Naviguer sur internet

zidane1968 Messages postés 61 Date d'inscription   Statut Membre -  
 ladouce -
Bonjour,lorsque je navigue sur internet exmlorer ou mozila un message de windows le contenu de ce message est le suivant:
your computer was infected by unknown trojan it s dangerus your system(criticl) files cende loste.click ok to download the antispywars program to clen your system(recomded).moi je clic sur annuler
Configuration: Windows XP
Internet Explorer 7.0

37 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut zizou,

    tu fais bien de clicker sur annuler.

    tu es infecté...

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  2. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:32:54, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Launch Manager\WLBTTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\QuickTime\QuickTimePlayer.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {861EA552-6309-490A-AC97-1F574E730CF1} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, RemoveCabinet
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Azureus Ultra Accelerator.lnk = C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe
    O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\cle d'activation microsoft office 2007 Web hottest videos personal player.exe
    O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A883CB03-D5CA-400C-A590-898996C58CA7}: NameServer = 208.67.222.222 193.55.10.102
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix au cas ou?

    @+
    0
  4. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    ComboFix 08-02-15.2 - BENMANSOUR 2008-02-15 14:33:41.1 - NTFSx86
    Microsoft Windows XP Edition familiale 5.1.2600.2.1256.213.1036.18.344 [GMT 1:00]
    Endroit: C:\Documents and Settings\BENMANSOUR\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\BENMANSOUR\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\Program Files\ShoppingReport

    ----- BITS: Possible sites infect‚s -----

    hxxp://au.downُj
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-15 11:25 . 2008-02-15 11:25 <REP> d-------- C:\Program Files\Azkary
    2008-02-15 11:24 . 2008-02-15 11:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-02-15 10:31 . 2008-02-15 10:31 0 --a------ C:\osy3.sys
    2008-02-15 10:26 . 2008-02-15 10:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
    2008-02-15 10:25 . 2008-02-15 10:25 <REP> d-------- C:\Program Files\Siber Systems
    2008-02-14 23:09 . 2008-02-14 23:14 <REP> d-------- C:\Program Files\BHODemon 2
    2008-02-14 23:03 . 2008-02-14 23:03 230,400 --a------ C:\WINDOWS\AcroIEHelper.dll
    2008-02-14 21:40 . 2008-02-14 21:40 <REP> d-------- C:\WINDOWS\speech
    2008-02-14 21:40 . 2008-02-14 21:40 <REP> d-------- C:\WINDOWS\lhsp
    2008-02-14 17:04 . 2008-02-14 17:11 <REP> d-------- C:\Rummy Royal
    2008-02-14 17:04 . 2008-02-14 17:04 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\GibbHill Properties Ltd
    2008-02-14 16:52 . 2008-02-14 21:50 <REP> d-------- C:\Program Files\Prayer
    2008-02-13 22:43 . 2008-02-13 22:43 50 --a------ C:\WINDOWS\cdplayer.ini
    2008-02-13 18:06 . 2008-02-13 18:06 <REP> d-------- C:\Program Files\SATVOD
    2008-02-13 18:06 . 2008-02-13 18:06 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\MoviesApp
    2008-02-13 16:50 . 2008-02-13 18:10 <REP> d-------- C:\Program Files\Online_TV
    2008-02-13 16:45 . 2008-02-14 16:48 <REP> d-------- C:\Program Files\Web Hottest Videos Personal Player
    2008-02-12 18:01 . 2008-02-12 18:01 <REP> d-------- C:\Program Files\Ontrack
    2008-02-11 22:22 . 2008-02-11 22:29 <REP> d-------- C:\Program Files\AlThkir
    2008-02-11 22:16 . 2008-02-11 22:16 <REP> d-------- C:\Program Files\NamesofAllah
    2008-02-11 22:16 . 2004-09-29 21:31 228,864 --a------ C:\WINDOWS\NamesofAllah.scr
    2008-02-11 17:55 . 2008-02-11 17:55 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\Ashampoo
    2008-02-10 21:32 . 2008-02-10 21:35 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\Ahead
    2008-02-10 21:24 . 2008-02-10 21:24 0 --a------ C:\WINDOWS\Irremote.ini
    2008-02-08 19:05 . 2008-02-08 19:05 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\vlc
    2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Real
    2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-02-08 17:19 . 2008-02-08 17:19 229,888 --a------ C:\WINDOWS\sysvol32.dll
    2008-02-08 17:19 . 2008-02-14 23:03 50 --a------ C:\tmp.bat
    2008-02-05 21:51 . 2008-02-05 21:51 <REP> d-------- C:\Program Files\Macrogaming
    2008-02-01 15:52 . 2008-02-01 15:52 <REP> d-------- C:\Program Files\KaonCDH
    2008-02-01 15:52 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
    2008-02-01 15:52 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
    2008-02-01 15:52 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
    2008-02-01 15:52 . 1996-06-13 22:24 53,760 --a------ C:\WINDOWS\system32\zlibtool.ocx
    2008-02-01 15:52 . 1998-03-26 01:12 53,248 --a------ C:\WINDOWS\system32\zlib.dll
    2008-02-01 15:52 . 2004-12-07 22:24 36,864 --a------ C:\WINDOWS\system32\compressZIt.ocx
    2008-01-31 22:42 . 2008-02-14 23:17 <REP> d-------- C:\Program Files\LimeWire Turbo
    2008-01-31 22:42 . 2008-02-06 14:01 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\LimeWireTurbo
    2008-01-30 16:51 . 2008-01-30 16:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-28 18:09 . 2008-01-28 18:09 <REP> d-------- C:\Program Files\Fichiers communs\COWON
    2008-01-28 18:07 . 2008-02-13 23:00 <REP> d-------- C:\Program Files\JetAudio
    2008-01-28 18:07 . 2008-01-28 18:07 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\COWON
    2008-01-25 22:45 . 2008-01-29 20:52 <REP> d-------- C:\Program Files\BitComet
    2008-01-25 22:45 . 2008-01-25 23:29 <REP> d-------- C:\Downloads
    2008-01-24 21:25 . 2008-01-24 21:25 334 --a------ C:\WINDOWS\ST6UNST.003
    2008-01-24 21:24 . 2008-01-24 21:24 334 --a------ C:\WINDOWS\ST6UNST.002
    2008-01-24 17:38 . 2008-02-13 22:26 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-01-24 17:34 . 2008-01-24 17:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-24 08:22 . 2008-01-24 08:23 <REP> d-------- C:\WINDOWS\system32\drivers\myrmbin
    2008-01-24 08:22 . 2008-01-24 08:23 <REP> d-------- C:\Program Files\MyVideoConverter
    2008-01-22 18:54 . 2008-01-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
    2008-01-17 17:31 . 2005-07-12 14:12 86,016 --a------ C:\WINDOWS\removeark.exe
    2008-01-17 17:31 . 2005-09-02 17:49 28,928 --a------ C:\WINDOWS\system32\drivers\usb2vcom.sys
    2008-01-15 23:13 . 2008-01-15 23:13 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-15 23:13 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-01-15 23:13 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-15 23:13 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-15 23:13 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-15 23:13 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-15 23:13 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-15 23:13 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-15 23:13 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-15 23:13 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-15 17:56 . 2008-01-15 17:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-15 17:53 . 2008-01-15 22:32 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\AVG7
    2008-01-15 17:53 . 2008-01-15 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-15 17:53 . 2008-01-15 17:53 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-01-15 17:53 . 2008-01-15 17:53 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-01-15 17:36 . 2008-01-15 17:36 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-15 13:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-15 13:20 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Skype
    2008-02-15 11:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
    2008-02-15 07:07 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\skypePM
    2008-02-14 21:26 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Azureus
    2008-02-14 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 20:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-02-10 20:26 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-02-10 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-31 22:19 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\LimeWire
    2008-01-30 15:51 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-28 16:50 --------- d-----w C:\Program Files\speed-bit
    2008-01-26 08:21 --------- d-----w C:\Program Files\Opera
    2008-01-24 21:30 --------- d-----w C:\Program Files\Monkey's Audio
    2008-01-15 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
    2008-01-13 20:07 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Apple Computer
    2008-01-13 20:04 --------- d-----w C:\Program Files\QuickTime
    2008-01-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-11 21:00 --------- d-----w C:\Program Files\Azureus Ultra Accelerator
    2008-01-11 20:55 --------- d-----w C:\Program Files\Conduit
    2008-01-11 20:55 --------- d-----w C:\Program Files\Best_Security_Tips
    2008-01-10 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-01-09 17:19 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Thinstall
    2008-01-09 13:35 --------- d-----w C:\Program Files\DAP
    2008-01-09 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-09 10:21 --------- d-----w C:\Program Files\Winamp
    2008-01-09 09:23 --------- d-----w C:\Program Files\CCleaner
    2008-01-09 09:17 --------- d-----w C:\Program Files\Trend Micro
    2008-01-08 17:15 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-07 17:27 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\NeroDigital™
    2008-01-07 17:05 --------- d-----w C:\Program Files\GeoVid
    2008-01-07 16:57 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\DivX
    2008-01-07 16:03 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Nero
    2008-01-07 16:01 --------- d-----w C:\Program Files\Nero
    2008-01-06 12:56 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-06 12:55 --------- d-----w C:\Program Files\MSBuild
    2008-01-06 12:55 --------- d-----w C:\Program Files\Microsoft.NET
    2008-01-06 12:42 --------- d-----w C:\Program Files\DivX
    2008-01-05 21:36 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-01-05 21:36 --------- d-----w C:\Program Files\Athan
    2008-01-05 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-05 21:13 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-05 21:13 --------- d-----w C:\Program Files\VideoLAN
    2008-01-05 21:04 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
    2008-01-05 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-05 20:52 --------- d-----w C:\Program Files\Yahoo!
    2008-01-05 20:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-05 20:36 --------- d-----w C:\Program Files\Skype
    2008-01-05 20:36 --------- d-----w C:\Program Files\Google
    2008-01-05 20:36 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-01-05 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-05 17:44 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
    2008-01-05 17:44 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
    2008-01-05 17:44 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
    2008-01-05 17:44 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
    2008-01-05 17:44 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
    2008-01-05 17:44 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
    2008-01-05 17:44 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
    2008-01-05 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-05 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-05 17:27 --------- d-----w C:\Program Files\Launch Manager
    2008-01-05 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
    2008-01-05 17:24 5,884 ----a-w C:\WINDOWS\system32\drivers\net_m32.PNF
    2008-01-05 17:24 20,376 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1
    2008-01-05 17:24 --------- d-----w C:\Program Files\Panda Security
    2008-01-05 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup
    2008-01-05 17:20 --------- d-----w C:\Program Files\ZTE ZXDSL 852
    2008-01-05 17:18 --------- d-----w C:\Program Files\Marvell
    2008-01-05 17:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-05 17:17 --------- d-----w C:\Program Files\Synaptics
    2008-01-05 17:17 --------- d-----w C:\Program Files\Realtek
    2008-01-05 17:16 --------- d-----w C:\Program Files\Intel
    2008-01-05 17:07 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-05 17:06 --------- d-----w C:\Program Files\Java
    2008-01-05 17:06 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-01-05 17:01 --------- d-----w C:\Program Files\Services en ligne
    2008-01-05 17:00 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
    2008-01-28 17:54 1502232 --a------ C:\Program Files\speed-bit\tbspe1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358A14C3-CB2F-4366-9A6C-1AEB63F0B036}]
    2008-02-14 23:03 230400 --a------ C:\WINDOWS\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    2007-12-19 15:53 1514520 --a------ C:\Program Files\Best_Security_Tips\tbBest.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}
    {DA30EFF8-CCC6-4162-A20D-67402A26A215}
    {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    {40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B}

    [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-01-28 17:54 1502232]
    "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBest.dll [2007-12-19 15:53 1514520]

    [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 03:39 68856]
    "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
    "ares"="C:\Program Files\Ares\Ares.exe" [ ]
    "eMuleAutoStart"="D:\eMule\emule.exe" [2007-05-13 15:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 17:03 65536]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-05-04 10:34 86016]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
    "SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 15:16 761946]
    "AdslTaskBar"="stmctrl.dll" [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23 20480]
    "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-10-27 13:06 90112]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-01-09 14:35 4376328]
    "Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 13:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-08 18:45 185784]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
    "Azkary"="C:\Program Files\Azkary\Azkary" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
    R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-09-13 15:04]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys []
    S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 17:49]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-14 19:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-15 14:36:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succٹs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Launch Manager\WLBTTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Azkary\Azkary.exe
    C:\Program Files\Prayer\Prayer.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-15 14:40:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-15 13:40:15
    .
    2008-02-13 12:03:07 --- E O F ---
    re
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut zidane,

    combofix a bien bossé ;-)

    peux tu me reposter un nouveau hijack this stp

    ps : c´est quoi comme programme : C:\Program Files\speed-bit?

    @+
    0
  7. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    speed-bit aucune idee
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:32:54, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Launch Manager\WLBTTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\QuickTime\QuickTimePlayer.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {861EA552-6309-490A-AC97-1F574E730CF1} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, RemoveCabinet
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Azureus Ultra Accelerator.lnk = C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe
    O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\cle d'activation microsoft office 2007 Web hottest videos personal player.exe
    O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A883CB03-D5CA-400C-A590-898996C58CA7}: NameServer = 208.67.222.222 193.55.10.102
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    0
  8. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    j'ai fait un autre hijack:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:39:21, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Launch Manager\WLBTTray.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Azkary\Azkary.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Azkary] C:\Program Files\Azkary\Azkary
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Azureus Ultra Accelerator.lnk = C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe
    O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\cle d'activation microsoft office 2007 Web hottest videos personal player.exe
    O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A883CB03-D5CA-400C-A590-898996C58CA7}: NameServer = 208.67.222.222 193.55.10.102
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    zidane,

    tu es de religion musulman ?

    utilises tu ce programe?

    Azkary.

    Copie le texte ci-dessous :

    Folder::
    C:\Program Files\Web Hottest Videos Personal Player
    C:\Program Files\Macrogaming
    C:\Program Files\Prayer

