Pub CID sur vista

Résolu

Utilisateur anonyme -
swifer94 - 10 sept. 2008 à 20:03

Bonjour,
J' ai besoin d' aide pour maider a suprimer les publicités CID
Je croit comprendre que chaque cas est different
J' ai désinstaller le sponsor de messanger plus et desinstaller aussi Help CID
J' ai cru comprendre qu' il fallait un rapport HijackThis que je vous remet :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:24, on 07/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\Philips\SPC220NC\Monitor.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [Save Dupe] "C:\ProgramData\sixth sect sect.ilrjji7"
O4 - HKLM\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Sixth Body Help.z6rat"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Afficher la suite

A voir également:

Pub CID sur vista
Supprimer pub youtube - Accueil - Streaming
Stop pub gratuit - Télécharger - Divers Utilitaires
Windows vista - Télécharger - Divers Utilitaires
Supprimer la pub - Guide
Clé windows vista - Guide

31 réponses

Réponse 21 / 31

zooz73

Bonjour, jai le meme pb , jai plein de pub Cib.
donc voila mon rapport Hijackthis.est le suivant.
j'execute combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:39, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Windows\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Utilisateur\Downloads\hisjackthis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [memo glue] "C:\ProgramData\Obj Dog Dog.tukfzh"
O4 - HKLM\..\Run: [locks tick title proc] "C:\ProgramData\bat flag meet.alg2nkm"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163

Merci de créer ton propre poste ! ;-)

++

Réponse 22 / 31

Utilisateur anonyme

voila le rapport green day ^^

File/Folder C:\ProgramData\sixth sect sect.ilrjji7 not found.
File/Folder C:\ProgramData\Sixth Body Help.z6rat not found.
File/Folder C:\ProgramData\sixth sect sect.xcxebo not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03132008_221539

Réponse 23 / 31

green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163

ok,

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O4 - HKLM\..\Run: [Save Dupe] "C:\ProgramData\sixth sect sect.ilrjji7"
O4 - HKLM\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Sixth Body Help.z6rat"

O4 - HKCU\..\Run: [Save Dupe] "C:\ProgramData\sixth sect sect.xcxebo"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\site grey software.omuxnfs

ensuite, passe un coup de ccleaner !

@+

Réponse 24 / 31

Utilisateur anonyme

je n' est pas cette ligne là :

O4 - HKLM\..\Run: [Save Dupe] "C:\ProgramData\sixth sect sect.ilrjji7"

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 31

green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163

pas grave !

++

Réponse 26 / 31

Utilisateur anonyme

Merci pour tous green day tous fonctionne bien ++

Réponse 27 / 31

green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163

pas d'quoi ! ;-)

installe un parefeu !!

@+

Réponse 28 / 31

remianso Messages postés 14 Statut Membre

Bonjour, moi aussi j'ai le même pb (pub cid sur vista) et même après avoir sup le programme cid help et msn plus! elles sont moins nombreuses mais elles reviennent. Aidez moi svp c stressant (en plus je suis en examens) merci d'avance de votre comprhéension et de votre aide bénévole. a très vite
Je vous donne mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:20:47, on 23/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L07FXLRD_8136528] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Blue Web] "C:\ProgramData\love bolt bolt.mvhpugt"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Réponse 29 / 31

cocci90

Bonjour à tous. J'ai le même problème que tous ces pauvres gens. Pouvez-vous m'aider ? J'ai fais le rapport. Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:22, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Cdromthis] "C:\ProgramData\bonerdrrdr.sjmxk"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Setup Barb Grey.8qztic"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

Réponse 30 / 31

green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163

Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++

cocci90

voici le rapport combofix :

