoft
2008-02-08 11:12 . 2008-02-09 12:17 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-02-07 21:50 . 2008-02-07 21:50 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 21:50 . 2008-02-07 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 21:49 . 2008-02-07 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-04 22:20 . 2008-02-04 22:20 <REP> d-------- C:\Documents and Settings\NiNa\Application Data\Okayticknoun
2008-01-31 20:11 . 2008-01-31 20:11 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Okayticknoun
2008-01-28 14:58 . 2008-01-28 14:58 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Okayticknoun
2008-01-28 09:02 . 2008-01-28 09:02 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Okayticknoun
2008-01-27 22:10 . 2008-01-27 22:10 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-01-27 11:59 . 2008-02-10 23:09 <REP> d-------- C:\Documents and Settings\Nomii 2\Application Data\BitDownload
2008-01-27 11:56 . 2008-01-27 11:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
2008-01-27 11:55 . 2008-01-27 11:55 <REP> d-------- C:\Program Files\Okayticknoun
2008-01-19 19:01 . 2008-02-13 15:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 19:01 . 2008-01-19 19:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iTunes
2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iPod
2008-01-19 18:56 . 2008-01-19 18:56 <REP> d-------- C:\Program Files\Bonjour
2008-01-19 18:50 . 2008-01-19 18:50 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-19 18:47 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 22:39 . 2008-01-15 22:39 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Samsung
2008-01-15 14:16 . 2008-02-10 14:12 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Apple Computer
2008-01-13 18:32 . 2008-01-14 07:31 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\AdobeUM
2008-01-13 12:11 . 2008-02-12 21:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-01-13 11:33 . 2008-01-13 11:33 <REP> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:28 --------- d-----w C:\Program Files\eMule
2008-02-12 22:02 --------- d-----w C:\Documents and Settings\Marie\Application Data\Skype
2008-02-12 19:39 --------- d-----w C:\Documents and Settings\Marie\Application Data\skypePM
2008-02-09 11:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-04 21:21 --------- d-----w C:\Program Files\AdVantage
2008-01-27 18:35 --------- d-----w C:\Program Files\Zoom Player
2008-01-27 14:27 24,736 ----a-w C:\Documents and Settings\Nomii 2\Application Data\GDIPFONTCACHEV1.DAT
2008-01-27 10:56 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Okayticknoun
2008-01-20 16:32 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Ableton
2008-01-20 16:31 --------- d-----w C:\Program Files\Ableton
2008-01-19 17:56 --------- d-----w C:\Program Files\QuickTime
2008-01-14 10:05 --------- d-----w C:\Documents and Settings\NiNa\Application Data\OpenOffice.org2
2008-01-13 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 15:53 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\vlc
2008-01-10 19:20 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\MaxiMemo
2008-01-07 21:24 --------- d-----w C:\Program Files\n-CASE.180
2008-01-07 17:56 --------- d-----w C:\Documents and Settings\NiNa\Application Data\PC Tools
2008-01-06 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-03 18:11 --------- d-----w C:\Program Files\FotoSketcher
2007-12-24 12:04 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Apple Computer
2007-12-20 21:18 --------- d-----w C:\Program Files\MSN Messenger
2007-12-20 21:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-20 10:24 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2007-12-19 20:40 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2007-12-19 20:39 5,632 --sha-w C:\Program Files\Thumbs.db
2007-12-19 11:49 --------- d-----w C:\Documents and Settings\NiNa\Application Data\Skype
2007-12-19 11:10 --------- d-----w C:\Documents and Settings\NiNa\Application Data\skypePM
2007-12-18 20:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-18 20:49 --------- d-----w C:\Program Files\Java
2007-12-18 09:40 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
2007-12-17 09:38 --------- d-----w C:\Program Files\TimeAdjuster
2007-12-16 21:57 --------- d-----w C:\Documents and Settings\Marie\Application Data\MaxiMemo
2007-12-16 17:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-16 17:25 --------- d-----w C:\Program Files\Skype
2007-12-16 17:25 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-12-16 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-16 12:57 --------- d-----w C:\Documents and Settings\Michel\Application Data\MaxiMemo
2007-12-14 18:28 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\MaxiMemo
2007-12-13 12:12 24,736 ----a-w C:\Documents and Settings\NiNa\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 09:53 --------- d-----w C:\Program Files\Windows Live
2007-12-13 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2005-06-23 06:53 147 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"stupid creative poll axis"="C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe" [2008-02-13 15:13 6420992]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 01:04 5562368]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{2F9E4904-0A27-1036-1212-030310020021}"= "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-02-04 16:42]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-02-04 16:42]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S0 rfhmmdtb;rfhmmdtb;C:\WINDOWS\system32\drivers\lxczpjco.dat [2007-12-06 22:08]
S2 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S4 COMkFwd;COMkFwd;C:\WINDOWS\system32\drivers\nv4isagp.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-09 15:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-13 14:00:00 C:\WINDOWS\Tasks\B53D7D8395F6F09B.job"
- c:\docume~1\nomii2~1\applic~1\okayti~1\That view draw.exe
"2008-02-13 14:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 15:10:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 15:17:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 14:17:20
ComboFix2.txt 2008-02-12 13:27:29
.
2008-01-09 11:00:49 --- E O F ---
0
Réponse 13 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 févr. 2008 à 20:03
Bonsoir il faut le reste !
@+
0
Réponse 14 / 37
ninouche85
13 févr. 2008 à 20:36
Scan AVG,

