Rapport HijackThis... aider moi

Réponse 1 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Salut,
Bien infecté ...
Commence par ce-ci :

1-Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .
Cette manipe va nous permettre de voir l'infection Vundo ...

-!!Déconnectes toi et fermes toute tes applications en cours !!

Fais un scan monjack (ou HijackThis renommé) et postes le nouveau rapport généré pour analyse ...

Ensuite :
2-Télécharges Navilog1 sur ton bureau :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

!! Déconnectes toi,désactives tes défences( anti-virus,anti-spyware ) et fermes bien toutes tes applications le temps de la manipe !!

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

Appuies sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite .

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" )

TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901

evaromain Messages postés 142 Statut Membre

merci de m'aider, je vais essayer tout ca merci encore

evaromain Messages postés 142 Statut Membre > evaromain Messages postés 142 Statut Membre

voila, j'ai renomer et refait un rapport
ca donne ceci
je vais faire la 2eme partie de ce que tu me conseillait
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:27, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6359EE29-5B3A-409C-BC22-460AA1C5F979} - C:\WINDOWS\system32\mlJCuUkK.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\spvtmigk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [error junk] C:\DOCUME~1\EMILIE~1\APPLIC~1\ABOUTM~1\Toolaxis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: jbllrlot.dll yxclparv.dll bctgioht.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447746677_small.jpg
O24 - Desktop Component 1: (no name) - http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447702769.jpg

Réponse 2 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

OK ...

evaromain Messages postés 142 Statut Membre

voila c'est fait je t envoi ce que tu ma demander.

Search Navipromo version 3.5.9 commencé le 25/06/2008 à 11:07:40,67

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "emilie molle"

Mise à jour le 24.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\emilie molle\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\emilie molle\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" *

Fichiers trouvés :

vyvaggy.exe trouvé !
vyvaggy.exe trouvé !

*** Recherche fichiers ***

C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\KkUuCJlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\NpqpAJlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 25/06/2008 à 11:15:36,79 ***

Réponse 3 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Très bien ...

La suite :
!! Déconnectes toi, désactives tes défences ( anti-virus,anti-spyware ) et fermes bien toutes tes applications le temps de la manipe !!

--->Double-cliques sur le raccourci Navilog1

Arriver au menu principal, choisir l'option 2 et valider (nettoyage "automatique" ).

Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes
et appuyer sur une touche comme demandé.( important : si le PC ne redémarre pas automatiquement, le faire manuellement )
Au redémarrage du PC, choisir la session habituelle si nécessaire.

Patienter jusqu'au message : "Nettoyage Terminé le ..."

Le bureau revient, puis le bloc-note s'ouvre .
Sauvegarder ce rapport de manière à le retrouver, puis fermer le bloc-note ...
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt")

Postes ce rapport accompagné, dans la même réponse, d'un nouveau rapport hijacthis pour analyse et attends la suite ...

(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.)

evaromain Messages postés 142 Statut Membre

voila le message et ensuite le rapport:

Clean Navipromo version 3.5.9 commencé le 25/06/2008 à 11:24:43,39

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "emilie molle"

Mise à jour le 24.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" *

vyvaggy.exe trouvé !
Copie vyvaggy.exe réalisée avec succès !
vyvaggy.exe supprimé !

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\emilie molle\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\emilie molle\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\emilie molle\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\emilie molle\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 25/06/2008 à 11:31:07,75 ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:59, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O2 - BHO: (no name) - {E1871EF5-0267-490D-9FFE-8279CFEAF893} - C:\WINDOWS\system32\mlJCuUkK.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\spvtmigk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [error junk] C:\DOCUME~1\EMILIE~1\APPLIC~1\ABOUTM~1\Toolaxis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: jbllrlot.dll yxclparv.dll bctgioht.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447746677_small.jpg
O24 - Desktop Component 1: (no name) - http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447702769.jpg

Réponse 4 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

On continue ,

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Ensuite :
!!Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...) le temps de la manipe !!

Installes le soft à la racine de C\ ( et pas ailleur! --->"C\:SmitfraudFix.exe" ) : double clique sur l'.exe pour le décompresser et lancer le fix.

Utilisation ----> option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

Postes le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

evaromain Messages postés 142 Statut Membre

voila

SmitFraudFix v2.328

Rapport fait à 12:03:17,40, 25/06/2008
Executé à partir de C:\Documents and Settings\emilie molle\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Documents and Settings\emilie molle\Bureau\SmitfraudFix\Policies.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\emilie molle

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\emilie molle\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EMILIE~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447746677_small.jpg"
"SubscribedURL"="http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447746677_small.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447702769.jpg"
"SubscribedURL"="http://1b.img.v4.skyrock.com/1b3/zebre6041/pics/1447702769.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="jbllrlot.dll yxclparv.dll bctgioht.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS190 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 5 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

* Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous :) )

*Double click sur SmitfraudFix.exe

* Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer
le fond d'écran et supprimer les clés de registre de l'infection.

( Le correctif déterminera si le fichier wininet.dll est infecté.)

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement )

Le rapport se trouve à la racine de C\:
(dans le fichier "rapport.txt")

Postes moi ce dernier rapport accompagné, dans la même réponse, d'un nouveau rapport hijackthis ( fais en mode normal ) dans ton prochain message et attends les instructions ...

evaromain Messages postés 142 Statut Membre

ok je vais faire ca tout de suite. merci beaucoup pour ta patience et ton aide en tout cas

je te remet les rapports des que c'est fait
merci

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > evaromain Messages postés 142 Statut Membre

Pas de prb ^^
C'est qu' il reste encore du boulot ...

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

voila le rapport. et juste apres que le nettoyage eu terminé mon image de fond s'est effacer de mon bureau et c'est un fond bleu qui est apparue maiq mon bureau est toujours la

SmitFraudFix v2.328

Rapport fait à 12:36:37,57, 25/06/2008
Executé à partir de C:\Documents and Settings\emilie molle\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS190 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{38B411A3-D3C0-451F-823E-777029041DB5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 6 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Un nouveau rapport hijackthis maitenant ...

Pour ton fond d'écran c'est normal ... tu n'auras qu' à en remettre un après la désinfection :)

evaromain Messages postés 142 Statut Membre

oui juste j'ai oublier
voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:55, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O2 - BHO: (no name) - {BB954B86-F399-4533-8505-320A2C9F9031} - C:\WINDOWS\system32\mlJCuUkK.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\spvtmigk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [error junk] C:\DOCUME~1\EMILIE~1\APPLIC~1\ABOUTM~1\Toolaxis.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: jbllrlot.dll yxclparv.dll bctgioht.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 7 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bien ... la suite des opérations :

1-Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

*Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"
*cocher dans le menu "Nettoyeur" - "onglet Windows" -> "Avancé" : "Vieilles données du Prefetch"
( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

Utilisation:
vas dans "nettoyeur" : fait analyse puis nettoyage
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

2-A-Vas dans panneau de config/ajout et suppression de prg .
regardes dans la listes si tu trouves un prg comme : " CID Help ", "Circle Developement" ou
"Adverts" --->si ils s'y trouvent , supprimes les .

B-Télécharges Lopxp (by Moe) : http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
-> Double click sur Lopxpsetup.exe pour lancer l'installation
-> Choisis l'option 1
-> Patientes jusqu'à ce qu'on te demande d'appuyer sur une touche.
-> Un rapport sera alors crée, copie/colle le dans ta prochaine réponse ...

evaromain Messages postés 142 Statut Membre

voila ce que ça donne
par contre je n'ai pas pu accéder a mon panneau de configuration. a chaque fois que je voulait y rentrer mon bureau s'effaçait et se remettait 30 secondes après mais n ouvrait pas le programme demander

# Rapport Lopxp fait le 25/06/2008 à 13:54:17
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008

Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\iexplore.exe" (3516)
"C:\Program Files\Internet Explorer\iexplore.exe" (3860)

========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2008-04-06 à 09:44:18 - aim rect help creative
2007-12-05 à 17:21:59 - AVS4YOU
2008-01-21 à 12:46:10 - eBay
2008-02-17 à 17:16:42 - Google
2008-03-04 à 06:25:20 - Hewlett-Packard
2008-03-04 à 06:16:20 - HP
2008-03-04 à 06:15:22 - HP Product Assistant
2008-04-05 à 08:53:46 - HPSSUPPLY
2008-06-10 à 19:41:43 - LogMeIn
2008-06-10 à 19:09:44 - LookMyPC
2008-02-16 à 23:19:51 - Messenger Plus!
2008-03-07 à 15:45:44 - Microsoft
2008-06-16 à 13:10:59 - Microsoft Help
2008-02-07 à 22:43:51 - Nero
2008-04-02 à 14:48:50 - OutilsWW
2008-04-30 à 20:32:29 - RoboForm
2008-06-25 à 06:17:41 - SUPERAntiSpyware.com
2008-02-01 à 06:49:44 - Symantec
2008-06-25 à 05:34:41 - TEMP
2008-03-04 à 06:27:17 - WEBREG
2007-12-08 à 12:25:16 - Windows Genuine Advantage
2008-02-17 à 18:35:19 - WLInstaller
2007-12-02 à 08:34:10 - Zylom

+- C:\Documents and Settings\emilie molle\Application Data

2007-12-05 à 16:06:15 - 3M
2008-04-06 à 09:44:34 - Aboutmeta
2008-02-18 à 13:41:08 - Adobe
2007-12-05 à 17:22:04 - AVS4YOU
2008-03-19 à 13:28:36 - Calendrier Xtra
2008-05-23 à 07:56:29 - Dealio
2008-02-07 à 23:04:41 - Desktop3D
2008-01-23 à 10:54:53 - eBay
2008-02-17 à 17:15:42 - EoRezo
2008-05-23 à 07:54:31 - ESTsoft
2008-02-12 à 13:16:43 - Google
2007-11-26 à 11:07:14 - Help
2008-04-18 à 08:32:06 - Hotbar_Icons
2008-03-04 à 06:30:08 - HP
2008-03-04 à 06:19:05 - HPAppData
2007-11-23 à 15:15:47 - Identities
2008-02-07 à 18:03:19 - ItsLabel
2008-05-01 à 10:44:43 - LimeWire
2008-05-23 à 07:53:53 - Macromedia
2008-01-06 à 17:19:12 - Media Player Classic
2008-06-16 à 13:11:00 - Microsoft
2008-02-16 à 20:27:10 - Mozilla
2008-02-08 à 17:54:26 - MSNInstaller
2008-01-24 à 11:19:13 - Nero
2008-04-19 à 10:53:00 - ooVoo Details
2008-02-29 à 09:03:25 - Search Settings
2008-02-22 à 16:15:25 - Studio-Scrap
2007-12-01 à 11:55:22 - Sun
2008-06-25 à 06:17:16 - SUPERAntiSpyware.com
2007-11-29 à 06:41:57 - Talkback
2008-02-17 à 19:13:48 - vlc
2008-01-21 à 12:46:51 - WholeSecurity
2008-02-08 à 19:02:52 - Windows Live Writer
2008-01-08 à 11:04:01 - WinRAR

+- C:\Documents and Settings\emilie molle\Local Settings\Application Data

2008-01-29 à 13:18:52 - Ahead
2008-05-26 à 15:03:02 - Google
2007-11-26 à 11:07:14 - Help
2008-03-04 à 06:30:43 - HP
2007-11-26 à 13:10:03 - Identities
2008-06-10 à 19:41:43 - LogMeIn
2008-03-16 à 08:26:50 - Microsoft
2008-03-07 à 15:35:12 - Microsoft Help
2008-02-16 à 20:27:10 - Mozilla
2008-01-24 à 11:27:03 - Nero
2008-02-17 à 21:39:52 - Pando
2008-04-23 à 12:20:40 - SM
2007-11-23 à 15:48:05 - SupportSoft
2008-02-08 à 19:00:42 - Windows Live Writer
2008-01-03 à 10:45:15 - WMTools Downloaded Files
2008-02-17 à 21:38:06 - {F142F840-2743-4B48-B22F-9862A33CA2F7}

========== Listing du dossier Program Files

+- C:\Program Files

2008-04-06 à 09:43:47 - Aboutmeta
2008-02-07 à 22:04:14 - Ahead
2008-05-23 à 08:14:07 - AskTBar
2008-02-17 à 17:12:42 - AVS4YOU
2008-03-03 à 05:54:25 - AXEL
2008-06-25 à 11:39:51 - CCleaner
2008-04-06 à 09:43:28 - Circle Developement
2007-12-05 à 14:08:21 - Common Files
2007-11-05 à 11:41:57 - ComPlus Applications
2008-04-20 à 07:43:13 - CyberQix
2008-02-29 à 08:33:51 - Dealio
2007-11-25 à 18:33:37 - directx
2008-02-17 à 18:10:47 - eBay
2008-02-17 à 19:12:57 - eMule
2008-02-17 à 17:15:44 - EoRezo
2008-05-23 à 07:54:31 - ESTsoft
2008-06-25 à 06:16:50 - Fichiers communs
2008-02-17 à 17:24:50 - FrameShow
2007-12-11 à 08:53:20 - GameSpy Arcade
2008-05-23 à 07:36:50 - Google
2008-03-04 à 06:14:07 - Hewlett-Packard
2008-04-05 à 08:43:16 - HP
2008-05-23 à 07:42:02 - InstallShield Installation Information
2008-04-13 à 22:08:31 - Internet Explorer
2008-05-23 à 17:46:56 - Java
2008-03-21 à 20:29:47 - LimeWire
2008-06-13 à 05:18:42 - LogMeIn
2008-06-25 à 11:54:47 - Lopxp
2007-11-25 à 18:44:57 - Megaware
2007-11-27 à 08:05:53 - Messenger
2008-04-06 à 09:43:28 - Messenger Plus! Live
2007-11-05 à 11:45:02 - microsoft frontpage
2008-03-07 à 15:47:21 - Microsoft Office
2008-02-08 à 18:13:07 - Microsoft SQL Server Compact Edition
2007-11-24 à 16:16:52 - Microsoft Visual Studio
2008-03-07 à 15:37:10 - Microsoft Visual Studio 8
2008-03-07 à 15:48:10 - Microsoft Works
2008-03-07 à 15:45:44 - Microsoft.NET
2007-11-05 à 11:42:32 - Movie Maker
2008-06-25 à 11:50:42 - Mozilla Firefox
2008-05-23 à 07:53:53 - Mozilla Sunbird
2008-03-07 à 15:47:48 - MSBuild
2008-02-17 à 18:29:00 - MSN
2007-11-05 à 11:41:13 - MSN Gaming Zone
2008-01-26 à 02:00:29 - MSXML 4.0
2008-06-25 à 09:31:08 - Navilog1
2008-01-24 à 11:15:39 - Nero
2008-02-07 à 22:38:38 - NeroInstall.bak
2007-11-05 à 11:42:47 - NetMeeting
2008-02-05 à 10:09:10 - Norton AntiVirus
2008-06-25 à 06:40:51 - Norton Security Scan
2007-11-05 à 11:41:22 - Online Services
2008-05-16 à 17:38:46 - ooVoo
2007-11-27 à 08:05:00 - Outlook Express
2008-02-17 à 21:38:45 - Pando Networks
2008-06-03 à 19:44:36 - PartyGaming
2008-03-11 à 13:15:28 - PhotoFiltre
2008-02-17 à 17:25:08 - PhotoMix
2008-05-26 à 15:02:44 - Picasa2
2008-06-10 à 07:26:40 - ProtectionAssuree
2008-05-23 à 07:38:17 - Rainlendar2
2008-01-06 à 16:03:13 - REGSHAVE
2008-02-05 à 15:08:34 - Seagrand
2008-02-29 à 08:34:17 - Search Settings
2007-11-05 à 11:43:35 - Services en ligne
2007-11-07 à 06:31:32 - Silicon Integrated Systems
2007-11-07 à 06:26:21 - SiS VGA Utilities V3.80
2008-04-23 à 12:28:48 - SM
2008-06-25 à 10:34:25 - Spyware-Secure
2008-03-11 à 13:04:06 - Studio-Scrap
2008-02-16 à 22:52:41 - StuffPlug3
2008-05-23 à 17:47:57 - Sun
2008-06-25 à 06:17:20 - SUPERAntiSpyware
2008-02-17 à 17:20:05 - Symantec
2008-02-17 à 16:31:30 - ToniArts
2008-02-22 à 16:00:40 - Tracker Software
2008-06-25 à 08:14:07 - Trend Micro
2008-06-24 à 16:39:49 - TrojansFiltre
2007-11-07 à 06:10:22 - Uninstall Information
2008-02-17 à 19:16:06 - VideoLAN
2008-02-27 à 21:53:15 - Windows Live
2008-05-23 à 07:42:38 - Windows Live Toolbar
2008-05-23 à 07:45:42 - Windows Media Connect 2
2008-05-23 à 07:47:38 - Windows Media Player
2007-11-05 à 11:41:02 - Windows NT
2007-11-23 à 13:54:55 - Windows Sidebar
2007-11-05 à 11:43:37 - WindowsUpdate
2008-06-25 à 05:39:53 - Winsos
2008-02-02 à 07:36:17 - Wondershare
2007-11-05 à 11:45:02 - xerox
2008-05-23 à 08:20:02 - Yahoo!

