Affection trojan download

Résolu
misterflex -  
misterflex Messages postés 8 Statut Membre -
Bonjour,

Trojan.Downloader.Small.CML affecte mon pc, pourriez-vous me dire comment faut-il faire pour pour le supprimer

voici mon rapport hijackthis ,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:14, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Pierre et Julien\Bureau\KillBox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [meta body blah clock] C:\Documents and Settings\All Users\Application Data\AntiFreeMetaBody\Rdr platform.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvvog.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [bytemp3] C:\DOCUME~1\PIERRE~1\APPLIC~1\FLAPPE~1\rect chic.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9789 bytes
Configuration: Windows XP
Firefox 2.0.0.14

8 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Tu dois avoir des pubs CID toi xD

    ---> Désactive l'antivirus
    ---> Télécharge Lop S&D sur ton Bureau
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    ---> Double-clique dessus pour lancer l'installation
    ---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    ---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
    ---> Patiente jusqu'à la fin du scan
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
    http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
    0
    1. misterflex Messages postés 8 Statut Membre
       
      voila :


      -----------------------[ Lop S&D 4.2.1-5 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : Pierre et Julien ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 16/06/2008 | 0:37:22,96 ] [ PC : PHILETBAB ]
      [ MAJ : 15-06-2008 | 18:55 ]

      -------------[ Listing des dossiers dans Application Data ]------------

      [22/09/2005|13:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [30/09/2005|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [22/09/2005|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
      [22/09/2005|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\toshiba

      [18/03/2007|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [06/07/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiFreeMetaBody
      [18/04/2007|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [22/09/2005|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
      [30/01/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
      [28/06/2007|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [15/06/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [23/02/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
      [24/02/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [31/01/2007|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [22/09/2005|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [17/05/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
      [25/12/2006|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
      [13/01/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Recisio
      [11/02/2007|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
      [17/03/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [23/02/2008|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [15/06/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [23/02/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
      [09/12/2006|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

      [05/06/2008|18:48] C:\DOCUME~1\Babeth\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\Babeth\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\Babeth\APPLIC~1\Identities
      [03/12/2006|23:19] C:\DOCUME~1\Babeth\APPLIC~1\InterVideo
      [17/03/2007|12:33] C:\DOCUME~1\Babeth\APPLIC~1\Lavasoft
      [17/03/2007|12:33] C:\DOCUME~1\Babeth\APPLIC~1\Macromedia
      [17/03/2007|12:29] C:\DOCUME~1\Babeth\APPLIC~1\Microsoft
      [09/12/2006|21:23] C:\DOCUME~1\Babeth\APPLIC~1\Mozilla
      [26/02/2007|14:27] C:\DOCUME~1\Babeth\APPLIC~1\MSN Pictures Displayer
      [05/06/2008|18:47] C:\DOCUME~1\Babeth\APPLIC~1\Skype
      [22/09/2005|13:32] C:\DOCUME~1\Babeth\APPLIC~1\Sonic
      [12/02/2006|19:59] C:\DOCUME~1\Babeth\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\Babeth\APPLIC~1\toshiba
      [03/12/2006|23:09] C:\DOCUME~1\Babeth\APPLIC~1\vlc
      [05/06/2008|19:16] C:\DOCUME~1\Babeth\APPLIC~1\wklnhst.dat

      [22/09/2005|13:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [30/09/2005|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [22/09/2005|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [22/09/2005|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

      [13/01/2008|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
      [09/12/2006|19:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
      [28/01/2007|13:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

      [22/09/2005|08:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


      [26/01/2008|22:46] C:\DOCUME~1\PIERRE~1\APPLIC~1\Adobe
      [23/09/2007|01:10] C:\DOCUME~1\PIERRE~1\APPLIC~1\AdobeUM
      [18/04/2007|14:01] C:\DOCUME~1\PIERRE~1\APPLIC~1\Apple Computer
      [24/03/2008|12:55] C:\DOCUME~1\PIERRE~1\APPLIC~1\CDRusersDB.v12
      [22/09/2005|10:00] C:\DOCUME~1\PIERRE~1\APPLIC~1\desktop.ini
      [18/02/2008|18:08] C:\DOCUME~1\PIERRE~1\APPLIC~1\DivX
      [23/02/2008|16:03] C:\DOCUME~1\PIERRE~1\APPLIC~1\flap peak
      [27/12/2007|16:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
      [15/06/2008|23:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\Grisoft
      [22/09/2005|08:49] C:\DOCUME~1\PIERRE~1\APPLIC~1\Identities
      [15/06/2008|22:49] C:\DOCUME~1\PIERRE~1\APPLIC~1\Lavasoft
      [24/03/2008|12:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\Macromedia
      [08/03/2008|19:16] C:\DOCUME~1\PIERRE~1\APPLIC~1\Media Player Classic
      [18/02/2008|18:08] C:\DOCUME~1\PIERRE~1\APPLIC~1\Micro Application
      [17/04/2007|13:46] C:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft
      [10/12/2006|02:02] C:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft Games
      [09/12/2006|19:35] C:\DOCUME~1\PIERRE~1\APPLIC~1\Mozilla
      [24/03/2007|17:28] C:\DOCUME~1\PIERRE~1\APPLIC~1\MPEG Streamclip
      [16/04/2007|13:35] C:\DOCUME~1\PIERRE~1\APPLIC~1\Notepad++
      [07/05/2007|20:36] C:\DOCUME~1\PIERRE~1\APPLIC~1\questdb.v12
      [22/09/2005|13:32] C:\DOCUME~1\PIERRE~1\APPLIC~1\Sonic
      [10/02/2007|13:06] C:\DOCUME~1\PIERRE~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\PIERRE~1\APPLIC~1\toshiba
      [09/12/2006|18:50] C:\DOCUME~1\PIERRE~1\APPLIC~1\vlc
      [31/05/2008|17:52] C:\DOCUME~1\PIERRE~1\APPLIC~1\wklnhst.dat

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [07/05/2008 13:20][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [16/06/2008 00:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [22/09/2005|13:21] C:\Program Files\Adobe
      [02/01/2007|17:59] C:\Program Files\Ahead
      [23/02/2008|15:32] C:\Program Files\Alwil Software
      [22/09/2005|11:27] C:\Program Files\Apoint2K
      [24/03/2007|17:27] C:\Program Files\Apple Software Update
      [30/01/2007|13:35] C:\Program Files\Azureus
      [01/01/2008|19:40] C:\Program Files\Circle Developement
      [16/04/2007|12:37] C:\Program Files\C-Media Middleware
      [02/05/2008|19:44] C:\Program Files\Common~1
      [22/09/2005|08:05] C:\Program Files\ComPlus Applications
      [02/05/2008|19:37] C:\Program Files\Data Becker
      [08/09/2007|17:24] C:\Program Files\DivX
      [03/01/2007|18:17] C:\Program Files\DVD Shrink
      [20/12/2006|22:48] C:\Program Files\DVD X Player 4.0 Professionnel
      [28/01/2007|17:12] C:\Program Files\EA Games
      [15/06/2008|23:14] C:\Program Files\eMule
      [30/09/2005|13:20] C:\Program Files\Encarta
      [23/02/2008|15:15] C:\Program Files\Fichiers communs
      [23/03/2008|11:33] C:\Program Files\FileZilla Client
      [01/01/2008|19:41] C:\Program Files\flap peak
      [11/02/2007|16:46] C:\Program Files\Flash 32
      [25/12/2006|21:41] C:\Program Files\Freebrowser Heavy
      [03/12/2006|22:57] C:\Program Files\Freeplayer
      [08/03/2008|20:53] C:\Program Files\Google
      [15/06/2008|23:34] C:\Program Files\Grisoft
      [10/12/2006|19:42] C:\Program Files\Guitar Pro 5
      [02/05/2008|19:37] C:\Program Files\InstallShield Installation Information
      [22/09/2005|11:11] C:\Program Files\Intel
      [11/06/2008|00:08] C:\Program Files\Internet Explorer
      [22/09/2005|13:05] C:\Program Files\InterVideo
      [18/04/2007|14:01] C:\Program Files\iPod
      [18/04/2007|14:01] C:\Program Files\iTunes
      [22/09/2005|08:26] C:\Program Files\Java
      [20/01/2008|16:59] C:\Program Files\KaraFun
      [25/02/2007|20:34] C:\Program Files\Karasoft
      [13/01/2008|20:55] C:\Program Files\K-Lite Codec Pack
      [13/03/2007|20:20] C:\Program Files\Lavasoft
      [28/01/2007|13:10] C:\Program Files\Lexmark
      [22/09/2005|11:29] C:\Program Files\ltmoh
      [22/09/2005|08:19] C:\Program Files\Messenger
      [30/03/2008|11:50] C:\Program Files\Messenger Plus! Live
      [09/12/2006|19:29] C:\Program Files\MessengerPlus! 3
      [21/10/2007|11:18] C:\Program Files\Micro Application
      [30/09/2005|13:22] C:\Program Files\Microsoft AutoRoute
      [22/09/2005|08:09] C:\Program Files\microsoft frontpage
      [10/12/2006|01:48] C:\Program Files\Microsoft Games
      [30/01/2007|21:26] C:\Program Files\Microsoft Money 2005