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:42:22 13/02/2008

+ Résultat de l'analyse:



C:\System Volume Information\_restore{A9752544-0F4E-4966-B059-84C9C1A3635D}\RP863\A0570619.dll -> Not-A-Virus.Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{A9752544-0F4E-4966-B059-84C9C1A3635D}\RP863\A0570620.dll -> Not-A-Virus.Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.53:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.55:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.56:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.57:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.58:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.201:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.202:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.227:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.292:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.435:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.265:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.266:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.236:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.237:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.239:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.240:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.241:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.242:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.264:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.26:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Nomii 2\Cookies\nomii_2@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.10:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.11:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.12:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.20:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.21:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.22:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.23:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.9:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Nomii 2\Cookies\nomii_2@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.387:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.50:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Nomii 2\Cookies\nomii_2@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.25:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.51:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.58:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.129:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.130:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.131:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.132:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.133:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.135:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.137:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.138:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.320:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.321:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.322:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.101:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.36:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.238:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.243:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.244:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.134:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.136:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.139:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.544:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé.
:mozilla.341:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.434:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.485:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.489:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.636:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.413:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.414:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.312:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.450:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.115:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.39:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.40:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.56:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.57:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.245:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.246:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.247:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.248:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.249:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.250:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.256:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.61:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.62:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.63:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.64:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.65:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.66:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.67:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.391:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.392:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.411:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.412:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.682:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.26:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.417:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.32:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.33:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.41:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.42:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.43:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.44:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.45:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.142:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.75:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.76:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.77:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.78:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.79:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Nomii 2\Cookies\nomii_2@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.65:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.70:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.71:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.81:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.82:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.83:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.84:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.85:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.86:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.87:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.88:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Nomii 2\Cookies\nomii_2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.72:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.73:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.74:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
C:\WINDOWS\system32\dbnmpnt.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport
0
Réponse 15 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 févr. 2008 à 21:29
et le rapport de bitdefender et de hijack ;-))
0
Réponse 16 / 37
ninouche85
13 févr. 2008 à 21:59
je n'arrive pas a lancer bitdefender!
0
Réponse 17 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 févr. 2008 à 22:31
fait un scan en mode sans échec avec ton antivirus
@+
0
Réponse 18 / 37
ninouche85
14 févr. 2008 à 20:57
Scan bitdefender,

BitDefender Online Scanner







Rapport d'analyse généré à: Thu, Feb 14, 2008 - 13:39:13









Voie d'analyse: A:\;C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;















Statistiques

Temps


01:28:37

Fichiers


451113

Directoires


12255

Secteurs de boot


4

Archives


5077

Paquets programmes


16498







Résultats

Virus identifiés


3

Fichiers infectés


3

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


3







Info sur les moteurs

Définition virus


897155

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


14

Archive des plugins


38

Unpack des plugins


7

E-mail plugins


6

Système plugins


1







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


*;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013


Infecté par: Trojan.Downloader.Small.BTF

C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013


Echec de la désinfection

C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013


Supprimé

C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE


Echec de la mise à jour

C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005


Infecté par: Trojan.Obfus.6.Gen

C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005


Echec de la désinfection

C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005


Supprimé

C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)


Echec de la mise à jour

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008


Infecté par: Trojan.Mailskinner.G

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008


Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008


Supprimé

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)


Echec de la mise à jour
0
Réponse 19 / 37
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 févr. 2008 à 20:59
fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite

ensuite refais un nouveau hijack stp
0
Réponse 20 / 37
ninouche85
14 févr. 2008 à 21:05
Scan Hijack,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:34, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\wave body.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [One Joy] C:\DOCUME~1\NiNoUcHe\APPLIC~1\OKAYTI~1\deleteacid.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://194.7.150.2/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1DB61-29C5-4134-8934-18ADAFEBBF7F}: NameServer = 81.253.149.1 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses