Probleme d ouverture de page intempestif

Adèss -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,depuis deux jours j ai un gros souci d ouveture de page sous internet intempestif du au 2 icone qui se trouve dans ma barre de taches
J ai fait des tas des scan avec mcafee , avast et avg mais ce probleme persiste toujours
Merci de me donner une petite solution
j attends vos reponse avec impatience merci d avance
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Ok

De rien ;-)

on va le supprimer aussi (Boonty)...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message, ainsi qu´un nouveau hijack this.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
1
Réponse 2 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut adèss,

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 3 / 28
Adèss
 
au faite se souci et du au virus du cheval de troie qui sont apparue 30 min avant pour info
0
Adèss
 
oki merci le voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:41, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\NetProject\scm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eMule\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1203794646.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0a1d8274c980439694b884b2daa4c908
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0a1d8274c980439694b884b2daa4c908
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 4 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Oui je m´en doute...
Post donc le rapport hijack this, on va voir ca de plus pres...
@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Ok,

probleme cerné ;-)

desinstales avast > tu as deux antivirus, ca ne sert a rien !

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

puis

dis moi ce que tu pensses de ca :

A propos de Boonty games

Utilises tu des jeux de boonty games depuis longtemps ?

Voici une petite information sur Boonty games

Leur politique :

"Il se peut que nous partageons aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux vidéos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux vidéos, activités et entraînement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."

Si tu es d'accord avec eux, pas de problèmes sinon on le supprimera aussi

renseigne moi sur boonty, ensuite on attaquera la desinfection des infections ( ps c´est juste pour savoir si tu veux ou non garder boonty )...

@+
0
Réponse 6 / 28
Adèss
 
oki avast ces bon il est desinstaller mais au sujet de boonty games je connait pas du tout le seul jeux que je joue ces World of Warcraft mais je ne sais pas si ces en rapport avec si non je ne le connait pas
au faite merrci pour ton aide...
0
Réponse 7 / 28
Adèss
 
bon voila le resume du scan j espere que ces sa mais il ne ma pas demander de le redemarer

ComboFix 08-02-25.3 - Dylan 2008-02-26 14:13:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.494 [GMT 1:00]
Endroit: C:\Documents and Settings\Dylan\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 13:28 . 2008-02-26 14:04 <REP> d-------- C:\Program Files\Spyware Terminator
2008-02-26 13:19 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\Trend Micro
2008-02-25 10:20 . 2008-02-25 10:20 <REP> d----c--- C:\Documents and Settings\Dylan\Application Data\Grisoft
2008-02-25 10:20 . 2008-02-25 10:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 16:00 . 2008-02-25 10:20 <REP> d-------- C:\Program Files\iPod
2008-02-24 10:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-23 23:06 . 2008-02-24 11:18 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-23 22:54 . 2008-02-23 22:54 <REP> d----c--- C:\Documents and Settings\LocalService\Menu Démarrer
2008-02-23 21:11 . 2008-02-23 21:11 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-23 21:10 . 2008-02-23 21:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-23 20:23 . 2008-02-23 23:55 <REP> d-------- C:\Program Files\NetProject
2008-02-22 12:44 . 2008-02-25 10:20 <REP> d-------- C:\Program Files\free-downloads.net

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:21 --------- d-----w C:\Program Files\McAfee
2008-02-22 11:41 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-14 15:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-28 15:47 --------- d-----w C:\Program Files\World of Warcraft
2008-01-25 15:30 --------- dc----w C:\Documents and Settings\Dylan\Application Data\Apple Computer
2008-01-16 20:21 --------- d-----w C:\Program Files\iTunes
2008-01-04 11:24 1,130 -c--a-w C:\Documents and Settings\Dylan\Application Data\wklnhst.dat
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-01 16:54 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

------- Sigcheck -------

86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
----a-w 506,368 2007-04-23 12:11:43 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}]
C:\Program Files\Helper\1203794646.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-29 15:25 7626752]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-01 17:54:54 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-05 20:54:06 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-30 21:31]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{590a0912-f80c-11db-ad5d-0018f3867b28}]
\Shell\Auto\command - F:\RavMonE.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c37311a2-f411-11db-ad4e-0018f3867b28}]
\Shell\Auto\command - F:\RavMonE.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

*Newly Created Service* - FILEOBJINFO
*Newly Created Service* - SP_RSSRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 13:56:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-14 23:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-31 23:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-26 10:19:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-26 13:16:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 14:15:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-26 14:16:21
ComboFix-quarantined-files.txt 2008-02-26 13:16:07
.
2008-02-13 16:09:19 --- E O F ---
0
Réponse 8 / 28
Adèss
 
et voila le scan d hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:24, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eMule\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1203794646.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0a1d8274c980439694b884b2daa4c908
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0a1d8274c980439694b884b2daa4c908
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
0
Réponse 9 / 28
Adèss
 
donc je ne sais pas si ses regler mais en tout cas les 2 icone bizarre qui etait dans ma barre de taches on disparu est pour
l instant aucune page ne sais ouverte

en esperant que sais belle est bien fini
0
Réponse 10 / 28
Adèss
 
arfff une page viens de s ouvrir un l instant mais les icone ne sont pas reaparu donc il y a encore un souci
???
0
Réponse 11 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Re,

ce n´est pas encore fini...

Copie le texte ci-dessous :

File::
C:\WINDOWS\Tasks\Symantec NetDetect.job

Folder::
C:\Program Files\Helper
C:\Program Files\free-downloads.net
C:\Program Files\SiteAdvisor
C:\Program Files\NetProject
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Symantec

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
"SiteAdvisor"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=-

Driver::
Boonty Games
Service SiteAdvisor
SiteAdvisor Service
BOONTY

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 12 / 28
Adèss
 
oui je parle trop vite un des 2 icone viens de revenir je vais faire se que tu me demande de suite
0
Réponse 13 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Ok
@+
0
Réponse 14 / 28
Adèss
 
ok ces fait je pense que ses cette analyse la


ComboFix 08-02-25.3 - Dylan 2008-02-26 14:49:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.496 [GMT 1:00]
Endroit: C:\Documents and Settings\Dylan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dylan\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\Tasks\Symantec NetDetect.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\free-downloads.net
C:\Program Files\free-downloads.net\INSTALL.LOG
C:\Program Files\free-downloads.net\toolbar.cfg
C:\Program Files\free-downloads.net\UNWISE.EXE
C:\Program Files\NetProject
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\SiteAdvisor
C:\Program Files\SiteAdvisor\6253\APengine.dll
C:\Program Files\SiteAdvisor\6253\CntScan.dll
C:\Program Files\SiteAdvisor\6253\content.dat
C:\Program Files\SiteAdvisor\6253\default.txt
C:\Program Files\SiteAdvisor\6253\elist.dat
C:\Program Files\SiteAdvisor\6253\FF\chrome.manifest
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\aboutdlg.xhtml
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\aboutdlg.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\badpassword.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\default.txt
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\disclosure.xhtml
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\disclosure.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\framework.js
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\g.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gl.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gllc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\glrc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gr.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\green.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\greenbubble.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\greendownarrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\greenuparrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gul.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gulc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\gurc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\inv.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\logo.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\logoicon.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\main.js
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\mcgreen.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\mcred.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\mcwhite.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\mcyellow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\mismatchpassword.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\oem.txt
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\password.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\ppnotification.xhtml
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\ppnotification.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\protection.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\r.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\red.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\redbubble.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\reddownarrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\reduparrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rl.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rllc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rlrc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rr.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rul.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rulc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\rurc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-facet-green.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-facet-red.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-facet-white.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-facet-yellow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-green.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-red.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe-yellow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\safe.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\setpassword.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\settings.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\siteadvisor.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\uninst.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\untested.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\w.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\whitebubble.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\whitedownarrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\whitelist.xul
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\whiteuparrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\xdown.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\xup.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\y.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yellow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yellowbubble.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yellowdownarrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yellowuparrow.gif
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yl.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yllc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\ylrc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yr.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yul.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yulc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\content\yurc.png
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\cs-CZ\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\cs-CZ\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\cs-CZ\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\cs-CZ\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\da-DK\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\da-DK\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\da-DK\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\da-DK\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\de-DE\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\de-DE\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\de-DE\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\de-DE\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-AU\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-AU\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-AU\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-AU\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-CA\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-CA\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-CA\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-CA\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-GB\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-GB\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-GB\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-GB\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-IE\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-IE\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-IE\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-IE\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-US\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-US\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-US\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\en-US\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-AR\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-AR\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-AR\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-AR\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-CL\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-CL\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-CL\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-CL\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-ES\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-ES\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-ES\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-ES\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-MX\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-MX\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-MX\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-MX\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-PE\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-PE\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-PE\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\es-PE\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fi-FI\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fi-FI\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fi-FI\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fi-FI\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-CA\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-CA\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-CA\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-CA\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-FR\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-FR\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-FR\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\fr-FR\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\it-IT\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\it-IT\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\it-IT\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\it-IT\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ja-JP\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ja-JP\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ja-JP\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ja-JP\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ko-KR\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ko-KR\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ko-KR\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\ko-KR\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nb-NO\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nb-NO\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nb-NO\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nb-NO\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nl-NL\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nl-NL\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nl-NL\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\nl-NL\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\no-NO\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\no-NO\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\no-NO\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\no-NO\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pl-PL\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pl-PL\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pl-PL\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pl-PL\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-BR\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-BR\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-BR\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-BR\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-PT\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-PT\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-PT\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\pt-PT\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\sv-SE\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\sv-SE\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\sv-SE\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\sv-SE\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\tr-TR\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\tr-TR\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\tr-TR\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\tr-TR\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-CN\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-CN\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-CN\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-CN\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-TW\safe\contents.rdf
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-TW\safe\safe.css
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-TW\safe\safe.dtd
C:\Program Files\SiteAdvisor\6253\FF\chrome\locale\zh-TW\safe\safe.properties
C:\Program Files\SiteAdvisor\6253\FF\components\FFHook.dll
C:\Program Files\SiteAdvisor\6253\FF\components\IFFHook.xpt
C:\Program Files\SiteAdvisor\6253\FF\defaults\preferences\safe.js
C:\Program Files\SiteAdvisor\6253\FF\install.rdf
C:\Program Files\SiteAdvisor\6253\Manifest.txt
C:\Program Files\SiteAdvisor\6253\McFrmWk.dll
C:\Program Files\SiteAdvisor\6253\mcltvers.ini
C:\Program Files\SiteAdvisor\6253\McProHlp.dll
C:\Program Files\SiteAdvisor\6253\mcscindx.dat
C:\Program Files\SiteAdvisor\6253\mcscindx.xml
C:\Program Files\SiteAdvisor\6253\msadreg.ini
C:\Program Files\SiteAdvisor\6253\saHook.dll
C:\Program Files\SiteAdvisor\6253\saLang.dll
C:\Program Files\SiteAdvisor\6253\saPlugin.dll
C:\Program Files\SiteAdvisor\6253\SAReg.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\SiteAdvisor\6253\saSets.ini
C:\Program Files\SiteAdvisor\6253\SASubMgr.dll
C:\Program Files\SiteAdvisor\6253\SASync.exe
C:\Program Files\SiteAdvisor\6253\Scripts\safesearch.js
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\g.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gl.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gllc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\glrc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gr.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\green.bmp
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\green.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\greenbubble.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\greendownarrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\greenuparrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gul.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gulc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\gurc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\inv.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\main.js
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\mcgreen.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\mcred.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\mcwhite.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\mcyellow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\protection.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\r.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\red.bmp
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\red.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\redbubble.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\reddownarrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\reduparrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rl.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rllc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rlrc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rr.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rul.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rulc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\rurc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe-facet-green.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe-facet-red.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe-facet-white.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe-facet-yellow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_cs-CZ.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_da-DK.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_de-DE.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_en-AU.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_en-CA.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_en-GB.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_en-IE.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_en-US.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_es-AR.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_es-CL.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_es-ES.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_es-MX.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_es-PE.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_fi-FI.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_fr-CA.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_fr-FR.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_it-IT.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_ja-JP.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_ko-KR.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_nb-NO.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_nl-NL.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_no-NO.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_pl-PL.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_pt-BR.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_pt-PT.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_sv-SE.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_tr-TR.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_zh-CN.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\safe_zh-TW.css
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\siteadvisor.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\untested.bmp
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\untested.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\w.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\whitebubble.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\whitedownarrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\whiteuparrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\xdown.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\xup.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\y.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yellow.bmp
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yellow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yellowbubble.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yellowdownarrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yellowuparrow.gif
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yl.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yllc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\ylrc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yr.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yul.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yulc.png
C:\Program Files\SiteAdvisor\6253\Scripts\SafeSearch\yurc.png
C:\Program Files\SiteAdvisor\6253\Servers.dat
C:\Program Files\SiteAdvisor\6253\SiteAd64.dll
C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SiteAdvisor\6253\Uninstall.exe
C:\Program Files\SiteAdvisor\6253\Upsell.dll
C:\Program Files\SiteAdvisor\Install.log
C:\Program Files\SiteAdvisor\Oem.txt
C:\Program Files\Symantec
C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
C:\Program Files\Symantec\LiveUpdate\LuAll.cnt
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.HLP
C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL
C:\Program Files\Symantec\LiveUpdate\ludirloc.dat
C:\Program Files\Symantec\LiveUpdate\LUINFO.INF
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUInit.ini
C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
C:\Program Files\Symantec\LiveUpdate\LuResult.txt
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL
C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL
C:\Program Files\Symantec\LiveUpdate\ProductRegComPS.DLL
C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\WINDOWS\Tasks\Symantec NetDetect.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BOONTY_GAMES
-------\LEGACY_SITEADVISOR_SERVICE
-------\Boonty Games
-------\SiteAdvisor Service