      [05/12/2006|14:28] C:\Program Files\Microsoft Office
      [05/12/2006|14:28] C:\Program Files\Microsoft Visual Studio
      [05/12/2006|14:28] C:\Program Files\Microsoft Works
      [30/09/2005|13:17] C:\Program Files\Microsoft Works Suite 2005
      [22/09/2005|13:15] C:\Program Files\Microsoft.NET
      [22/09/2005|08:07] C:\Program Files\Movie Maker
      [16/06/2008|00:34] C:\Program Files\Mozilla Firefox
      [31/12/2006|13:02] C:\Program Files\MSN
      [22/09/2005|08:04] C:\Program Files\MSN Gaming Zone
      [30/03/2008|11:50] C:\Program Files\MSN Messenger
      [26/02/2007|14:51] C:\Program Files\MSN Pictures Displayer
      [22/09/2005|13:40] C:\Program Files\MSN Toolbar Suite
      [01/06/2007|19:57] C:\Program Files\Msncolor
      [13/02/2006|20:51] C:\Program Files\MSXML 4.0
      [18/04/2007|20:16] C:\Program Files\Multi_Media_France
      [25/12/2006|14:27] C:\Program Files\MUSK Codec Pack v5
      [22/09/2005|08:07] C:\Program Files\NetMeeting
      [16/04/2007|13:34] C:\Program Files\Notepad++
      [22/09/2005|13:42] C:\Program Files\Offre Wanadoo
      [25/12/2006|14:30] C:\Program Files\On2 Technologies
      [22/09/2005|08:05] C:\Program Files\Online Services
      [13/06/2007|08:19] C:\Program Files\Outlook Express
      [18/05/2007|23:26] C:\Program Files\PC Camera
      [12/02/2006|18:52] C:\Program Files\Picture It! Premium 10
      [12/01/2008|15:34] C:\Program Files\PowerQuest
      [24/03/2007|17:28] C:\Program Files\QuickTime
      [22/09/2005|08:07] C:\Program Files\Services en ligne
      [22/09/2005|11:22] C:\Program Files\SigmaTel
      [11/02/2007|15:16] C:\Program Files\Sim AQUARIUM 2
      [17/03/2007|20:55] C:\Program Files\Skype
      [21/12/2006|14:43] C:\Program Files\SLD Codec Pack
      [22/09/2005|13:09] C:\Program Files\Sonic
      [27/09/2005|08:14] C:\Program Files\Toshiba
      [03/05/2008|14:50] C:\Program Files\TrackMania Nations ESWC
      [27/05/2007|14:37] C:\Program Files\TrackMania Original Demo
      [16/06/2008|00:01] C:\Program Files\Trend Micro
      [22/09/2005|08:49] C:\Program Files\Uninstall Information
      [09/04/2007|15:37] C:\Program Files\Valve
      [09/12/2006|18:48] C:\Program Files\VideoLAN
      [02/01/2007|19:53] C:\Program Files\vso
      [05/06/2007|20:42] C:\Program Files\Windows Live
      [09/12/2006|18:57] C:\Program Files\Windows Media Connect 2
      [09/12/2006|18:57] C:\Program Files\Windows Media Player
      [22/09/2005|08:04] C:\Program Files\Windows NT
      [22/09/2005|08:05] C:\Program Files\Windows Plus
      [22/09/2005|08:07] C:\Program Files\WindowsUpdate
      [26/02/2007|12:58] C:\Program Files\WinRAR
      [22/09/2005|08:09] C:\Program Files\xerox
      [25/12/2006|14:30] C:\Program Files\XviD
      [23/02/2008|15:44] C:\Program Files\Zone Labs

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

      [18/03/2007|22:22] C:\Program Files\Fichiers communs\Adobe
      [02/01/2007|17:59] C:\Program Files\Fichiers communs\Ahead
      [05/12/2006|14:28] C:\Program Files\Fichiers communs\DESIGNER
      [22/09/2005|11:45] C:\Program Files\Fichiers communs\InstallShield
      [22/09/2005|08:25] C:\Program Files\Fichiers communs\Java
      [09/12/2006|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
      [22/09/2005|08:07] C:\Program Files\Fichiers communs\MSSoap
      [22/09/2005|10:00] C:\Program Files\Fichiers communs\ODBC
      [11/02/2007|15:39] C:\Program Files\Fichiers communs\River Past
      [22/09/2005|08:07] C:\Program Files\Fichiers communs\Services
      [17/03/2007|20:48] C:\Program Files\Fichiers communs\Skype
      [22/09/2005|10:00] C:\Program Files\Fichiers communs\SpeechEngines
      [13/06/2007|08:19] C:\Program Files\Fichiers communs\System
      [13/03/2007|20:19] C:\Program Files\Fichiers communs\Wise Installation Wizard

      ---------------------------[ Process ]--------------------------

      ... 65

      ... OK !

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
      C:\Program Files\Circle Developement
      C:\Program Files\Circle Developement\Uninstall.exe
      C:\Program Files\Multi_Media_France
      C:\Program Files\Multi_Media_France\INSTALL.LOG
      C:\Program Files\Multi_Media_France\LanguagePack.xml
      C:\Program Files\Multi_Media_France\LocalSettings.txt
      C:\Program Files\Multi_Media_France\RadioPlayer
      C:\Program Files\Multi_Media_France\tbMul0.dll
      C:\Program Files\Multi_Media_France\tbMul1.dll
      C:\Program Files\Multi_Media_France\tbMult.dll
      C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
      C:\Program Files\Multi_Media_France\toolbar.cfg
      C:\Program Files\Multi_Media_France\UNWISE.EXE
      C:\Program Files\Multi_Media_France\UNWISE.INI
      C:\Program Files\Multi_Media_France\update.xml
      C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@banner.cotedazurpalace[2].txt
      C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@cotedazurpalace[1].txt
      C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@888[2].txt

      ----------------------[ Verification du Registre ]----------------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 72 ( 70 ## added by CiD )

      /!\ 1 Not 127.0.0.1 !!

      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-16 00:41:36
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------

      => C:\Documents and Settings\Pierre et Julien\Bureau\crack
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\game.dat
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\generals.exe
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\lisez moi.txt
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\WorldBuilder.exe
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Crackers, The - He Gone.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Faith No More - Crack Hitler.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Focus - Crackers.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Leftover Crack - Operation Mouve.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict (2).gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Nada Surf - Firecracker.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Pixies - Crackity Jones.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman (2).gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
      => C:\Documents and Settings\Pierre et Julien\Bureau\cc_generals-keygen.exe
      => C:\Documents and Settings\Pierre et Julien\Cookies\pierre_et_julien@keygenguru[1].txt
      => C:\Documents and Settings\Pierre et Julien\Local Settings\Temporary Internet Files\Content.IE5\UD8GWLVQ\keygenguru_com[1].htm


      [F:262][D:17]-> C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp
      [F:67][D:0]-> C:\DOCUME~1\PIERRE~1\Cookies
      [F:2047][D:4]-> C:\DOCUME~1\PIERRE~1\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 0:42:49,15 ]----------------------
      0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance Lop S&D
    ---> Choisis cette fois-ci l'option 2 (Suppression)
    ---> Ne ferme pas la fenêtre lors de la suppression !
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    ---> Reposte un rapport HijackThis
    0
    1. misterflex Messages postés 8 Statut Membre
       
      RAPPORT LOP


      -----------------------[ Lop S&D 4.2.1-5 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : Pierre et Julien ] [ "C:\Lop SD" ] [ Selection : 2 ]
      [ 16/06/2008 | 0:48:29,82 ] [ PC : PHILETBAB ]
      [ MAJ : 15-06-2008 | 18:55 ]


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

      Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
      Supprimé! - C:\Program Files\Multi_Media_France\INSTALL.LOG
      Supprimé! - C:\Program Files\Multi_Media_France\LanguagePack.xml
      Supprimé! - C:\Program Files\Multi_Media_France\LocalSettings.txt
      Supprimé! - C:\Program Files\Multi_Media_France\RadioPlayer
      Supprimé! - C:\Program Files\Multi_Media_France\tbMul0.dll
      Supprimé! - C:\Program Files\Multi_Media_France\tbMul1.dll
      Supprimé! - C:\Program Files\Multi_Media_France\tbMult.dll
      Supprimé! - C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
      Supprimé! - C:\Program Files\Multi_Media_France\toolbar.cfg
      Supprimé! - C:\Program Files\Multi_Media_France\UNWISE.EXE
      Supprimé! - C:\Program Files\Multi_Media_France\UNWISE.INI
      Supprimé! - C:\Program Files\Multi_Media_France\update.xml
      Supprimé! - C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@banner.cotedazurpalace[2].txt
      Supprimé! - C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@cotedazurpalace[1].txt
      Supprimé! - C:\DOCUME~1\PIERRE~1\Cookies\pierre_et_julien@888[2].txt
      Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
      Supprimé! - C:\Program Files\Circle Developement
      Supprimé! - C:\Program Files\Multi_Media_France
      Restauré! - Fichier Hosts

      //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      -------------[ Listing des dossiers dans Application Data ]------------

      [22/09/2005|13:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [30/09/2005|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [22/09/2005|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
      [22/09/2005|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\toshiba

      [18/03/2007|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [06/07/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiFreeMetaBody
      [18/04/2007|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [22/09/2005|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
      [30/01/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
      [28/06/2007|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [15/06/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [23/02/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
      [24/02/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [31/01/2007|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [22/09/2005|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [17/05/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
      [25/12/2006|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
      [13/01/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Recisio
      [11/02/2007|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
      [17/03/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [23/02/2008|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [15/06/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [09/12/2006|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