ComboFix 08-06-07.3 - cyrille et catherine 2008-06-08 16:55:57.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1652 [GMT 2:00]
Endroit: C:\Users\cyrille et catherine\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 10:26 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\LimeWire
2008-06-08 10:26 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\LimeWire
2008-06-08 10:05 2,097,152 --sha-w C:\Users\Invité\NTUSER.DAT
2008-06-08 10:05 2,097,152 --sha-w C:\Users\Invité\NTUSER.DAT
2008-06-08 06:30 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\Image Zone Express
2008-06-08 06:30 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\Image Zone Express
2008-06-07 21:58 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-06-07 17:13 --------- d-----w C:\Program Files\BitLord
2008-06-07 17:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 18:17 --------- d-----w C:\Program Files\EasyBits For Kids
2008-06-03 08:01 --------- d-----w C:\Program Files\Windows Live
2008-06-02 18:54 --------- d-----w C:\PROGRA~2\Messenger Plus!
2008-06-02 12:42 --------- d-----w C:\Program Files\Trend Micro
2008-06-02 12:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-02 12:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-02 12:22 --------- d-----w C:\PROGRA~2\WLInstaller
2008-05-31 15:23 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\HP
2008-05-31 15:23 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\HP
2008-05-25 19:15 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-05-25 06:47 --------- d-----w C:\Program Files\Alwil Software
2008-05-25 06:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 06:37 --------- d-----w C:\PROGRA~2\Symantec
2008-05-22 11:11 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 11:04 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 11:03 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-30 19:59 --------- d-----w C:\PROGRA~2\Bluetooth
2008-04-30 19:47 --------- d-----w C:\Program Files\IVT Corporation
2008-04-30 17:26 --------- d-----w C:\Program Files\Dofus
2008-04-29 16:31 --------- d-----w C:\Program Files\EA GAMES
2008-04-29 07:39 --------- d-----w C:\PROGRA~2\CyberLink
2008-04-29 07:31 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\CyberLink
2008-04-29 07:31 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\CyberLink
2008-04-28 17:43 --------- d-----w C:\Program Files\DivX
2008-04-28 17:35 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\Apple Computer
2008-04-28 17:35 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\Apple Computer
2008-04-28 17:34 --------- d-----w C:\Program Files\iTunes
2008-04-28 17:34 --------- d-----w C:\Program Files\iPod
2008-04-28 17:34 --------- d-----w C:\PROGRA~2\Apple Computer
2008-04-28 17:32 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-28 17:30 --------- d-----w C:\Program Files\Apple Software Update
2008-04-28 17:30 --------- d-----w C:\PROGRA~2\Apple
2008-04-28 09:04 --------- d-----w C:\Program Files\Mininova
2008-04-28 09:03 --------- d-----w C:\Program Files\Conduit
2008-04-27 16:28 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\Printer Info Cache
2008-04-27 16:28 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\Printer Info Cache
2008-04-27 14:31 --------- d-----w C:\PROGRA~2\WildTangent
2008-04-25 09:31 450 ----a-w C:\Users\cyrille et catherine\AppData\Roaming\wklnhst.dat
2008-04-25 09:31 450 ----a-w C:\Users\CYRILL~1\AppData\Roaming\wklnhst.dat
2008-04-21 12:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-20 16:08 --------- d-----w C:\Program Files\QuickTime
2008-04-19 16:59 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\Template
2008-04-19 16:59 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\Template
2008-04-19 08:32 --------- d-----w C:\Program Files\JCA2000
2008-04-19 08:26 --------- d-----w C:\Program Files\Google
2008-04-19 08:23 --------- d-----w C:\PROGRA~2\tpfmon
2008-04-18 08:55 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\WildTangent
2008-04-18 08:55 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\WildTangent
2008-04-16 15:22 --------- d-----w C:\Users\cyrille et catherine\AppData\Roaming\Thunderbird
2008-04-16 15:22 --------- d-----w C:\Users\CYRILL~1\AppData\Roaming\Thunderbird
2008-04-12 11:37 --------- d-----w C:\Program Files\LimeWire
2008-04-12 10:31 --------- d-----w C:\PROGRA~2\Hold Trust Amok Mode
2008-04-11 11:29 --------- d-----w C:\Program Files\AXMA
2008-04-10 09:12 --------- d-----w C:\PROGRA~2\Logishrd
2008-04-10 09:09 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-10 09:03 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-04-10 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 09:03 --------- d-----w C:\Program Files\Logitech
2008-04-10 08:58 --------- d-----w C:\PROGRA~2\Logitech
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-28 12:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 13:17 92,160 ----a-w C:\Windows\System32\ezUninst.exe
2008-03-27 13:17 85,504 ----a-w C:\Windows\System32\ezShellStart.exe
2008-03-27 13:17 49,152 ----a-w C:\Windows\System32\ezUPBHook.dll
2008-03-27 13:17 33,792 ----a-w C:\Windows\System32\ezntsvc.exe
2008-03-27 13:17 241,664 ----a-w C:\Windows\System32\ezSetup.exe
2008-03-27 13:17 15,360 ----a-w C:\Windows\System32\ezMAPIHelper.exe
2008-03-27 11:55 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-27 11:55 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-27 11:55 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-27 11:55 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-27 11:55 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-27 11:55 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-27 11:55 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-27 11:55 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-27 11:55 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-27 11:54 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-27 11:50 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-27 11:50 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-27 11:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-27 11:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-27 11:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-27 11:50 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-27 11:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-27 11:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-04-16 11:06 1524760 --a------ C:\Program Files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-27 13:48 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 19:02 1783136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-27 19:13 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Cdromthis"="C:\ProgramData\bonerdrrdr.sjmxk" [2008-04-19 10:32 401424]
"Amok Mode Dupe Platform"="C:\ProgramData\Setup Barb Grey.8qztic" [2008-04-12 12:31 344080]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-10 11:04:05 66864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{923CD3D1-C4BF-4D7F-A74E-595D8B9723B6}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{91F176ED-A09B-4775-902D-93864D3B7DF4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A1382DF2-7065-43D4-9700-5FEEC0893F91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34919DF3-95CC-431E-89D7-8A53613040E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E19680A8-B0B5-4BF5-A22E-8AABAE163264}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{84BDAB17-0425-4A4A-A157-261B122B9FDB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2CEB8E6E-201F-47B0-9324-0E117531CDA5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C13A9FCB-91E6-4EC7-9D21-92F8D84A1559}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D1FA189B-7214-42CF-BE78-F6383B4DAB94}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CE5A8AEB-9BB6-4EDB-84B0-2E44108DC46A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{DA560893-9AED-4B85-BE34-C9882851B45C}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{D51B7676-0B98-47BB-94CD-F7CAA8622CDE}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{58355FD3-C636-4175-99EB-FEF8A18C75E1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{45B00E5A-9F6C-4EB5-9E51-810C8830F7A8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{327867A1-01FC-402F-AA84-37FC84A2E1FB}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{AA0E41A4-FFF8-45DA-957F-2AB5CA6BC48B}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{618D1D5E-9F86-4F69-AF8B-A7B568BB51B0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{399f7d48-ada3-11dc-a102-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 16:59:11
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-08 16:59:44
ComboFix-quarantined-files.txt 2008-06-08 14:59:41

