Win 32 : BHO-KD

ninouche85 -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonsoir, je voudrais de l'aide pour me débarasser de ce fameux trojan, Win32: BHO-KD.
Avast l'a detecté il y a deja un moment mais ne veut pas le supprimer. J'ai essayé avec plusieurs antivirus : AVG, ad-Aware, a-squared, mais rien ne marche.
Quelqu'un pourrait-il m'aider s'il vous plait?!!
Configuration: Windows XP
Firefox 2.0.0.12

37 réponses

  • 1
  • 2
Résumé de la discussion

Il s'agit de la tentative de suppression du cheval de Troie Win32: BHO-KD sur Windows XP avec Firefox, Avast détectant mais incapable de le supprimer et des essais avec AVG et Ad-Aware. Des solutions proposées incluent VundoFix, des analyses avec HijackThis et des scans en ligne BitDefender, ainsi que des conseils d'utilisation Spybot en mode avancé et de désactivation temporaire de la restauration. Des rapports via HijackThis détaillent les processus et règles de registre, et listent des programmes à vérifier ou supprimer avec des références à des outils antivirus et des instructions de nettoyage. D'autres éléments signalent que certains composants persistent au démarrage et nécessitent une désactivation préalable ou une remise à zéro des paramètres système pour permettre l'élimination effective.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge sur le bureau

    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    = Double-clic dessus pour l'installer
    = Clic Do a system scan and save the log
    =coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    @+
    0
  2. ninouche85
     
    Voila le rapport de Hijack,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:35:30, on 11/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nshB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {DD624302-A5B6-4B15-8878-2AB00C98DF49} - C:\WINDOWS\system32\dbnmpnt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://194.7.150.2/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1DB61-29C5-4134-8934-18ADAFEBBF7F}: NameServer = 80.10.246.130 81.253.149.10
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ensuite
    Télécharge VirtumundoBeGone sur ton bureau .
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => double-clic sur VirtumundoBeGone.exe
    => Suis les instructions à l'écran
    => Quand le scan est terminé, enregistre le rapport.
    => Copie/Colle le ici

    ensuite
    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    @+
    0
  4. ninouche85
     
    Bonsoir,
    j'ai fais le scan avec Vundo mais il ne trouve rien. Est-ce normal??
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    poste le rapport
    même si il ne trouve rien tu doit avoir un rapport
    ensuite lance combofix
    0
  7. ninouche85
     
    Rapport de Vundofix

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 22:42:01 07/02/2008

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:26:09 11/02/2008

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 22:20:11 11/02/2008

    Listing files found while scanning....

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 22:22:12 11/02/2008

    Listing files found while scanning....

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 10:08:41 12/02/2008

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
  8. ninouche85
     
    Rapport VBG,

    [02/12/2008, 14:03:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\NiNoUcHe\Bureau\VirtumundoBeGone.exe" )
    [02/12/2008, 14:03:14] - Detected System Information:
    [02/12/2008, 14:03:14] - Windows Version: 5.1.2600, Service Pack 2
    [02/12/2008, 14:03:14] - Current Username: NiNoUcHe (Admin)
    [02/12/2008, 14:03:14] - Windows is in NORMAL mode.
    [02/12/2008, 14:03:14] - Searching for Browser Helper Objects:
    [02/12/2008, 14:03:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/12/2008, 14:03:14] - BHO 2: {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} (Adssite Search Assistant)
    [02/12/2008, 14:03:14] - BHO 3: {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (BrowserCmp)
    [02/12/2008, 14:03:14] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
    [02/12/2008, 14:03:14] - BHO 5: {733716E1-76D2-4003-AC39-845281C0EF85} (dcads)
    [02/12/2008, 14:03:14] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/12/2008, 14:03:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [02/12/2008, 14:03:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/12/2008, 14:03:14] - No filename found. Continuing.
    [02/12/2008, 14:03:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/12/2008, 14:03:14] - BHO 9: {DD624302-A5B6-4B15-8878-2AB00C98DF49} ()
    [02/12/2008, 14:03:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/12/2008, 14:03:14] - Checking for HKLM\...\Winlogon\Notify\dbnmpnt
    [02/12/2008, 14:03:14] - Key not found: HKLM\...\Winlogon\Notify\dbnmpnt, continuing.
    [02/12/2008, 14:03:14] - Finished Searching Browser Helper Objects
    [02/12/2008, 14:03:14] - Finishing up...
    [02/12/2008, 14:03:14] - Nothing found! Exiting...
    0
  9. ninouche85
     
    Rapport Combofix

    ComboFix 08-02-12.1 - NiNoUcHe 2008-02-12 14:11:49.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.146 [GMT 1:00]Endroit: C:\Documents and Settings\NiNoUcHe\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006
    C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\update.log
    C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
    C:\Documents and Settings\Michel\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
    C:\Documents and Settings\Michel\err.log
    C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\#SharedObjects\5D6TRC5H\iforex.com
    C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\#SharedObjects\5D6TRC5H\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\NiNa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\NiNa\err.log
    C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer
    C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\NiNa\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
    C:\Program Files\Fichiers communs\{2F9E4~1
    C:\Program Files\Fichiers communs\{2F9E4~2
    C:\Program Files\Fichiers communs\{3F9E4~1
    C:\Program Files\Fichiers communs\{3F9E4~1\Bar888.dll
    C:\Program Files\Fichiers communs\{3F9E4~1\UnInstall.exe
    C:\Program Files\Fichiers communs\uninstall information
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\blprlawfv.dat
    C:\WINDOWS\system32\blprlawfv_navps.dat
    C:\WINDOWS\system32\gupoqmsif.dat
    C:\WINDOWS\system32\gupoqmsif_nav.dat
    C:\WINDOWS\system32\gupoqmsif_navps.dat
    C:\WINDOWS\system32\khlqurvcec.dat
    C:\WINDOWS\system32\khlqurvcec_navps.dat
    C:\WINDOWS\system32\majylucr.dat
    C:\WINDOWS\system32\majylucr_nav.dat
    C:\WINDOWS\system32\majylucr_navps.dat
    C:\WINDOWS\system32\mkieud.dat
    C:\WINDOWS\system32\mkieud_nav.dat
    C:\WINDOWS\system32\mkieud_navps.dat
    C:\WINDOWS\system32\nsl96.dll
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\qmstrefak.dat
    C:\WINDOWS\system32\qmstrefak_nav.dat
    C:\WINDOWS\system32\qmstrefak_navps.dat
    C:\WINDOWS\system32\qmstrefak_navup.dat
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\system32\uiewfqjkm.dat
    C:\WINDOWS\system32\uiewfqjkm_nav.dat
    C:\WINDOWS\system32\uiewfqjkm_navps.dat
    C:\WINDOWS\system32\ybjngfxi.dat
    C:\WINDOWS\system32\ybjngfxi_nav.dat
    C:\WINDOWS\system32\ybjngfxi_navps.dat
    C:\WINDOWS\system32\ymihgnopz.dat
    C:\WINDOWS\system32\ymihgnopz_nav.dat
    C:\WINDOWS\system32\ymihgnopz_navps.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 21:26 . 2008-02-11 21:26 <REP> d-------- C:\VundoFix Backups
    2008-02-11 10:33 . 2008-02-11 10:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-09 18:30 . 2008-02-09 18:30 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Shared
    2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Incomplete
    2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\LimeWire
    2008-02-09 12:48 . 2008-02-09 12:50 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-02-09 12:48 . 2008-02-09 12:48 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-02-09 10:56 . 2008-02-09 10:56 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Grisoft
    2008-02-08 11:12 . 2008-02-09 12:17 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
    2008-02-07 21:50 . 2008-02-07 21:50 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-07 21:50 . 2008-02-07 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-07 21:49 . 2008-02-07 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-04 22:20 . 2008-02-04 22:20 <REP> d-------- C:\Documents and Settings\NiNa\Application Data\Okayticknoun
    2008-01-31 20:11 . 2008-01-31 20:11 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Okayticknoun
    2008-01-28 14:58 . 2008-01-28 14:58 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Okayticknoun
    2008-01-28 09:02 . 2008-01-28 09:02 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Okayticknoun
    2008-01-27 22:10 . 2008-01-27 22:10 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
    2008-01-27 11:59 . 2008-02-10 23:09 <REP> d-------- C:\Documents and Settings\Nomii 2\Application Data\BitDownload
    2008-01-27 11:56 . 2008-01-27 11:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
    2008-01-27 11:55 . 2008-01-27 11:55 <REP> d-------- C:\Program Files\Okayticknoun
    2008-01-27 11:55 . 2008-02-10 22:01 <REP> d-------- C:\Program Files\BitDownload
    2008-01-19 19:01 . 2008-02-12 09:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-19 19:01 . 2008-01-19 19:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iTunes
    2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iPod
    2008-01-19 18:56 . 2008-01-19 18:56 <REP> d-------- C:\Program Files\Bonjour
    2008-01-19 18:50 . 2008-01-19 18:50 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-19 18:47 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-01-18 11:06 . 2008-01-18 11:06 294,912 --a------ C:\WINDOWS\system32\iebrowserc.dll
    2008-01-15 22:39 . 2008-01-15 22:39 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Samsung
    2008-01-15 14:16 . 2008-02-10 14:12 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Apple Computer
    2008-01-13 18:32 . 2008-01-14 07:31 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\AdobeUM
    2008-01-13 12:11 . 2008-02-05 20:19 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-01-13 11:33 . 2008-01-13 11:33 <REP> d-------- C:\Program Files\Veoh Networks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 09:07 --------- d-----w C:\Program Files\eMule
    2008-02-09 11:17 --------- d-----w C:\Program Files\Spyware Doctor
    2008-02-04 21:21 --------- d-----w C:\Program Files\AdVantage
    2008-02-02 20:56 --------- d-----w C:\Documents and Settings\Marie\Application Data\Skype
    2008-02-02 16:07 --------- d-----w C:\Documents and Settings\Marie\Application Data\skypePM
    2008-01-27 18:35 --------- d-----w C:\Program Files\Zoom Player
    2008-01-27 14:27 24,736 ----a-w C:\Documents and Settings\Nomii 2\Application Data\GDIPFONTCACHEV1.DAT
    2008-01-27 10:56 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Okayticknoun
    2008-01-20 16:32 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Ableton
    2008-01-20 16:31 --------- d-----w C:\Program Files\Ableton
    2008-01-19 17:56 --------- d-----w C:\Program Files\QuickTime
    2008-01-14 10:05 --------- d-----w C:\Documents and Settings\NiNa\Application Data\OpenOffice.org2
    2008-01-13 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-11 15:53 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\vlc
    2008-01-10 19:20 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\MaxiMemo
    2008-01-07 21:24 --------- d-----w C:\Program Files\n-CASE.180
    2008-01-07 17:56 --------- d-----w C:\Documents and Settings\NiNa\Application Data\PC Tools
    2008-01-06 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-03 18:11 --------- d-----w C:\Program Files\FotoSketcher
    2007-12-24 12:04 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Apple Computer
    2007-12-20 21:18 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-20 21:18 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-20 10:24 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
    2007-12-19 20:40 --------- d-----w C:\Program Files\Extrafilm FotoFacil
    2007-12-19 20:39 5,632 --sha-w C:\Program Files\Thumbs.db
    2007-12-19 11:49 --------- d-----w C:\Documents and Settings\NiNa\Application Data\Skype
    2007-12-19 11:10 --------- d-----w C:\Documents and Settings\NiNa\Application Data\skypePM
    2007-12-18 20:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2007-12-18 20:49 --------- d-----w C:\Program Files\Java
    2007-12-18 09:40 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
    2007-12-17 09:38 --------- d-----w C:\Program Files\TimeAdjuster
    2007-12-16 21:57 --------- d-----w C:\Documents and Settings\Marie\Application Data\MaxiMemo
    2007-12-16 17:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-16 17:25 --------- d-----w C:\Program Files\Skype
    2007-12-16 17:25 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-16 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-12-16 12:57 --------- d-----w C:\Documents and Settings\Michel\Application Data\MaxiMemo
    2007-12-14 18:28 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\MaxiMemo
    2007-12-13 12:12 24,736 ----a-w C:\Documents and Settings\NiNa\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-13 09:53 --------- d-----w C:\Program Files\Windows Live
    2007-12-13 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2005-06-23 06:53 147 ----a-w C:\Program Files\INSTALL.LOG
    .
    [code]<pre>
    ----a-w 6,567,120 2005-11-03 18:18:51 C:\Documents and Settings\NiNoUcHe\Bureau\age of empires\AOE - Patch Officiel - Multilangues - V 1.01 - aoe3patch-10to101 - .exe
    </pre>[/code]

    [color=red]Files Infected - Win32.Agent.zb[/color]
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
    2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD624302-A5B6-4B15-8878-2AB00C98DF49}]
    2004-08-20 00:09 99840 --a------ C:\WINDOWS\system32\dbnmpnt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "stupid creative poll axis"="C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe" [2008-02-12 10:10 6372352]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 01:04 5562368]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-11-28 18:44:41 954475]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
    "{2F9E4904-0A27-1036-1212-030310020021}"= "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411

    R0 rfhmmdtb;rfhmmdtb;C:\WINDOWS\system32\drivers\lxczpjco.dat []
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-02-04 16:42]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-02-04 16:42]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
    S2 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe []
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S4 COMkFwd;COMkFwd;C:\WINDOWS\system32\drivers\nv4isagp.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-09 15:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-12 13:00:00 C:\WINDOWS\Tasks\B53D7D8395F6F09B.job"
    - c:\docume~1\nomii2~1\applic~1\okayti~1\That view draw.exe
    "2008-02-12 13:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-12 14:21:27
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-12 14:27:28
    ComboFix-quarantined-files.txt 2008-02-12 13:27:20
    .
    2008-01-09 11:00:49 --- E O F ---
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir je regarde ton rapport
    et je te donne réponse tout à l'heure
    vous êtes combien à utiliser le pc ?
    Michel;NiNa;ninouche;Nomii;marie...
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    regarde dans ajout/suppression de programmes si tu as ceci
    BitDownload ou BitGrabber si oui supprime et regarde situ as cid help
    si tu as aussi supprime

    selectionne ceci

    driver::

    lxczpjco.dat

    registry::

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerBrowser Helper Objects\{DD624302-A5B6-4B15-8878-2AB00C98DF49}]

    File::

    C:\WINDOWS\system32\drivers\lxczpjco.dat
    C:\WINDOWS\system32\iebrowserc.dll
    C:\Program Files\Okayticknoun
    C:\Program Files\BitDownload


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite

    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
    = Installer
    = Le lancer
    = Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    = Dans ANALYSE ( en forme de loupe )
    ==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important
    ==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport

    ensuite on va faire un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    plus un nouveau rapport hijack stp
    @+
    0
  12. ninouche85
     