      [05/06/2008|18:48] C:\DOCUME~1\Babeth\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\Babeth\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\Babeth\APPLIC~1\Identities
      [03/12/2006|23:19] C:\DOCUME~1\Babeth\APPLIC~1\InterVideo
      [17/03/2007|12:33] C:\DOCUME~1\Babeth\APPLIC~1\Lavasoft
      [17/03/2007|12:33] C:\DOCUME~1\Babeth\APPLIC~1\Macromedia
      [17/03/2007|12:29] C:\DOCUME~1\Babeth\APPLIC~1\Microsoft
      [09/12/2006|21:23] C:\DOCUME~1\Babeth\APPLIC~1\Mozilla
      [26/02/2007|14:27] C:\DOCUME~1\Babeth\APPLIC~1\MSN Pictures Displayer
      [05/06/2008|18:47] C:\DOCUME~1\Babeth\APPLIC~1\Skype
      [22/09/2005|13:32] C:\DOCUME~1\Babeth\APPLIC~1\Sonic
      [12/02/2006|19:59] C:\DOCUME~1\Babeth\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\Babeth\APPLIC~1\toshiba
      [03/12/2006|23:09] C:\DOCUME~1\Babeth\APPLIC~1\vlc
      [05/06/2008|19:16] C:\DOCUME~1\Babeth\APPLIC~1\wklnhst.dat

      [22/09/2005|13:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [22/09/2005|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
      [22/09/2005|08:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [30/09/2005|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [22/09/2005|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [22/09/2005|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

      [13/01/2008|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
      [09/12/2006|19:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
      [28/01/2007|13:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

      [22/09/2005|08:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


      [26/01/2008|22:46] C:\DOCUME~1\PIERRE~1\APPLIC~1\Adobe
      [23/09/2007|01:10] C:\DOCUME~1\PIERRE~1\APPLIC~1\AdobeUM
      [18/04/2007|14:01] C:\DOCUME~1\PIERRE~1\APPLIC~1\Apple Computer
      [24/03/2008|12:55] C:\DOCUME~1\PIERRE~1\APPLIC~1\CDRusersDB.v12
      [22/09/2005|10:00] C:\DOCUME~1\PIERRE~1\APPLIC~1\desktop.ini
      [18/02/2008|18:08] C:\DOCUME~1\PIERRE~1\APPLIC~1\DivX
      [23/02/2008|16:03] C:\DOCUME~1\PIERRE~1\APPLIC~1\flap peak
      [27/12/2007|16:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
      [15/06/2008|23:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\Grisoft
      [22/09/2005|08:49] C:\DOCUME~1\PIERRE~1\APPLIC~1\Identities
      [15/06/2008|22:49] C:\DOCUME~1\PIERRE~1\APPLIC~1\Lavasoft
      [24/03/2008|12:34] C:\DOCUME~1\PIERRE~1\APPLIC~1\Macromedia
      [08/03/2008|19:16] C:\DOCUME~1\PIERRE~1\APPLIC~1\Media Player Classic
      [18/02/2008|18:08] C:\DOCUME~1\PIERRE~1\APPLIC~1\Micro Application
      [17/04/2007|13:46] C:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft
      [10/12/2006|02:02] C:\DOCUME~1\PIERRE~1\APPLIC~1\Microsoft Games
      [09/12/2006|19:35] C:\DOCUME~1\PIERRE~1\APPLIC~1\Mozilla
      [24/03/2007|17:28] C:\DOCUME~1\PIERRE~1\APPLIC~1\MPEG Streamclip
      [16/04/2007|13:35] C:\DOCUME~1\PIERRE~1\APPLIC~1\Notepad++
      [07/05/2007|20:36] C:\DOCUME~1\PIERRE~1\APPLIC~1\questdb.v12
      [22/09/2005|13:32] C:\DOCUME~1\PIERRE~1\APPLIC~1\Sonic
      [10/02/2007|13:06] C:\DOCUME~1\PIERRE~1\APPLIC~1\Symantec
      [27/09/2005|08:03] C:\DOCUME~1\PIERRE~1\APPLIC~1\toshiba
      [09/12/2006|18:50] C:\DOCUME~1\PIERRE~1\APPLIC~1\vlc
      [31/05/2008|17:52] C:\DOCUME~1\PIERRE~1\APPLIC~1\wklnhst.dat