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 13:19 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\Trend Micro
2008-02-25 10:20 . 2008-02-25 10:20 <REP> d----c--- C:\Documents and Settings\Dylan\Application Data\Grisoft
2008-02-25 10:20 . 2008-02-25 10:20 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 16:00 . 2008-02-25 10:20 <REP> d-------- C:\Program Files\iPod
2008-02-24 10:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-23 23:06 . 2008-02-24 11:18 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-23 22:54 . 2008-02-23 22:54 <REP> d----c--- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-02-23 21:11 . 2008-02-23 21:11 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-23 21:10 . 2008-02-23 21:21 121 --a------ C:\WINDOWS\bdagent.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:21 --------- d-----w C:\Program Files\McAfee
2008-02-22 11:41 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-14 15:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-28 15:47 --------- d-----w C:\Program Files\World of Warcraft
2008-01-25 15:30 --------- dc----w C:\Documents and Settings\Dylan\Application Data\Apple Computer
2008-01-16 20:21 --------- d-----w C:\Program Files\iTunes
2008-01-04 11:24 1,130 -c--a-w C:\Documents and Settings\Dylan\Application Data\wklnhst.dat
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-01 16:54 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

------- Sigcheck -------

86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
----a-w 506,368 2007-04-23 12:11:43 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-29 15:25 7626752]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-20 13:56:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-14 23:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-31 23:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-02-26 13:16:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
0
Réponse 15 / 28
Adèss
 
Et voila Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04, on 2008-02-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eMule\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0a1d8274c980439694b884b2daa4c908
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0a1d8274c980439694b884b2daa4c908
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 16 / 28
Adèss
 
tu nes plut la
0
Réponse 17 / 28
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Re,

J´ai du m´absenter un moment...