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
       
      OComboFix 08-02-15.2 - BENMANSOUR 2008-02-15 20:00:02.3 - NTFSx86
      Microsoft Windows XP Edition familiale 5.1.2600.2.1256.213.1036.18.570 [GMT 1:00]
      Endroit: C:\Documents and Settings\BENMANSOUR\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\BENMANSOUR\Bureau\CFScript.txt..txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color]
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-02-15 17:03 . 2008-02-15 17:18 <REP> d-------- C:\Program Files\WinAce
      2008-02-15 11:25 . 2008-02-15 11:25 <REP> d-------- C:\Program Files\Azkary
      2008-02-15 11:24 . 2008-02-15 11:24 <REP> d-------- C:\WINDOWS\Downloaded Installations
      2008-02-15 10:31 . 2008-02-15 10:31 0 --a------ C:\osy3.sys
      2008-02-15 10:26 . 2008-02-15 10:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
      2008-02-15 10:25 . 2008-02-15 10:25 <REP> d-------- C:\Program Files\Siber Systems
      2008-02-14 23:09 . 2008-02-14 23:14 <REP> d-------- C:\Program Files\BHODemon 2
      2008-02-14 23:03 . 2008-02-14 23:03 230,400 --a------ C:\WINDOWS\AcroIEHelper.dll
      2008-02-14 21:40 . 2008-02-14 21:40 <REP> d-------- C:\WINDOWS\speech
      2008-02-14 21:40 . 2008-02-14 21:40 <REP> d-------- C:\WINDOWS\lhsp
      2008-02-14 17:04 . 2008-02-14 17:11 <REP> d-------- C:\Rummy Royal
      2008-02-14 17:04 . 2008-02-14 17:04 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\GibbHill Properties Ltd
      2008-02-13 22:43 . 2008-02-13 22:43 50 --a------ C:\WINDOWS\cdplayer.ini
      2008-02-13 18:06 . 2008-02-13 18:06 <REP> d-------- C:\Program Files\SATVOD
      2008-02-13 18:06 . 2008-02-13 18:06 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\MoviesApp
      2008-02-13 16:50 . 2008-02-13 18:10 <REP> d-------- C:\Program Files\Online_TV
      2008-02-12 18:01 . 2008-02-12 18:01 <REP> d-------- C:\Program Files\Ontrack
      2008-02-11 22:22 . 2008-02-11 22:29 <REP> d-------- C:\Program Files\AlThkir
      2008-02-11 22:16 . 2008-02-11 22:16 <REP> d-------- C:\Program Files\NamesofAllah
      2008-02-11 22:16 . 2004-09-29 21:31 228,864 --a------ C:\WINDOWS\NamesofAllah.scr
      2008-02-11 17:55 . 2008-02-11 17:55 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\Ashampoo
      2008-02-10 21:32 . 2008-02-10 21:35 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\Ahead
      2008-02-10 21:24 . 2008-02-10 21:24 0 --a------ C:\WINDOWS\Irremote.ini
      2008-02-08 19:05 . 2008-02-08 19:05 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\vlc
      2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Real
      2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
      2008-02-08 18:45 . 2008-02-08 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Real
      2008-02-08 17:19 . 2008-02-08 17:19 229,888 --a------ C:\WINDOWS\sysvol32.dll
      2008-02-08 17:19 . 2008-02-14 23:03 50 --a------ C:\tmp.bat
      2008-02-01 15:52 . 2008-02-01 15:52 <REP> d-------- C:\Program Files\KaonCDH
      2008-02-01 15:52 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
      2008-02-01 15:52 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
      2008-02-01 15:52 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
      2008-02-01 15:52 . 1996-06-13 22:24 53,760 --a------ C:\WINDOWS\system32\zlibtool.ocx
      2008-02-01 15:52 . 1998-03-26 01:12 53,248 --a------ C:\WINDOWS\system32\zlib.dll
      2008-02-01 15:52 . 2004-12-07 22:24 36,864 --a------ C:\WINDOWS\system32\compressZIt.ocx
      2008-01-31 22:42 . 2008-02-14 23:17 <REP> d-------- C:\Program Files\LimeWire Turbo
      2008-01-31 22:42 . 2008-02-06 14:01 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\LimeWireTurbo
      2008-01-30 16:51 . 2008-01-30 16:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-01-28 18:09 . 2008-01-28 18:09 <REP> d-------- C:\Program Files\Fichiers communs\COWON
      2008-01-28 18:07 . 2008-02-13 23:00 <REP> d-------- C:\Program Files\JetAudio
      2008-01-28 18:07 . 2008-01-28 18:07 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\COWON
      2008-01-25 22:45 . 2008-01-29 20:52 <REP> d-------- C:\Program Files\BitComet
      2008-01-25 22:45 . 2008-01-25 23:29 <REP> d-------- C:\Downloads