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [07/05/2008 13:20][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [16/06/2008 00:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [22/09/2005|13:21] C:\Program Files\Adobe
      [02/01/2007|17:59] C:\Program Files\Ahead
      [23/02/2008|15:32] C:\Program Files\Alwil Software
      [22/09/2005|11:27] C:\Program Files\Apoint2K
      [24/03/2007|17:27] C:\Program Files\Apple Software Update
      [30/01/2007|13:35] C:\Program Files\Azureus
      [16/04/2007|12:37] C:\Program Files\C-Media Middleware
      [02/05/2008|19:44] C:\Program Files\Common~1
      [22/09/2005|08:05] C:\Program Files\ComPlus Applications
      [02/05/2008|19:37] C:\Program Files\Data Becker
      [08/09/2007|17:24] C:\Program Files\DivX
      [03/01/2007|18:17] C:\Program Files\DVD Shrink
      [20/12/2006|22:48] C:\Program Files\DVD X Player 4.0 Professionnel
      [28/01/2007|17:12] C:\Program Files\EA Games
      [15/06/2008|23:14] C:\Program Files\eMule
      [30/09/2005|13:20] C:\Program Files\Encarta
      [23/02/2008|15:15] C:\Program Files\Fichiers communs
      [23/03/2008|11:33] C:\Program Files\FileZilla Client
      [01/01/2008|19:41] C:\Program Files\flap peak
      [11/02/2007|16:46] C:\Program Files\Flash 32
      [25/12/2006|21:41] C:\Program Files\Freebrowser Heavy
      [03/12/2006|22:57] C:\Program Files\Freeplayer
      [08/03/2008|20:53] C:\Program Files\Google
      [15/06/2008|23:34] C:\Program Files\Grisoft
      [10/12/2006|19:42] C:\Program Files\Guitar Pro 5
      [02/05/2008|19:37] C:\Program Files\InstallShield Installation Information
      [22/09/2005|11:11] C:\Program Files\Intel
      [11/06/2008|00:08] C:\Program Files\Internet Explorer
      [22/09/2005|13:05] C:\Program Files\InterVideo
      [18/04/2007|14:01] C:\Program Files\iPod
      [18/04/2007|14:01] C:\Program Files\iTunes
      [22/09/2005|08:26] C:\Program Files\Java
      [20/01/2008|16:59] C:\Program Files\KaraFun
      [25/02/2007|20:34] C:\Program Files\Karasoft
      [13/01/2008|20:55] C:\Program Files\K-Lite Codec Pack
      [13/03/2007|20:20] C:\Program Files\Lavasoft
      [28/01/2007|13:10] C:\Program Files\Lexmark
      [22/09/2005|11:29] C:\Program Files\ltmoh
      [22/09/2005|08:19] C:\Program Files\Messenger
      [30/03/2008|11:50] C:\Program Files\Messenger Plus! Live
      [09/12/2006|19:29] C:\Program Files\MessengerPlus! 3
      [21/10/2007|11:18] C:\Program Files\Micro Application
      [30/09/2005|13:22] C:\Program Files\Microsoft AutoRoute
      [22/09/2005|08:09] C:\Program Files\microsoft frontpage
      [10/12/2006|01:48] C:\Program Files\Microsoft Games
      [30/01/2007|21:26] C:\Program Files\Microsoft Money 2005
      [05/12/2006|14:28] C:\Program Files\Microsoft Office
      [05/12/2006|14:28] C:\Program Files\Microsoft Visual Studio
      [05/12/2006|14:28] C:\Program Files\Microsoft Works
      [30/09/2005|13:17] C:\Program Files\Microsoft Works Suite 2005
      [22/09/2005|13:15] C:\Program Files\Microsoft.NET
      [22/09/2005|08:07] C:\Program Files\Movie Maker
      [16/06/2008|00:34] C:\Program Files\Mozilla Firefox
      [31/12/2006|13:02] C:\Program Files\MSN
      [22/09/2005|08:04] C:\Program Files\MSN Gaming Zone
      [30/03/2008|11:50] C:\Program Files\MSN Messenger
      [26/02/2007|14:51] C:\Program Files\MSN Pictures Displayer
      [22/09/2005|13:40] C:\Program Files\MSN Toolbar Suite
      [01/06/2007|19:57] C:\Program Files\Msncolor
      [13/02/2006|20:51] C:\Program Files\MSXML 4.0
      [25/12/2006|14:27] C:\Program Files\MUSK Codec Pack v5
      [22/09/2005|08:07] C:\Program Files\NetMeeting
      [16/04/2007|13:34] C:\Program Files\Notepad++
      [22/09/2005|13:42] C:\Program Files\Offre Wanadoo
      [25/12/2006|14:30] C:\Program Files\On2 Technologies
      [22/09/2005|08:05] C:\Program Files\Online Services
      [13/06/2007|08:19] C:\Program Files\Outlook Express
      [18/05/2007|23:26] C:\Program Files\PC Camera
      [12/02/2006|18:52] C:\Program Files\Picture It! Premium 10
      [12/01/2008|15:34] C:\Program Files\PowerQuest
      [24/03/2007|17:28] C:\Program Files\QuickTime
      [22/09/2005|08:07] C:\Program Files\Services en ligne
      [22/09/2005|11:22] C:\Program Files\SigmaTel
      [11/02/2007|15:16] C:\Program Files\Sim AQUARIUM 2
      [17/03/2007|20:55] C:\Program Files\Skype
      [21/12/2006|14:43] C:\Program Files\SLD Codec Pack
      [22/09/2005|13:09] C:\Program Files\Sonic
      [27/09/2005|08:14] C:\Program Files\Toshiba
      [03/05/2008|14:50] C:\Program Files\TrackMania Nations ESWC
      [27/05/2007|14:37] C:\Program Files\TrackMania Original Demo
      [16/06/2008|00:01] C:\Program Files\Trend Micro
      [22/09/2005|08:49] C:\Program Files\Uninstall Information
      [09/04/2007|15:37] C:\Program Files\Valve
      [09/12/2006|18:48] C:\Program Files\VideoLAN
      [02/01/2007|19:53] C:\Program Files\vso
      [05/06/2007|20:42] C:\Program Files\Windows Live
      [09/12/2006|18:57] C:\Program Files\Windows Media Connect 2
      [09/12/2006|18:57] C:\Program Files\Windows Media Player
      [22/09/2005|08:04] C:\Program Files\Windows NT
      [22/09/2005|08:05] C:\Program Files\Windows Plus
      [22/09/2005|08:07] C:\Program Files\WindowsUpdate
      [26/02/2007|12:58] C:\Program Files\WinRAR
      [22/09/2005|08:09] C:\Program Files\xerox
      [25/12/2006|14:30] C:\Program Files\XviD
      [23/02/2008|15:44] C:\Program Files\Zone Labs