========== Tâches planifiées

A62D3D4F919AB667.job: c:\docume~1\emilie~1\applic~1\aboutm~1\bend64build.exe
Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job: C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Norton AntiVirus - Effectuer une analyse complète du système - Windows.job: C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"

========== Clés registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"error junk"="C:\DOCUME~1\EMILIE~1\APPLIC~1\ABOUTM~1\Toolaxis.exe"

========== Bloqueur popups Internet Explorer

www.skyrock.com
www.fil-info-france.com
www.le-test.net

========== Suggestion ( /!\ Nécessite une interprétation.) ==========

C:\Documents and Settings\All Users\Application Data\aim rect help creative
C:\Program Files\Circle Developement
C:\WINDOWS\tasks\A62D3D4F919AB667.job

+- Registre:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"error junk"=-

- Fin du rapport -

Réponse 8 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Vu ...

Aller dans : Démarrer -->commande "Exécuter" puis copie/colle la ligne suivante :

"%programfiles%\Lopxp\Lopxp.bat" /Fixme

---> puis valide, et laisses toi guider

il te seras demandé de valider ou de refuser la suppression de certains fichiers :
(Pour chaque fichier, il faudra accepter ( appuyer sur la touche y ) ou refuser ( appuyer sur la touche n ) la suppression ) ---> Appuies sur Y à chaque fois ( suprimes tout )

pour info : Les sauvegardes de chaque suppression seront stockées dans le dossier C:\Programfiles\Lopxp\Sauvegardes --->postes ce rapport accompagné d'un nouvel hijackthis pour analyse ...

evaromain Messages postés 142 Statut Membre

voici les rapports

# Rapport Lopxp fait le 25/06/2008 à 14:14:01
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008

========== FixLog ==========

+- C:\Documents and Settings\All Users\Application Data\aim rect help creative
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\Program Files\Circle Developement
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- C:\WINDOWS\tasks\A62D3D4F919AB667.job
Choix utilisateur : Suppression acceptée.
Déplacé avec succès.

+- Registre :
Nettoyage effectué.

+- Fichiers temporaires :
Nettoyage effectué.