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

226 --- E O F --- 2008-06-04 06:30:07

Réponse 31 / 31

swifer94

--------------------\\ Lop S&D 4.2.4-1 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz )
BIOS : Default System BIOS
USER : olive ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080909-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 06-09-2008|22:02 )
Option : [1] ( 10/09/2008|19:55 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[30/08/2008|10:47] C:\Users\olive\AppData\Local\Acer Arcade Deluxe
[23/10/2007|19:21] C:\Users\olive\AppData\Local\acer eNM
[23/03/2008|00:09] C:\Users\olive\AppData\Local\Adobe
[01/08/2008|17:23] C:\Users\olive\AppData\Local\Apple
[01/08/2008|21:13] C:\Users\olive\AppData\Local\Apple Computer
[23/10/2007|19:19] C:\Users\olive\AppData\Local\Application Data
[03/07/2008|22:41] C:\Users\olive\AppData\Local\d3d9caps.dat
[03/09/2008|18:16] C:\Users\olive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[31/10/2007|10:14] C:\Users\olive\AppData\Local\GDIPFONTCACHEV1.DAT
[27/10/2007|19:24] C:\Users\olive\AppData\Local\Google
[23/10/2007|19:19] C:\Users\olive\AppData\Local\Historique
[10/09/2008|19:07] C:\Users\olive\AppData\Local\IconCache.db
[20/06/2008|07:36] C:\Users\olive\AppData\Local\Microsoft
[08/05/2008|11:57] C:\Users\olive\AppData\Local\Microsoft Games
[18/06/2008|14:39] C:\Users\olive\AppData\Local\Microsoft Help
[23/10/2007|19:21] C:\Users\olive\AppData\Local\PlayMovie
[30/08/2008|10:47] C:\Users\olive\AppData\Local\PowerCinema
[10/09/2008|19:52] C:\Users\olive\AppData\Local\Temp
[23/10/2007|19:19] C:\Users\olive\AppData\Local\Temporary Internet Files
[27/10/2007|19:54] C:\Users\olive\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[10/09/2008 19:21][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[10/09/2008 19:44][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[10/09/2008 19:10][--ah-----] C:\Windows\tasks\SA.DAT
[10/09/2008 19:08][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/08/2007|09:59] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/08/2007|09:51] C:\ProgramData\Adobe
[01/08/2008|17:22] C:\ProgramData\Apple
[01/08/2008|17:25] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[23/10/2007|19:15] C:\ProgramData\Bureau
[02/09/2008|22:01] C:\ProgramData\camp 4 blue.3zp71lj
[28/10/2007|18:32] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[23/06/2008|19:17] C:\ProgramData\EPSON
[23/10/2007|19:15] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[02/09/2008|22:01] C:\ProgramData\Ford drive four file
[27/10/2007|18:58] C:\ProgramData\Google
[23/10/2007|19:15] C:\ProgramData\Menu D‚marrer
[21/03/2008|12:21] C:\ProgramData\Microsoft
[24/08/2008|10:59] C:\ProgramData\Microsoft Help
[23/10/2007|19:15] C:\ProgramData\ModŠles
[02/11/2006|15:02] C:\ProgramData\Start Menu
[05/09/2008|16:50] C:\ProgramData\Store Name Math
[23/03/2008|11:43] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[02/09/2008|22:01] C:\ProgramData\Tool Software Software.n1p26
[02/09/2008|22:01] C:\ProgramData\Tool Software Software.qyq1728
[28/10/2007|14:25] C:\ProgramData\TuneUp Software
[23/06/2008|19:22] C:\ProgramData\UDL
[23/10/2007|20:23] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[23/06/2008|19:19] C:\Program Files\ABBYY FineReader 6.0 Sprint
[15/09/2007|03:33] C:\Program Files\Acer Arcade Deluxe
[10/09/2008|19:48] C:\Program Files\Acer GameZone
[15/09/2007|03:38] C:\Program Files\Acer Inc
[10/08/2007|09:59] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[10/08/2007|09:51] C:\Program Files\Adobe
