Sujet Précédent Sujet Suivant

Messengerskinner

Fermé
mar - 1 juin 2008 à 23:11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 10 sept. 2008 à 13:25
Bonjour,
Je suis sur vista et depuis quelques jours spybot detecte MessengerSkinner.rtk J'ai essayé de le suprimer avec navilog1 et ashampoo qui m'ont affiché tous les deux que le netoyage a été reussi avec succé mais spybot le detecte toujour .j'ai fais une analyse avec hijackthis et voici le rapport,alors quelqu'un peut il m'aider à m'en debarrasser SVP?
Merci.


Logfile of HijackThis v1.99.1
Scan saved at 23:00:59, on 01/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lhoroscope.com\Lhoroscope.exe
C:\Users\SAIDANE\AppData\Local\mzdtdvwuy.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\SAIDANE\AppData\Local\Temp\Temp1_hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\EoRezo\EoWeather\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S384F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Lhoroscope.com] C:\Program Files\Lhoroscope.com\Lhoroscope.exe
O4 - HKCU\..\Run: [krcfex] c:\users\saidane\appdata\local\krcfex.exe krcfex
O4 - HKCU\..\Run: [mzdtdvwuy] c:\users\saidane\appdata\local\mzdtdvwuy.exe mzdtdvwuy
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

101 réponses

Précédent
Réponse 41 / 101
mar
12 juin 2008 à 19:28
coucou;
et alors on fait comment pour aller dans programme file, je l'ai cherché dans le champs de recherche et il y est pas.!
o fet arrête de te moquer de moi stp! je suis sérieuse. ;)
0
Réponse 42 / 101
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
12 juin 2008 à 19:32
bonjour, pour aller dans programme file cliques sur démarrer et cliques droit sur le poste de travail et ouvrir et cliques droit sur le disque dur C et ouvrir et la tu cheches dans la liste et tu dois trouver programme file
0
Réponse 43 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 juin 2008 à 21:47
Merci jacques...
0
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
12 juin 2008 à 21:50
bonjour g!rly, de rien si ça a pu l'aider
0
Réponse 44 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 juin 2008 à 22:24
Salut jacques,

Oui ca va surement l´aider...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 101
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
12 juin 2008 à 22:38
je viens de voir que j'ai fais une faute à programme file c'est program files
0
Réponse 46 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 juin 2008 à 23:09
;-)
0
Réponse 47 / 101
mar
13 juin 2008 à 22:40
Salut tout les 2,
Merci jacques.gache mais bien sur que ça m'a aider!!
et donc voilà le rapport:


ComboFix 08-06-11.7 - SAIDANE 2008-06-13 22:23:11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1180 [GMT 2:00]
Endroit: C:\Users\SAIDANE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 18:08 --------- d-----w C:\Program Files\SPAMfighter
2008-06-12 02:23 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 14:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:00 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-05 22:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 21:26 --------- d-----w C:\Program Files\7-Zip
2008-06-04 21:33 --------- d-----w C:\Program Files\ItsLabel
2008-06-04 21:31 --------- d-----w C:\Program Files\Navilog1
2008-06-04 21:08 --------- d-----w C:\Program Files\EoRezo
2008-06-04 20:22 --------- d-----w C:\Program Files\Common Files\Application
2008-06-04 20:22 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-06-03 22:07 --------- d-----w C:\Program Files\Lhoroscope.com
2008-06-03 17:51 --------- d-----w C:\ProgramData\Kiwee Toolbar2
2008-06-01 22:32 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 21:10 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-05-29 23:06 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-28 20:18 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-25 16:41 --------- d-----w C:\Program Files\a-squared Free
2008-05-19 17:15 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-19 17:14 --------- d-----w C:\Program Files\Yahoo!
2008-05-18 01:58 --------- d-----w C:\Program Files\Téléchargeur de GIGN Anti-Terror Force
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 02:08 --------- d-----w C:\Program Files\Téléchargeur de Island Thunder
2008-05-14 01:37 --------- d-----w C:\Program Files\Téléchargeur de Hitman Blood Money
2008-05-14 01:14 --------- d-----w C:\Program Files\BoontyGames
2008-05-12 11:22 --------- d-----w C:\ProgramData\WLInstaller
2008-05-11 14:15 --------- d-----w C:\Program Files\Téléchargeur de Hitman 2
2008-05-11 14:12 --------- d-----w C:\ProgramData\BOONTY
2008-05-11 14:12 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-07 15:12 --------- d-----w C:\Program Files\Athan
2008-05-07 15:11 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-29 14:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-04-29 14:35 --------- d-----w C:\Program Files\Real
2008-04-29 14:35 --------- d-----w C:\Program Files\Common Files\Real
2008-04-28 01:16 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-26 16:26 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys
2008-04-26 14:29 --------- d-----w C:\ProgramData\Symantec
2008-04-26 14:15 --------- d-----w C:\Program Files\Symantec
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 20:49 --------- d-----w C:\Program Files\Java
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-21 21:27 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-04-16 11:04 --------- d-----w C:\Program Files\iTunes
2008-04-16 11:04 --------- d-----w C:\Program Files\iPod
2008-04-16 11:03 --------- d-----w C:\ProgramData\Apple Computer
2008-04-16 10:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-10 18:24 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-10 18:24 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-10 18:24 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-10 18:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 18:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 18:24 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 18:24 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 18:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 18:24 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 18:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 18:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-02-18 03:01 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 04:23 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 15:44 1116728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus DX5000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 06:01 139264]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 17:56 1306624]
"MediaDICO4Ut"="C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 14:54 252416]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-17 16:18 171448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-428815093-3553868167-2846707839-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5339627-E33F-4F74-A621-6094E86725B3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{95095CE9-163A-4BDD-B427-20949BDAB151}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A9169BF4-E25A-4655-B2FB-59ECDBD69A1A}C:\\program files\\eorezo\\eoweather\\itstv.exe"= UDP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"UDP Query User{04A8BC6A-5400-411C-9AC1-05701F7B52D0}C:\\program files\\eorezo\\eoweather\\itstv.exe"= TCP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"{4C9797F9-3206-4B63-A411-82C4AA6DE867}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{643FA121-5E37-4621-91C8-573E5E7E5E4F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{573570DD-3021-449B-9B8C-C2C0E3072B06}C:\\program files\\hercules\\classic silver\\station2.exe"= UDP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{6F569AAE-6CAE-4762-8B05-D62A40161D22}C:\\program files\\hercules\\classic silver\\station2.exe"= TCP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"{5AB2350D-8ACC-443D-AE4C-7D2711FEF047}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A4B7B0E4-20DA-4EC9-A715-496156ADDC17}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AD4C256F-8DDA-4F2A-A673-5CB12299FC65}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41911A02-3F7A-4C9B-94D1-6037BAD1D0AF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DA371ABF-BF76-45A1-8992-3BDF775E82A1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A8E8AE93-3260-4CEE-8065-55CA1E3CBAD9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12E82B05-0BF6-4980-AE37-598D8A04C9F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BDD68800-B60E-429D-9817-7D4E41E9676C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A291A94D-0276-4C5D-BBFF-45E3F55E1C9B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{785D19D2-ED43-4780-8464-B77C8A5944EA}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-05-14 15:24]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 16:29]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-11 16:12]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 05:10]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e354fd84-f5d0-11dc-a369-001a4d1d08af}]
\shell\AutoRun\command - E:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-13 20:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-18 21:59:37 C:\Windows\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
"2008-06-13 20:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-02-17 15:58:56 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 22:24:55
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-13 22:26:15
ComboFix-quarantined-files.txt 2008-06-13 20:25:52
ComboFix2.txt 2008-06-13 20:18:33

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

178 --- E O F --- 2008-06-12 02:18:23



et maintenant c'est spybot qui a disparu de la barre des taches !!