A l´aide de hijack this coche et fix les lignes suivantes :

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\eMule\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis

meme si tu surf avec firefox il faut mettre internet explorer a jour :

internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

puis

As tu ce programme?

eoRezo

Puis fais ceci :

Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

@+
0
Réponse 18 / 28
Adèss
 
re l ami je n est pas EOREZO mais je vais te faire le rapport desuite
0
Réponse 19 / 28
Adèss
 
ok j ai fait tout se que tu ma dit de faire et voila le rapport


# Rapport Lopxp fait le 2008-02-26 à 19:34:41
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.08 - Maj du 15/02/2008


========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2008-02-14 à 15:42:56 - Adobe
2007-08-15 à 13:33:20 - Ahead
2007-07-01 à 10:05:00 - Apple
2007-06-24 à 15:06:34 - Apple Computer
2007-06-30 à 20:31:12 - BOONTY
2007-06-02 à 20:51:08 - Brother
2007-04-23 à 12:40:14 - CyberLink
2007-09-24 à 10:30:45 - DVD Shrink
2007-05-16 à 11:49:47 - Google
2008-02-25 à 09:20:58 - Grisoft
2007-06-02 à 20:57:30 - InstallShield
2007-06-24 à 12:19:39 - Kodak
2007-12-01 à 16:52:09 - LogiShrd
2007-12-01 à 16:52:05 - Logitech
2007-06-30 à 20:36:20 - Macrovision
2007-05-14 à 14:07:45 - McAfee
2007-06-10 à 07:46:50 - Microsoft
2007-04-23 à 14:19:49 - nView_Profiles
2007-04-23 à 12:25:18 - Real
2007-06-02 à 20:57:23 - ScanSoft
2007-08-29 à 22:01:51 - SiteAdvisor
2007-05-14 à 13:53:08 - Symantec
2007-04-23 à 14:19:02 - Windows Genuine Advantage
2007-05-17 à 18:17:49 - Windows Live Toolbar
2007-05-27 à 16:09:12 - Yahoo!
2007-05-27 à 16:13:42 - Yahoo! Companion

+- C:\Documents and Settings\Dylan\Application Data

2007-05-08 à 20:08:17 - Adobe
2007-08-17 à 11:34:57 - Ahead
2008-01-25 à 15:30:09 - Apple Computer
2007-06-02 à 21:16:56 - Brother
2007-05-24 à 03:42:09 - bsplayer
2007-04-23 à 12:41:46 - CyberLink
2007-11-26 à 15:08:37 - dvdcss
2007-06-10 à 16:08:17 - EoRezo
2007-06-08 à 19:26:18 - Google
2008-02-25 à 09:20:58 - Grisoft
2007-05-13 à 13:35:18 - Help
2007-04-23 à 12:08:31 - Identities
2007-12-02 à 18:36:43 - Image Zone Express
2007-06-19 à 20:15:36 - InstallShield
2007-06-08 à 19:16:34 - ItsLabel
2007-05-03 à 17:24:31 - Logitech
2007-05-14 à 13:35:28 - Macromedia
2007-04-23 à 13:42:10 - Media Player Classic
2007-09-06 à 15:32:08 - Microsoft
2007-05-19 à 13:00:03 - Microsoft Games
2007-05-24 à 10:41:46 - Mozilla
2007-05-14 à 14:13:27 - MSNInstaller
2007-04-23 à 12:28:48 - Real
2007-12-22 à 17:29:32 - Samsung
2007-05-16 à 14:37:09 - SecuROM
2007-05-14 à 14:17:28 - SiteAdvisor
2007-06-17 à 21:22:48 - Sun
2007-04-27 à 15:31:27 - Symantec
2007-05-24 à 10:42:18 - Talkback
2007-04-23 à 12:53:49 - Template
2007-04-23 à 12:33:47 - vlc

+- C:\Documents and Settings\Dylan\Local Settings\Application Data

2007-08-28 à 22:25:22 - Adobe
2007-08-16 à 03:26:02 - Ahead
2007-07-16 à 19:02:29 - Apple
2007-07-16 à 19:00:30 - Apple Computer
2008-02-23 à 19:25:10 - free-downloads.net
2007-06-08 à 19:26:18 - Google
2007-04-23 à 13:10:19 - Help
2007-04-24 à 19:36:04 - Identities
2007-06-02 à 19:26:49 - KodakGallery
2008-02-26 à 18:28:17 - Microsoft
2007-05-24 à 10:41:46 - Mozilla
2007-04-23 à 15:35:40 - Musicmatch
2007-12-25 à 11:38:12 - WMTools Downloaded Files