[21/03/2008|12:09] C:\Program Files\Alwil Software
[15/09/2007|03:36] C:\Program Files\Apoint2K
[27/08/2008|15:40] C:\Program Files\Apple Software Update
[01/08/2008|17:25] C:\Program Files\Bonjour
[10/09/2008|19:45] C:\Program Files\Common Files
[10/08/2007|08:40] C:\Program Files\CONEXANT
[10/08/2007|09:43] C:\Program Files\CyberLink
[23/10/2007|20:14] C:\Program Files\DivX
[23/06/2008|19:20] C:\Program Files\epson
[23/10/2007|20:10] C:\Program Files\ffdshow
[23/10/2007|19:15] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[27/10/2007|19:22] C:\Program Files\Google
[23/10/2007|20:20] C:\Program Files\Illustrate
[03/08/2008|15:57] C:\Program Files\Infogrames
[03/08/2008|16:09] C:\Program Files\InstallShield Installation Information
[15/09/2007|03:26] C:\Program Files\Intel
[11/06/2008|18:31] C:\Program Files\Intelore
[07/09/2008|13:27] C:\Program Files\Internet Explorer
[01/08/2008|17:25] C:\Program Files\iPod
[01/08/2008|17:26] C:\Program Files\iTunes
[15/09/2007|03:32] C:\Program Files\Launch Manager
[03/08/2008|16:03] C:\Program Files\Maxis
[31/10/2007|10:22] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[28/10/2007|16:25] C:\Program Files\Microsoft Office
[28/10/2007|16:25] C:\Program Files\Microsoft Visual Studio
[28/10/2007|16:21] C:\Program Files\Microsoft Visual Studio 8
[14/11/2007|20:44] C:\Program Files\Microsoft Works
[28/10/2007|16:24] C:\Program Files\Microsoft.NET
[07/09/2008|13:27] C:\Program Files\Movie Maker
[28/10/2007|16:25] C:\Program Files\MSBuild
[07/09/2008|14:09] C:\Program Files\MSN Messenger
[31/10/2007|10:19] C:\Program Files\MSXML 4.0
[10/08/2007|09:18] C:\Program Files\NewTech Infosystems
[01/08/2008|17:24] C:\Program Files\QuickTime
[10/08/2007|08:31] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[03/08/2008|16:09] C:\Program Files\The Adventure Company
[23/10/2007|20:16] C:\Program Files\ToniArts
[28/10/2007|14:27] C:\Program Files\TuneUp Utilities 2007
[16/07/2008|17:37] C:\Program Files\TuneUp Utilities 2008
[24/11/2007|14:07] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[28/10/2007|16:50] C:\Program Files\VideoLAN
[07/09/2008|13:27] C:\Program Files\Windows Calendar
[07/09/2008|13:27] C:\Program Files\Windows Collaboration
[07/09/2008|13:27] C:\Program Files\Windows Defender
[07/09/2008|13:27] C:\Program Files\Windows Journal
[20/01/2008|19:19] C:\Program Files\Windows Live Toolbar
[07/09/2008|13:27] C:\Program Files\Windows Mail
[07/09/2008|13:27] C:\Program Files\Windows Media Player
[23/10/2007|19:15] C:\Program Files\Windows NT
[07/09/2008|13:27] C:\Program Files\Windows Photo Gallery
[07/09/2008|13:27] C:\Program Files\Windows Sidebar
[28/10/2007|13:48] C:\Program Files\WinRAR
[23/10/2007|19:19] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/08/2007|09:51] C:\Program Files\Common Files\Adobe
[01/08/2008|17:22] C:\Program Files\Common Files\Apple
[28/10/2007|16:25] C:\Program Files\Common Files\DESIGNER
[23/06/2008|19:24] C:\Program Files\Common Files\InstallShield
[10/08/2007|09:18] C:\Program Files\Common Files\LightScribe
[02/07/2008|18:04] C:\Program Files\Common Files\microsoft shared
[10/08/2007|09:18] C:\Program Files\Common Files\muvee Technologies
[10/08/2007|09:19] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[23/03/2008|11:43] C:\Program Files\Common Files\Symantec Shared
[07/09/2008|13:27] C:\Program Files\Common Files\System
[23/03/2008|11:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 96 Processes )