A++
0
Réponse 48 / 101
mar
13 juin 2008 à 22:46
j'ai vu que tous les fichier que j'ai cru avoir désinstallé y sont toujours dans programme files; pourquoi ?
0
Réponse 49 / 101
mar
13 juin 2008 à 22:48
patience g!rly patience on va y arriver... lol
;p
0
Réponse 50 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 juin 2008 à 15:41
Salut,

Oui on va y arriver :)

Copie le texte ci-dessous :

Folder::
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\EoRezo
C:\ProgramData\BOONTY
C:\ProgramData\Symantec
C:\Program Files\Symantec
C:\ProgramData\Kaspersky Lab
C:\ProgramData\Kaspersky Lab Setup Files
C:\Program Files\Lhoroscope.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
[-HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
[-HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

Driver::
Boonty Games

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 51 / 101
mar
21 juin 2008 à 19:12
Bonjour;
desolée pour mon absenteisme, voila maintenant je suis envahi des pubs "spyware secure ..." !!! :( , je t'envoi dabord ce rapport de malwarebyte que je viens de faire:

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 857

19:11:02 21/06/2008
mbam-log-6-21-2008 (19-11-02).txt

Type de recherche: Examen rapide
Eléments examinés: 37639
Temps écoulé: 4 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.


merci
0
Réponse 52 / 101
mar
21 juin 2008 à 19:39
voilà le rapport de hijackthis mais celui de combofix il s'est meme pas affiché et donc je ne sais pas où leretrouver.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31, on 2008-06-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\SAIDANE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fr/index.php?rvs=hompag&d=79919379
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S384F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 53 / 101
mar
21 juin 2008 à 20:07
j'ai recommencé et voilà le rapport de combofix.