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

      [18/03/2007|22:22] C:\Program Files\Fichiers communs\Adobe
      [02/01/2007|17:59] C:\Program Files\Fichiers communs\Ahead
      [05/12/2006|14:28] C:\Program Files\Fichiers communs\DESIGNER
      [22/09/2005|11:45] C:\Program Files\Fichiers communs\InstallShield
      [22/09/2005|08:25] C:\Program Files\Fichiers communs\Java
      [09/12/2006|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
      [22/09/2005|08:07] C:\Program Files\Fichiers communs\MSSoap
      [22/09/2005|10:00] C:\Program Files\Fichiers communs\ODBC
      [11/02/2007|15:39] C:\Program Files\Fichiers communs\River Past
      [22/09/2005|08:07] C:\Program Files\Fichiers communs\Services
      [17/03/2007|20:48] C:\Program Files\Fichiers communs\Skype
      [22/09/2005|10:00] C:\Program Files\Fichiers communs\SpeechEngines
      [13/06/2007|08:19] C:\Program Files\Fichiers communs\System
      [13/03/2007|20:19] C:\Program Files\Fichiers communs\Wise Installation Wizard

      ---------------------------[ Process ]--------------------------

      ... 64

      ... OK !

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      Aucun fichier / dossier Lop trouvé !

      ----------------------[ Verification du Registre ]----------------------

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-16 00:53:13
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------

      => C:\Documents and Settings\Pierre et Julien\Bureau\crack
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\game.dat
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\generals.exe
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\lisez moi.txt
      => C:\Documents and Settings\Pierre et Julien\Bureau\crack\WorldBuilder.exe
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Crackers, The - He Gone.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Faith No More - Crack Hitler.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Focus - Crackers.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Leftover Crack - Operation Mouve.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict (2).gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Nada Surf - Firecracker.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Pixies - Crackity Jones.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman (2).gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman.gp3
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
      => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
      => C:\Documents and Settings\Pierre et Julien\Bureau\cc_generals-keygen.exe
      => C:\Documents and Settings\Pierre et Julien\Cookies\pierre_et_julien@keygenguru[1].txt
      => C:\Documents and Settings\Pierre et Julien\Local Settings\Temporary Internet Files\Content.IE5\UD8GWLVQ\keygenguru_com[1].htm


      [F:263][D:17]-> C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp
      [F:64][D:0]-> C:\DOCUME~1\PIERRE~1\Cookies
      [F:2047][D:4]-> C:\DOCUME~1\PIERRE~1\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 0:53:57,81 ]----------------------













      RAPPORT HIJACKTHIS


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:56:34, on 16/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\00THotkey.exe
      C:\WINDOWS\system32\TFNF5.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [meta body blah clock] C:\Documents and Settings\All Users\Application Data\AntiFreeMetaBody\Rdr platform.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvvog.dll,startup
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
      O4 - HKCU\..\Run: [bytemp3] C:\DOCUME~1\PIERRE~1\APPLIC~1\FLAPPE~1\rect chic.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CS1\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    :d) Relance HijackThis et choisis Do a system scan only

    :d) Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [meta body blah clock] C:\Documents and Settings\All Users\Application Data\AntiFreeMetaBody\Rdr platform.exe

    O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvvog.dll,startup

    O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe

    O4 - HKCU\..\Run: [bytemp3] C:\DOCUME~1\PIERRE~1\APPLIC~1\FLAPPE~1\rect chic.exe

    O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll

    :d) Clique en bas sur Fix checked

    :d) Télécharge OTMoveIt2 à partir du lien ci-dessous :
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    :d) Enregistre le fichier sur le Bureau.