      2008-01-24 21:25 . 2008-01-24 21:25 334 --a------ C:\WINDOWS\ST6UNST.003
      2008-01-24 21:24 . 2008-01-24 21:24 334 --a------ C:\WINDOWS\ST6UNST.002
      2008-01-24 17:38 . 2008-02-13 22:26 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
      2008-01-24 17:34 . 2008-01-24 17:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-01-24 08:22 . 2008-01-24 08:23 <REP> d-------- C:\WINDOWS\system32\drivers\myrmbin
      2008-01-24 08:22 . 2008-01-24 08:23 <REP> d-------- C:\Program Files\MyVideoConverter
      2008-01-22 18:54 . 2008-01-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
      2008-01-17 17:31 . 2005-07-12 14:12 86,016 --a------ C:\WINDOWS\removeark.exe
      2008-01-17 17:31 . 2005-09-02 17:49 28,928 --a------ C:\WINDOWS\system32\drivers\usb2vcom.sys
      2008-01-15 23:13 . 2008-01-15 23:13 <REP> d-------- C:\Program Files\Alwil Software
      2008-01-15 23:13 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
      2008-01-15 23:13 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-01-15 23:13 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
      2008-01-15 23:13 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-01-15 23:13 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-01-15 23:13 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-01-15 23:13 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-01-15 23:13 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-01-15 23:13 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-01-15 17:56 . 2008-01-15 17:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-01-15 17:53 . 2008-01-15 22:32 <REP> d-------- C:\Documents and Settings\BENMANSOUR\Application Data\AVG7
      2008-01-15 17:53 . 2008-01-15 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
      2008-01-15 17:53 . 2008-01-15 17:53 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
      2008-01-15 17:53 . 2008-01-15 17:53 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
      2008-01-15 17:36 . 2008-01-15 17:36 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-15 18:59 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Skype
      2008-02-15 17:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
      2008-02-15 17:06 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\skypePM
      2008-02-15 17:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-02-14 21:26 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Azureus
      2008-02-14 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-10 20:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead
      2008-02-10 20:26 --------- d-----w C:\Program Files\Fichiers communs\Nero
      2008-02-10 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-01-31 22:19 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\LimeWire
      2008-01-30 15:51 --------- d-----w C:\Program Files\Apple Software Update
      2008-01-28 16:50 --------- d-----w C:\Program Files\speed-bit
      2008-01-26 08:21 --------- d-----w C:\Program Files\Opera
      2008-01-24 21:30 --------- d-----w C:\Program Files\Monkey's Audio
      2008-01-15 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
      2008-01-13 20:07 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Apple Computer
      2008-01-13 20:04 --------- d-----w C:\Program Files\QuickTime
      2008-01-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-01-11 21:00 --------- d-----w C:\Program Files\Azureus Ultra Accelerator
      2008-01-11 20:55 --------- d-----w C:\Program Files\Conduit
      2008-01-11 20:55 --------- d-----w C:\Program Files\Best_Security_Tips
      2008-01-10 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
      2008-01-09 17:19 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Thinstall
      2008-01-09 13:35 --------- d-----w C:\Program Files\DAP
      2008-01-09 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-01-09 10:21 --------- d-----w C:\Program Files\Winamp
      2008-01-09 09:23 --------- d-----w C:\Program Files\CCleaner
      2008-01-09 09:17 --------- d-----w C:\Program Files\Trend Micro
      2008-01-08 17:15 --------- d-----w C:\Program Files\MSXML 4.0
      2008-01-07 17:27 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\NeroDigital™
      2008-01-07 17:05 --------- d-----w C:\Program Files\GeoVid