ComboFix 08-06-11.7 - SAIDANE 2008-06-21 19:56:55.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1212 [GMT 2:00]
Endroit: C:\Users\SAIDANE\Desktop\ComboFix.exe
Command switches used :: C:\Users\SAIDANE\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1133
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.649
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\AolIMToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\EULA.rtf
C:\Program Files\Kiwee Toolbar2\1.5.131\FlashCOM.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeAU.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeContentHost.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIMToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.tlb
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\mfc80u.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\Microsoft.VC80.CRT.manifest
C:\Program Files\Kiwee Toolbar2\1.5.131\Microsoft.VC80.MFC.manifest
C:\Program Files\Kiwee Toolbar2\1.5.131\msimg32.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\msvcp80.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\msvcr80.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\RunCustomAction.exe
C:\Program Files\Lhoroscope.com
C:\Program Files\Symantec
C:\Program Files\Symantec\S32EVNT1.DLL
C:\ProgramData\BOONTY
C:\ProgramData\BOONTY\Licenses\B3954000.dat
C:\ProgramData\BOONTY\Licenses\B3A32000.dat
C:\ProgramData\BOONTY\Licenses\B48F3000.dat
C:\ProgramData\BOONTY\Licenses\B4DE5000.dat
C:\ProgramData\Kaspersky Lab Setup Files
C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\kav.fr.msi
C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe
C:\ProgramData\Kaspersky Lab
C:\ProgramData\Kaspersky Lab\AVP.7.325_05.09_20.23_cc4.HST.exception.log
C:\ProgramData\Kaspersky Lab\AVP.7.325_05.09_20.23_cc4.HST.full.dmp
C:\ProgramData\Kaspersky Lab\AVP.7.325_05.09_20.23_cc4.HST.mini.dmp
C:\ProgramData\Kaspersky Lab\AVP.7.325_05.09_20.23_cc4.HST.tiny.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
C:\ProgramData\Symantec
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDS9xx86.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSVia64.cat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSVia64.INF
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSviA64.sys
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSVix86.cat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSVix86.INF
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSxpx86.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\Metadata.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\sigs.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\SymIDSCo.sys
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\SymIDSCo.vxd
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\SymIDSI.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\v.grd
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\v.sig
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\zdone.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\catalog.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\ids9xx86.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.CAT
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.INF
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSvix86.sys
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\idsxpx86.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\metadata.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\sigs.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.sys
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.vxd
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\SymIDSI.dll
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\v.grd
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\v.sig
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\virscan1.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\BinHub\zdone.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\definfo.dat
C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\usage.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\HH
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\vscanmsx.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\catalog.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ERASER.grd
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ERASER.sig
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ERASER.spm
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\esrdef.bin
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\hh
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\ncsacert.txt
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\scrauth.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\symaveng.cat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\symaveng.inf
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\SymErase.cat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\SymErase.inf
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tcdefs.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tcscan7.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tcscan8.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tcscan9.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\technote.txt
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tinf.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tinfidx.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tinfl.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tscan1.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\tscan1hd.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\v.grd
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\v.sig
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan.inf
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan1.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan2.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan3.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan4.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan5.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan6.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan7.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan8.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\virscan9.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\whatsnew.txt
C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\zdone.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\TextHub\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs\usage.dat
C:\ProgramData\Symantec\IDS\IDSSettg.BAK
C:\ProgramData\Symantec\IDS\IDSSettg.dat
C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
C:\ProgramData\Symantec\LiveUpdate\Settings.LiveUpdate
C:\ProgramData\Symantec\SPBBC\BBConfig.log
C:\ProgramData\Symantec\SPBBC\BBDebug.log
C:\ProgramData\Symantec\SPBBC\BBDetect.log
C:\ProgramData\Symantec\SPBBC\BBNotify.log
C:\ProgramData\Symantec\SPBBC\BBRefr.log
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log
C:\ProgramData\Symantec\SPBBC\BBSetDev.log
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log
C:\ProgramData\Symantec\SPBBC\BBStHash.log
C:\ProgramData\Symantec\SPBBC\BBValid.log
C:\ProgramData\Symantec\SPBBC\SPPolicy.log
C:\ProgramData\Symantec\SPBBC\SPStart.log
C:\ProgramData\Symantec\SPBBC\SPStop.log
C:\Users\SAIDANE\AppData\Local\eeqikgc.dat
C:\Users\SAIDANE\AppData\Local\eeqikgc.exe
c:\Users\SAIDANE\AppData\Local\eeqikgc_nav.dat
c:\Users\SAIDANE\AppData\Local\eeqikgc_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 17:51 --------- d-----w C:\Program Files\SPAMfighter
2008-06-21 17:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 15:48 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-19 15:47 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-18 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:17 --------- d-----w C:\Program Files\Atari