iexplore.exe ~ [PID:4464]
iexplore.exe ~ [PID:5900]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Tool Software Software.n1p26
C:\ProgramData\camp 4 blue.3zp71lj
C:\ProgramData\Tool Software Software.qyq1728

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Ford drive four file
C:\ProgramData\Ford drive four file\Bore grim.exe
C:\ProgramData\Store Name Math
C:\ProgramData\Store Name Math\blsvhpka.exe
C:\ProgramData\Store Name Math\flap amen admin coal.exe

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Biasdelete"="\"C:\\ProgramData\\Tool Software Software.qyq1728\""
"Four file program mode"="\"C:\\ProgramData\\camp 4 blue.3zp71lj\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 19:56:00
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\Users\olive\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Antivirus 2008 PRO

--------------------\\ Cracks & Keygens ..

C:\Users\olive\Documents\Mes fichiers re‡us\TuneUp 2006\TuneUp Utilities 2006\TuneUp Utilities 2006 (Build 5.0.2327) German Keygen.exe

[F:37][D:12]-> C:\Users\olive\AppData\Local\Temp
[F:65][D:1]-> C:\Users\olive\AppData\Roaming\MICROS~1\Windows\Cookies
[F:71][D:4]-> C:\Users\olive\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:231]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/09/2008|14:50 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/09/2008|19:57 - Option : [1]

--------------------\\ Fin du rapport a 19:57:21
[ UAC => 1 ]

Discussions similaires

Ouvrir un fichier .pub sans Publisher

Ouvrir document Publisher sans Publisher

lire un fichier .pub

Lire, afficher, exécuter un fichier *.pub sans Publisher

Recherche nom acteur Pub

Pub CID sur vista

31 réponses

Votre réponse

Discussions similaires

Newsletters