      2008-01-07 16:57 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\DivX
      2008-01-07 16:03 --------- d-----w C:\Documents and Settings\BENMANSOUR\Application Data\Nero
      2008-01-07 16:01 --------- d-----w C:\Program Files\Nero
      2008-01-06 12:56 --------- d-----w C:\Program Files\Microsoft Works
      2008-01-06 12:55 --------- d-----w C:\Program Files\MSBuild
      2008-01-06 12:55 --------- d-----w C:\Program Files\Microsoft.NET
      2008-01-06 12:42 --------- d-----w C:\Program Files\DivX
      2008-01-05 21:36 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2008-01-05 21:36 --------- d-----w C:\Program Files\Athan
      2008-01-05 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-01-05 21:18 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
      2008-01-05 21:13 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-01-05 21:13 --------- d-----w C:\Program Files\VideoLAN
      2008-01-05 21:04 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
      2008-01-05 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
      2008-01-05 20:52 --------- d-----w C:\Program Files\Yahoo!
      2008-01-05 20:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2008-01-05 20:36 --------- d-----w C:\Program Files\Skype
      2008-01-05 20:36 --------- d-----w C:\Program Files\Google
      2008-01-05 20:36 --------- d-----w C:\Program Files\Fichiers communs\Skype
      2008-01-05 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
      2008-01-05 17:44 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
      2008-01-05 17:44 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
      2008-01-05 17:44 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
      2008-01-05 17:44 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
      2008-01-05 17:44 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
      2008-01-05 17:44 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
      2008-01-05 17:44 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
      2008-01-05 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
      2008-01-05 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
      2008-01-05 17:27 --------- d-----w C:\Program Files\Launch Manager
      2008-01-05 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
      2008-01-05 17:24 5,884 ----a-w C:\WINDOWS\system32\drivers\net_m32.PNF
      2008-01-05 17:24 20,376 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1
      2008-01-05 17:24 --------- d-----w C:\Program Files\Panda Security
      2008-01-05 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup
      2008-01-05 17:20 --------- d-----w C:\Program Files\ZTE ZXDSL 852
      2008-01-05 17:18 --------- d-----w C:\Program Files\Marvell
      2008-01-05 17:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-01-05 17:17 --------- d-----w C:\Program Files\Synaptics
      2008-01-05 17:17 --------- d-----w C:\Program Files\Realtek
      2008-01-05 17:16 --------- d-----w C:\Program Files\Intel
      2008-01-05 17:07 --------- d-----w C:\Program Files\microsoft frontpage
      2008-01-05 17:06 --------- d-----w C:\Program Files\Java
      2008-01-05 17:06 --------- d-----w C:\Program Files\Fichiers communs\Java
      2008-01-05 17:01 --------- d-----w C:\Program Files\Services en ligne
      2008-01-05 17:00 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
      2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
      2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
      2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
      2008-01-28 17:54 1502232 --a------ C:\Program Files\speed-bit\tbspe1.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358A14C3-CB2F-4366-9A6C-1AEB63F0B036}]
      2008-02-14 23:03 230400 --a------ C:\WINDOWS\AcroIEHelper.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
      2007-12-19 15:53 1514520 --a------ C:\Program Files\Best_Security_Tips\tbBest.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      {EF99BD32-C1FB-11D2-892F-0090271D4F88}
      {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}
      {DA30EFF8-CCC6-4162-A20D-67402A26A215}
      {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
      {40D1C3A7-4FFB-4443-B3A0-A64B2DF7FC3B}