    Nouveau rapport Combofix,

    ComboFix 08-02-12.1 - NiNoUcHe 2008-02-13 15:02:34.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.154 [GMT 1:00]Endroit: C:\Documents and Settings\NiNoUcHe\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\NiNoUcHe\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\Program Files\BitDownload
    C:\Program Files\Okayticknoun
    C:\WINDOWS\system32\drivers\lxczpjco.dat
    C:\WINDOWS\system32\iebrowserc.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\lxczpjco.dat . . . . Echec de suppression
    C:\WINDOWS\system32\iebrowserc.dll
    C:\WINDOWS\system32\drivers\lxczpjco.dat . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 21:26 . 2008-02-11 21:26 <REP> d-------- C:\VundoFix Backups
    2008-02-11 10:33 . 2008-02-11 10:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-09 18:30 . 2008-02-09 18:30 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Shared
    2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Incomplete
    2008-02-09 18:29 . 2008-02-09 18:33 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\LimeWire
    2008-02-09 12:48 . 2008-02-09 12:50 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-02-09 12:48 . 2008-02-09 12:48 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-02-09 10:56 . 2008-02-09 10:56 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Grisoft
    2008-02-08 11:12 . 2008-02-09 12:17 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
    2008-02-07 21:50 . 2008-02-07 21:50 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-07 21:50 . 2008-02-07 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-07 21:49 . 2008-02-07 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-04 22:20 . 2008-02-04 22:20 <REP> d-------- C:\Documents and Settings\NiNa\Application Data\Okayticknoun
    2008-01-31 20:11 . 2008-01-31 20:11 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Okayticknoun
    2008-01-28 14:58 . 2008-01-28 14:58 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Okayticknoun
    2008-01-28 09:02 . 2008-01-28 09:02 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Okayticknoun
    2008-01-27 22:10 . 2008-01-27 22:10 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
    2008-01-27 11:59 . 2008-02-10 23:09 <REP> d-------- C:\Documents and Settings\Nomii 2\Application Data\BitDownload
    2008-01-27 11:56 . 2008-01-27 11:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
    2008-01-27 11:55 . 2008-01-27 11:55 <REP> d-------- C:\Program Files\Okayticknoun
    2008-01-19 19:01 . 2008-02-13 15:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-19 19:01 . 2008-01-19 19:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iTunes
    2008-01-19 19:00 . 2008-01-19 19:00 <REP> d-------- C:\Program Files\iPod
    2008-01-19 18:56 . 2008-01-19 18:56 <REP> d-------- C:\Program Files\Bonjour
    2008-01-19 18:50 . 2008-01-19 18:50 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-19 18:47 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-01-15 22:39 . 2008-01-15 22:39 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Samsung
    2008-01-15 14:16 . 2008-02-10 14:12 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\Apple Computer
    2008-01-13 18:32 . 2008-01-14 07:31 <REP> d-------- C:\Documents and Settings\NiNoUcHe\Application Data\AdobeUM
    2008-01-13 12:11 . 2008-02-12 21:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-01-13 11:33 . 2008-01-13 11:33 <REP> d-------- C:\Program Files\Veoh Networks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 22:28 --------- d-----w C:\Program Files\eMule
    2008-02-12 22:02 --------- d-----w C:\Documents and Settings\Marie\Application Data\Skype
    2008-02-12 19:39 --------- d-----w C:\Documents and Settings\Marie\Application Data\skypePM
    2008-02-09 11:17 --------- d-----w C:\Program Files\Spyware Doctor
    2008-02-04 21:21 --------- d-----w C:\Program Files\AdVantage
    2008-01-27 18:35 --------- d-----w C:\Program Files\Zoom Player
    2008-01-27 14:27 24,736 ----a-w C:\Documents and Settings\Nomii 2\Application Data\GDIPFONTCACHEV1.DAT
    2008-01-27 10:56 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Okayticknoun
    2008-01-20 16:32 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Ableton
    2008-01-20 16:31 --------- d-----w C:\Program Files\Ableton
    2008-01-19 17:56 --------- d-----w C:\Program Files\QuickTime
    2008-01-14 10:05 --------- d-----w C:\Documents and Settings\NiNa\Application Data\OpenOffice.org2
    2008-01-13 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-11 15:53 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\vlc
    2008-01-10 19:20 --------- d-----w C:\Documents and Settings\NiNoUcHe\Application Data\MaxiMemo
    2008-01-07 21:24 --------- d-----w C:\Program Files\n-CASE.180
    2008-01-07 17:56 --------- d-----w C:\Documents and Settings\NiNa\Application Data\PC Tools
    2008-01-06 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-03 18:11 --------- d-----w C:\Program Files\FotoSketcher
    2007-12-24 12:04 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\Apple Computer
    2007-12-20 21:18 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-20 21:18 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-20 10:24 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
    2007-12-19 20:40 --------- d-----w C:\Program Files\Extrafilm FotoFacil
    2007-12-19 20:39 5,632 --sha-w C:\Program Files\Thumbs.db
    2007-12-19 11:49 --------- d-----w C:\Documents and Settings\NiNa\Application Data\Skype
    2007-12-19 11:10 --------- d-----w C:\Documents and Settings\NiNa\Application Data\skypePM
    2007-12-18 20:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2007-12-18 20:49 --------- d-----w C:\Program Files\Java
    2007-12-18 09:40 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
    2007-12-17 09:38 --------- d-----w C:\Program Files\TimeAdjuster
    2007-12-16 21:57 --------- d-----w C:\Documents and Settings\Marie\Application Data\MaxiMemo
    2007-12-16 17:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-16 17:25 --------- d-----w C:\Program Files\Skype
    2007-12-16 17:25 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-16 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-12-16 12:57 --------- d-----w C:\Documents and Settings\Michel\Application Data\MaxiMemo
    2007-12-14 18:28 --------- d-----w C:\Documents and Settings\Nomii 2\Application Data\MaxiMemo
    2007-12-13 12:12 24,736 ----a-w C:\Documents and Settings\NiNa\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-13 09:53 --------- d-----w C:\Program Files\Windows Live
    2007-12-13 09:51 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2005-06-23 06:53 147 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "stupid creative poll axis"="C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Idol road.exe" [2008-02-13 15:13 6420992]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 01:04 5562368]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
    "{2F9E4904-0A27-1036-1212-030310020021}"= "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411

    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-02-04 16:42]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-02-04 16:42]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
    S0 rfhmmdtb;rfhmmdtb;C:\WINDOWS\system32\drivers\lxczpjco.dat [2007-12-06 22:08]
    S2 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe []
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S4 COMkFwd;COMkFwd;C:\WINDOWS\system32\drivers\nv4isagp.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-09 15:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-13 14:00:00 C:\WINDOWS\Tasks\B53D7D8395F6F09B.job"
    - c:\docume~1\nomii2~1\applic~1\okayti~1\That view draw.exe
    "2008-02-13 14:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 15:10:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-13 15:17:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-13 14:17:20
    ComboFix2.txt 2008-02-12 13:27:29
    .
    2008-01-09 11:00:49 --- E O F ---
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir il faut le reste !
    @+
    0
  14. ninouche85
     