2008-06-12 02:23 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 14:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:00 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-05 21:26 --------- d-----w C:\Program Files\7-Zip
2008-06-04 21:33 --------- d-----w C:\Program Files\ItsLabel
2008-06-04 21:31 --------- d-----w C:\Program Files\Navilog1
2008-06-04 20:22 --------- d-----w C:\Program Files\Common Files\Application
2008-06-04 20:22 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-06-03 17:51 --------- d-----w C:\ProgramData\Kiwee Toolbar2
2008-06-01 22:32 --------- d-----w C:\Program Files\Trend Micro
2008-05-25 16:41 --------- d-----w C:\Program Files\a-squared Free
2008-05-19 17:15 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-19 17:14 --------- d-----w C:\Program Files\Yahoo!
2008-05-18 01:58 --------- d-----w C:\Program Files\Téléchargeur de GIGN Anti-Terror Force
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 02:08 --------- d-----w C:\Program Files\Téléchargeur de Island Thunder
2008-05-14 01:37 --------- d-----w C:\Program Files\Téléchargeur de Hitman Blood Money
2008-05-14 01:14 --------- d-----w C:\Program Files\BoontyGames
2008-05-12 11:22 --------- d-----w C:\ProgramData\WLInstaller
2008-05-11 14:15 --------- d-----w C:\Program Files\Téléchargeur de Hitman 2
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-07 15:12 --------- d-----w C:\Program Files\Athan
2008-05-07 15:11 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-29 14:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-04-29 14:35 --------- d-----w C:\Program Files\Real
2008-04-29 14:35 --------- d-----w C:\Program Files\Common Files\Real
2008-04-28 01:16 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-26 16:26 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 20:49 --------- d-----w C:\Program Files\Java
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-10 18:24 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-10 18:24 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-10 18:24 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-10 18:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 18:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 18:24 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 18:24 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 18:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 18:24 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 18:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 18:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-02-18 03:01 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-06-21_19.26.30.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 17:21:50 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-21 17:50:46 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-21 17:50:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-21 17:50:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-21 17:22:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-21 17:52:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-21 17:52:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-21 17:22:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 17:52:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 17:52:34 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-21 17:22:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-21 17:51:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-21 17:22:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-21 17:51:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 17:22:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-21 17:51:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-21 17:04:10 108,260 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-21 17:57:27 108,260 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-21 17:04:10 122,692 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-21 17:57:28 122,692 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-21 17:04:10 621,176 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-21 17:57:28 621,176 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-21 17:04:10 702,740 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-21 17:57:28 702,740 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-21 17:00:46 9,022 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-428815093-3553868167-2846707839-1002_UserData.bin
+ 2008-06-21 17:23:54 9,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-428815093-3553868167-2846707839-1002_UserData.bin
- 2008-06-21 17:00:46 57,324 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 17:52:59 57,394 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-21 17:00:44 51,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 17:52:57 51,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 04:23 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 15:44 1116728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus DX5000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 06:01 139264]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 17:56 1306624]
"MediaDICO4Ut"="C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 14:54 252416]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-17 16:18 171448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-428815093-3553868167-2846707839-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5339627-E33F-4F74-A621-6094E86725B3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{95095CE9-163A-4BDD-B427-20949BDAB151}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A9169BF4-E25A-4655-B2FB-59ECDBD69A1A}C:\\program files\\eorezo\\eoweather\\itstv.exe"= UDP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"UDP Query User{04A8BC6A-5400-411C-9AC1-05701F7B52D0}C:\\program files\\eorezo\\eoweather\\itstv.exe"= TCP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"{4C9797F9-3206-4B63-A411-82C4AA6DE867}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{643FA121-5E37-4621-91C8-573E5E7E5E4F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{573570DD-3021-449B-9B8C-C2C0E3072B06}C:\\program files\\hercules\\classic silver\\station2.exe"= UDP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{6F569AAE-6CAE-4762-8B05-D62A40161D22}C:\\program files\\hercules\\classic silver\\station2.exe"= TCP:C:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"{5AB2350D-8ACC-443D-AE4C-7D2711FEF047}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A4B7B0E4-20DA-4EC9-A715-496156ADDC17}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AD4C256F-8DDA-4F2A-A673-5CB12299FC65}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41911A02-3F7A-4C9B-94D1-6037BAD1D0AF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DA371ABF-BF76-45A1-8992-3BDF775E82A1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A8E8AE93-3260-4CEE-8065-55CA1E3CBAD9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12E82B05-0BF6-4980-AE37-598D8A04C9F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BDD68800-B60E-429D-9817-7D4E41E9676C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A291A94D-0276-4C5D-BBFF-45E3F55E1C9B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{785D19D2-ED43-4780-8464-B77C8A5944EA}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-05-14 15:24]
R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 16:29]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e354fd84-f5d0-11dc-a369-001a4d1d08af}]
\shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-21 18:00:04 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-18 21:59:37 C:\Windows\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
"2008-06-21 18:00:04 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-02-17 15:58:56 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 19:59:25
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Windows\TEMP\_avast4_\unp134259129.tmp 325120 bytes executable