========== Listing du dossier Program Files

+- C:\Program Files

2008-02-14 à 15:42:40 - Adobe
2007-09-18 à 19:03:17 - Ahead
2007-10-04 à 10:34:20 - Alwil Software
2007-04-23 à 12:20:45 - AMD
2007-04-23 à 12:18:43 - Analog Devices
2007-09-18 à 14:49:56 - Apple Software Update
2007-06-02 à 20:59:26 - Brother
2007-04-23 à 12:40:13 - CyberLink
2007-04-23 à 12:26:45 - DVD Shrink
2008-02-26 à 13:51:54 - Fichiers communs
2007-06-09 à 07:34:38 - Google
2008-02-24 à 09:22:37 - Grisoft
2007-12-22 à 19:11:23 - InstallShield Installation Information
2008-02-26 à 18:28:05 - Internet Explorer
2008-02-25 à 09:20:38 - iPod
2008-01-16 à 20:21:02 - iTunes
2007-06-12 à 12:22:01 - K-Lite Codec Pack
2007-06-24 à 12:28:05 - Kodak
2007-12-01 à 16:54:45 - Logitech
2008-02-26 à 18:34:44 - Lopxp
2008-02-26 à 18:28:19 - McAfee
2007-08-29 à 10:42:57 - McAfee.com
2007-05-19 à 17:41:33 - Messenger
2007-12-13 à 18:28:53 - Microsoft CAPICOM 2.1.0.2
2007-04-23 à 12:04:48 - microsoft frontpage
2007-04-23 à 12:52:41 - Microsoft Office
2007-04-23 à 12:52:51 - Microsoft Works
2007-04-23 à 12:02:08 - Movie Maker
2008-02-26 à 18:31:44 - Mozilla Firefox
2007-04-23 à 15:37:00 - MSN
2007-04-23 à 12:00:41 - MSN Gaming Zone
2007-12-01 à 10:56:53 - MSN Messenger
2007-08-29 à 14:53:15 - Nero
2007-04-23 à 12:02:32 - NetMeeting
2007-04-23 à 12:00:51 - Online Services
2007-06-13 à 03:41:17 - Outlook Express
2007-12-22 à 17:12:31 - Samsung
2007-06-02 à 20:57:13 - ScanSoft
2007-04-23 à 12:03:36 - Services en ligne
2007-05-19 à 17:32:57 - SLD Codec Pack
2008-02-26 à 12:19:13 - Trend Micro
2007-04-23 à 12:08:30 - Uninstall Information
2007-11-30 à 18:24:54 - Windows Live Favorites
2007-11-30 à 18:25:20 - Windows Live Toolbar
2007-06-25 à 06:37:55 - Windows Media Player
2007-04-23 à 12:00:29 - Windows NT
2007-04-23 à 12:03:38 - WindowsUpdate
2008-01-28 à 15:31:35 - WinRAR
2008-01-28 à 15:47:40 - World of Warcraft
2007-09-15 à 12:15:26 - WowCartographe
2007-04-23 à 12:04:48 - xerox

========== Tâches planifiées

AppleSoftwareUpdate.job: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
McDefragTask.job: c:\program files\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f
McQcTask.job: c:\program files\mcafee\mqc\QcConsol.exe 14 0
Vérifier les mises à jour de Windows Live Toolbar.job: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

========== Clés registre


========== Bloqueur popups Internet Explorer


========== Suggestion ( /!\ Nécessite une interprétation.) ==========

+- Dossiers\Fichiers : Aucune suggestion.

+- Registre : Aucune suggestion.


- Fin du rapport -
0
Réponse 20 / 28
Adèss
 
bon moi je te laisse je te dit a demian matin pour la suite des evenement lol
passe une bonne soiree et une bonne nuit a demain

BIZZZZZ
0

Discussions similaires

Ouverture de session yahoo mail
Guendouz -
Gaston -

1 réponse
[référencement] Ne pas être référencé
kij_82 -
Searaphina -

10 réponses