    Scan AVG,

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 19:42:22 13/02/2008

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{A9752544-0F4E-4966-B059-84C9C1A3635D}\RP863\A0570619.dll -> Not-A-Virus.Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{A9752544-0F4E-4966-B059-84C9C1A3635D}\RP863\A0570620.dll -> Not-A-Virus.Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
    :mozilla.53:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.55:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.56:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.57:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.58:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.201:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.202:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.227:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.292:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.435:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.265:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.266:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.236:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.237:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.239:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.240:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.241:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.242:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.264:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.26:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Nomii 2\Cookies\nomii_2@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.20:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.21:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.22:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.23:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.24:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Nomii 2\Cookies\nomii_2@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.387:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.50:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Nomii 2\Cookies\nomii_2@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.25:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.51:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.58:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.129:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.130:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.131:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.132:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.133:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.135:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.137:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.138:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.320:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.321:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.322:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.6:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.101:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.36:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.238:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.243:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.244:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.134:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.136:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.139:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.544:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé.
    :mozilla.341:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.434:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.485:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.489:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.636:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.413:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.414:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.312:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.450:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.115:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.39:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.40:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.56:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.57:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.245:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.246:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.247:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.248:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.249:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.250:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.256:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.61:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.62:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.63:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.64:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.65:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.66:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.67:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.391:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.392:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.411:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.412:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.682:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.26:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.27:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.28:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.29:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.417:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.32:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.33:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.41:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.42:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.43:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.44:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.45:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.142:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    :mozilla.75:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.76:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.77:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.78:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.79:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Nomii 2\Cookies\nomii_2@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.65:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.70:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.71:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.81:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.82:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.83:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.84:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.85:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.86:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.87:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.88:C:\Documents and Settings\Nomii 2\Application Data\Mozilla\Firefox\Profiles\9wwa92x4.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\NiNoUcHe\Cookies\ninouche@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\Nomii 2\Cookies\nomii_2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.72:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.73:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.74:C:\Documents and Settings\NiNoUcHe\Application Data\Mozilla\Firefox\Profiles\780nx3ex.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    C:\WINDOWS\system32\dbnmpnt.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    et le rapport de bitdefender et de hijack ;-))
    0
  16. ninouche85
     
    je n'arrive pas a lancer bitdefender!
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    fait un scan en mode sans échec avec ton antivirus
    @+
    0
  18. ninouche85
     
    Scan bitdefender,

    BitDefender Online Scanner

    Rapport d'analyse généré à: Thu, Feb 14, 2008 - 13:39:13

    Voie d'analyse: A:\;C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;

    Statistiques

    Temps

    01:28:37

    Fichiers

    451113

    Directoires

    12255

    Secteurs de boot

    4

    Archives

    5077

    Paquets programmes

    16498

    Résultats

    Virus identifiés

    3

    Fichiers infectés

    3

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    0

    Fichiers effacés

    3

    Info sur les moteurs

    Définition virus

    897155

    Version des moteurs

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins

    14

    Archive des plugins

    38

    Unpack des plugins

    7

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Désinfecté

    Seconde Action

    Supprimé

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013

    Infecté par: Trojan.Downloader.Small.BTF

    C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013

    Echec de la désinfection

    C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE=>wise0013

    Supprimé

    C:\Documents and Settings\Nomii 2\Bureau\Nouveau dossier\PATCHER.EXE

    Echec de la mise à jour

    C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005

    Infecté par: Trojan.Obfus.6.Gen

    C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005

    Echec de la désinfection

    C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005

    Supprimé

    C:\Documents and Settings\Nomii 2\Shared\BitDownload Setup.exe=>(NSIS o)

    Echec de la mise à jour

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Infecté par: Trojan.Mailskinner.G

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Supprimé

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Echec de la mise à jour
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite

    ensuite refais un nouveau hijack stp
    0
  20. ninouche85
     
    Scan Hijack,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:05:34, on 14/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\wave body.exe
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [One Joy] C:\DOCUME~1\NiNoUcHe\APPLIC~1\OKAYTI~1\deleteacid.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2F9E4904-0A27-1036-1212-030310020021}] "C:\Program Files\Fichiers communs\{2F9E4904-0A27-1036-1212-030310020021}\Update.exe" mc-110-12-0001411 (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://194.7.150.2/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1DB61-29C5-4134-8934-18ADAFEBBF7F}: NameServer = 81.253.149.1 80.10.246.3
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    0
  • 1
  • 2