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-06-21 20:00:47
ComboFix-quarantined-files.txt 2008-06-21 18:00:37
ComboFix2.txt 2008-06-13 20:26:16
ComboFix3.txt 2008-06-13 20:18:33

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

405 --- E O F --- 2008-06-20 15:23:04


merci et A+
0
Réponse 54 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 juin 2008 à 20:02
Salut mar,

Excuse pour le délai, mais ton message pour quelques raisons ne remontait plus ?!

Post un nouveau rapport hijack this stp

comment ca va de ton coté sinon (pc) ?

@+
0
Réponse 55 / 101
mar
24 juin 2008 à 14:25
salut g!rly;
les pubs ont disparu mais le PC est un peu lent je trouve.
voilà hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:15, on 24/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\SAIDANE\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S384F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 56 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
25 juin 2008 à 18:43
salut mar,

avec les rapports qui arrivent dans n´importe quel ordre je ne sais plus trop ou on en est ?

a l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
03 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

ps : fais le scan en mode sans echec stp et post le rapport ici :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

@+
0
Réponse 57 / 101
mar
27 juin 2008 à 22:59
salut g!rly,
je m'excuse pour les rapports mais de quel ordre sagit-il ?! ;p
merci pour tous tes conseils, j'aurai pas le temps de le faire tout de suite mais ça sera fait au plus tard dimanche. tu m'excusera pour le delai ;)
ABT.
0
Réponse 58 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 juin 2008 à 23:02
salut mar,

pas grave,

post le rapport d´antivir a la suite de la conversation quand tu le pourras...

bon week end ;-)

@+
0
Réponse 59 / 101
mar
29 juin 2008 à 21:22
salut g!rly;
voici le rapport d'antivir:



Avira AntiVir Personal
Report file date: dimanche 29 juin 2008 19:43

Scanning for 1365960 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Save mode
Username: SAIDANE
Computer name: PC-DE-SAIDANE

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:29:57
ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 17:29:58
ANTIVIR3.VDF : 7.0.5.18 109568 Bytes 28/06/2008 17:29:59
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 29/06/2008 17:30:41
AESCN.DLL : 8.1.0.22 119157 Bytes 29/06/2008 17:30:38
AERDL.DLL : 8.1.0.20 418165 Bytes 29/06/2008 17:30:37
AEPACK.DLL : 8.1.1.6 364918 Bytes 29/06/2008 17:30:34
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 29/06/2008 17:30:27
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 29/06/2008 17:30:24
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/06/2008 17:30:12
AEGEN.DLL : 8.1.0.29 307573 Bytes 29/06/2008 17:30:11
AEEMU.DLL : 8.1.0.6 430451 Bytes 29/06/2008 17:30:07
AECORE.DLL : 8.1.0.31 168310 Bytes 29/06/2008 17:30:02
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 29 juin 2008 19:43

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '9' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\SAIDANE\Desktop\clean\clean.cmd
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ccd48a.qua'!
C:\Documents and Settings\SAIDANE\Documents\clean\clean\clean.cmd
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ccd4a4.qua'!
C:\Documents and Settings\SAIDANE\Documents\LimeWire\Saved\limpasse kery james ft bene.mp3
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was moved to '48d4d4ba.qua'!


End of the scan: dimanche 29 juin 2008 21:02
Used time: 1:19:20 min

The scan has been done completely.

61347 Scanning directories
410591 Files were scanned
1 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
410590 Files not concerned
4114 Archives were scanned
5 Warnings
3 Notes

merci et A+
0
Réponse 60 / 101
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 juil. 2008 à 20:27
salut,

comment se porte ton pc ?

post un nouveau rapport hijack this stp

@+
0