      [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

      [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-01-28 17:54 1502232]
      "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBest.dll [2007-12-19 15:53 1514520]

      [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

      [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 03:39 68856]
      "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
      "ares"="C:\Program Files\Ares\Ares.exe" [ ]
      "eMuleAutoStart"="D:\eMule\emule.exe" [2007-05-13 15:57 5308416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
      "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
      "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 17:03 65536]
      "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-05-04 10:34 86016]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
      "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
      "SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 15:16 761946]
      "AdslTaskBar"="stmctrl.dll" [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]
      "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
      "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23 20480]
      "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-10-27 13:06 90112]
      "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
      "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-01-09 14:35 4376328]
      "Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
      "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 13:00 59392]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-08 18:45 185784]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
      "Azkary"="C:\Program Files\Azkary\Azkary" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

      R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
      R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
      R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-09-13 15:04]
      S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
      S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys []
      S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 17:49]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-02-14 19:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-15 20:00:37
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-02-15 20:01:29
      ComboFix-quarantined-files.txt 2008-02-15 19:01:15
      ComboFix2.txt 2008-02-15 18:51:53
      ComboFix3.txt 2008-02-15 13:40:20
      .
      2008-02-13 12:03:07 --- E O F ---
      OUI JE SUIT DE RELIGION MUSULMANE ET VOUS?
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:05:06, on 15/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\Launch Manager\LaunchAp.exe
      C:\Program Files\Launch Manager\HotkeyApp.exe
      C:\Program Files\Launch Manager\Wbutton.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\sm56hlpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\CameraFixer.exe
      C:\WINDOWS\tsnpstd3.exe
      C:\WINDOWS\vsnpstd3.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\DAP\DAP.EXE
      C:\Program Files\Athan\Athan.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Launch Manager\WLBTTray.exe
      C:\Program Files\Azkary\Azkary.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
      R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
      R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
      O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
      O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
      O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
      O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
      O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
      O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
      O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
      O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
      O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
      O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
      O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Azkary] C:\Program Files\Azkary\Azkary
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Azureus Ultra Accelerator.lnk = C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe
      O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\cle d'activation microsoft office 2007 Web hottest videos personal player.exe
      O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
      O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
      O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A883CB03-D5CA-400C-A590-898996C58CA7}: NameServer = 208.67.222.222 193.55.10.102
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    si tu repondais a mes questions ca serait pas mal, non?

    tu es de religion musulman ?

    utilises tu ce programe?

    Azkary.

    A l´aide de hijack this coche et fix les lignes ci dessous :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\cle d'activation microsoft office 2007 Web hottest videos personal player.exe
    04 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    instales un par feu >:

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    apres avoir fais tous ceci post un nouveau hijack this et post le dans ta response.

    @+
    0
  11. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    OUI JE SUIT MUSULMANT ET J'UTILISE CE LOGICIEL MAIS LE PROBLEME EST ARRIVER AVANT L'INSTALATION DE CE PROGRAMA AZKARE
    JE NE COMPREND RIEN A CETTE DERNIERE REPONSE
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    sala malekum ;-)

    Tout est expliqué clairement non?

    @+
    0
  13. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    salame alikoum ca veut dire que la paix soit avec vous
    ce quit conserne mon probleme le java s'instale mais l'autre je ne sait pas comment l'instaler c en anglais
    0
  14. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    je peut te poster le rapport avant l'instalation de java
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui ;-)
    0
  16. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:07:47, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Launch Manager\WLBTTray.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Azkary\Azkary.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\BENMANSOUR\Local Settings\Temp\fatawaa_lajna_wa_imameen_01.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Azkary] C:\Program Files\Azkary\Azkary
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Azureus Ultra Accelerator.lnk = C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A883CB03-D5CA-400C-A590-898996C58CA7}: NameServer = 208.67.222.222 193.55.10.102
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    instales bien un par feu comme je te l´ai dis.

    pour java regarde bien le lien tout y est bien expliqué.

    as tu des publicité quand tu surf sur le net?

    ca te dis quelque chose ceci : fatawaa_lajna_wa_imameen_01.exe ?

    -> C:\Documents and Settings\BENMANSOUR\Local Settings\Temp\fatawaa_lajna_wa_imameen_01.exe

    Ccleaner:

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

    -> L´installer.

    -> Une fois installé et lancé :

    Dans la colonne de gauche, click sur :

    ->"erreurs" :

    Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

    ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

    ->"nettoyeur"

    quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

    -> Tutoriel en image :

    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    -> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

    @+
    0
  18. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    fatawaa_lajna_wa_imameen_01.exe C UN PROGRAME D'SLAME QUE JE LIS
    J'AI TOUT FAIT .JE POSTE UN NV RAPPORT
    0
  19. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    LE PARFEU NE VEUT PAS S'INSTALER QUE DOIT JE FAIRE
    0
  20. zidane1968 Messages postés 61 Date d'inscription   Statut Membre
     
    LA BARE DE TACHE YAHOO EST DEJA INSTALER
    0
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    quel par feu as tu essayé ?

    pas trop grave pour la barre yahoo,

    post un nouveau rapport oui

    @+
    0
  • 1
  • 2