    :d) Redémarre ton PC en mode sans échec de préférence :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    ---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
    Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

    ---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

    C:\Documents and Settings\All Users\Application Data\AntiFreeMetaBody\
    C:\WINDOWS\system32\drvvog.dll
    C:\WINDOWS\system32\srvreg.exe
    C:\DOCUME~1\PIERRE~1\APPLIC~1\FLAPPE~1\
    C:\WINDOWS\SYSTEM32\winmqx32.dll

    ---> Clique sur MoveIt! pour lancer la suppression.
    Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

    Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

    :d) Poste un nouveau rapport HijackThis
    0
  4. misterflex Messages postés 8 Statut Membre
     
    desolé destrio
    je vais dormir je suis trop fatigué j'espère que tu seras la demain car je m'occuperai de tout ça
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonne nuit ;)
    0
    1. misterflex Messages postés 8 Statut Membre
       
      C:\Documents and Settings\All Users\Application Data\AntiFreeMetaBody moved successfully.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\drvvog.dll
      C:\WINDOWS\system32\drvvog.dll NOT unregistered.
      C:\WINDOWS\system32\drvvog.dll moved successfully.
      File/Folder C:\WINDOWS\system32\srvreg.exe not found.
      C:\DOCUME~1\PIERRE~1\APPLIC~1\FLAPPE~1 moved successfully.
      DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winmqx32.dll
      C:\WINDOWS\SYSTEM32\winmqx32.dll NOT unregistered.
      C:\WINDOWS\SYSTEM32\winmqx32.dll moved successfully.
      File/Folder not found.

      OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_122035


      RAPPORT HIJACKTHIS

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:25:07, on 16/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Safe mode with network support

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CS1\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Re,

    Le rapport HijackThis, faut le faire en mode normal ;)
    0
    1. misterflex Messages postés 8 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:32:22, on 16/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\system32\00THotkey.exe
      C:\WINDOWS\system32\TFNF5.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\setup\avast.setup
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\eHome\ehmsas.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CS1\Services\Tcpip\..\{4B9A9CCC-5785-40A4-9E56-EC51A4ADCE20}: NameServer = 212.27.54.252,212.27.53.252
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    T'as oublié de fixer cette ligne :
    O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

    Je te conseille de faire ceci :

    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Démarre en mode sans échec :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. misterflex Messages postés 8 Statut Membre
       
      Malwarebytes' Anti-Malware 1.17
      Version de la base de données: 859

      13:29:55 16/06/2008
      mbam-log-6-16-2008 (13-29-47).txt

      Type de recherche: Examen rapide
      Eléments examinés: 49609
      Temps écoulé: 4 minute(s), 21 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Pierre et Julien\Local Settings\Temp\gos27.tmp (Trojan.Fakealert) -> No action taken.
      0
      1. misterflex Messages postés 8 Statut Membre > misterflex Messages postés 8 Statut Membre
         
        j'ai supprimer toutes les affections dans Malwarebytes' Anti-Malware .
        0
  9. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonjour

    Au passage, ne pas oublier de virer ce qu'à signaler LOP S&D

    Une sacré collection de cracks et Keygens !! Pas bien !! On ne cherchera pas la cause de cette infection ...

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\Pierre et Julien\Bureau\crack
    => C:\Documents and Settings\Pierre et Julien\Bureau\crack\game.dat
    => C:\Documents and Settings\Pierre et Julien\Bureau\crack\generals.exe
    => C:\Documents and Settings\Pierre et Julien\Bureau\crack\lisez moi.txt
    => C:\Documents and Settings\Pierre et Julien\Bureau\crack\WorldBuilder.exe
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Crackers, The - He Gone.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Faith No More - Crack Hitler.gp3
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Focus - Crackers.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Leftover Crack - Operation Mouve.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict (2).gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Limp Bizkit - Crack Addict.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Nada Surf - Firecracker.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Pixies - Crackity Jones.gp3
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman (2).gp3
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Stone Temple Pilots - Crackerman.gp3
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
    => C:\Documents and Settings\Pierre et Julien\Mes documents\GP4-GP5ThŠque\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
    => C:\Documents and Settings\Pierre et Julien\Bureau\cc_generals-keygen.exe
    => C:\Documents and Settings\Pierre et Julien\Cookies\pierre_et_julien@keygenguru[1].txt
    => C:\Documents and Settings\Pierre et Julien\Local Settings\Temporary Internet Files\Content.IE5\UD8GWLVQ\keygenguru_com[1].htm

    @ lire :

    * L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci :

    Les dangers des cracks : http://forum.malekal.com/ftopic893.php

    Le crack dans toute sa splendeur, journal d'une infection attendue
    :
    https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/

    Il doit encore rester du Vundo ...

    Bonne continuation.
    0