========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2007-12-05 à 17:21:59 - AVS4YOU
2008-01-21 à 12:46:10 - eBay
2008-02-17 à 17:16:42 - Google
2008-03-04 à 06:25:20 - Hewlett-Packard
2008-03-04 à 06:16:20 - HP
2008-03-04 à 06:15:22 - HP Product Assistant
2008-04-05 à 08:53:46 - HPSSUPPLY
2008-06-10 à 19:41:43 - LogMeIn
2008-06-10 à 19:09:44 - LookMyPC
2008-02-16 à 23:19:51 - Messenger Plus!
2008-03-07 à 15:45:44 - Microsoft
2008-06-16 à 13:10:59 - Microsoft Help
2008-02-07 à 22:43:51 - Nero
2008-04-02 à 14:48:50 - OutilsWW
2008-04-30 à 20:32:29 - RoboForm
2008-06-25 à 06:17:41 - SUPERAntiSpyware.com
2008-02-01 à 06:49:44 - Symantec
2008-06-25 à 05:34:41 - TEMP
2008-03-04 à 06:27:17 - WEBREG
2007-12-08 à 12:25:16 - Windows Genuine Advantage
2008-02-17 à 18:35:19 - WLInstaller
2007-12-02 à 08:34:10 - Zylom

+- C:\Documents and Settings\emilie molle\Application Data

2007-12-05 à 16:06:15 - 3M
2008-04-06 à 09:44:34 - Aboutmeta
2008-02-18 à 13:41:08 - Adobe
2007-12-05 à 17:22:04 - AVS4YOU
2008-03-19 à 13:28:36 - Calendrier Xtra
2008-05-23 à 07:56:29 - Dealio
2008-02-07 à 23:04:41 - Desktop3D
2008-01-23 à 10:54:53 - eBay
2008-02-17 à 17:15:42 - EoRezo
2008-05-23 à 07:54:31 - ESTsoft
2008-02-12 à 13:16:43 - Google
2007-11-26 à 11:07:14 - Help
2008-04-18 à 08:32:06 - Hotbar_Icons
2008-03-04 à 06:30:08 - HP
2008-03-04 à 06:19:05 - HPAppData
2007-11-23 à 15:15:47 - Identities
2008-02-07 à 18:03:19 - ItsLabel
2008-05-01 à 10:44:43 - LimeWire
2008-05-23 à 07:53:53 - Macromedia
2008-01-06 à 17:19:12 - Media Player Classic
2008-06-16 à 13:11:00 - Microsoft
2008-02-16 à 20:27:10 - Mozilla
2008-02-08 à 17:54:26 - MSNInstaller
2008-01-24 à 11:19:13 - Nero
2008-04-19 à 10:53:00 - ooVoo Details
2008-02-29 à 09:03:25 - Search Settings
2008-02-22 à 16:15:25 - Studio-Scrap
2007-12-01 à 11:55:22 - Sun
2008-06-25 à 06:17:16 - SUPERAntiSpyware.com
2007-11-29 à 06:41:57 - Talkback
2008-02-17 à 19:13:48 - vlc
2008-01-21 à 12:46:51 - WholeSecurity
2008-02-08 à 19:02:52 - Windows Live Writer
2008-01-08 à 11:04:01 - WinRAR

+- C:\Documents and Settings\emilie molle\Local Settings\Application Data

2008-01-29 à 13:18:52 - Ahead
2008-05-26 à 15:03:02 - Google
2007-11-26 à 11:07:14 - Help
2008-03-04 à 06:30:43 - HP
2007-11-26 à 13:10:03 - Identities
2008-06-10 à 19:41:43 - LogMeIn
2008-03-16 à 08:26:50 - Microsoft
2008-03-07 à 15:35:12 - Microsoft Help
2008-02-16 à 20:27:10 - Mozilla
2008-01-24 à 11:27:03 - Nero
2008-02-17 à 21:39:52 - Pando
2008-04-23 à 12:20:40 - SM
2007-11-23 à 15:48:05 - SupportSoft
2008-02-08 à 19:00:42 - Windows Live Writer
2008-01-03 à 10:45:15 - WMTools Downloaded Files
2008-02-17 à 21:38:06 - {F142F840-2743-4B48-B22F-9862A33CA2F7}

========== Listing du dossier Program Files

+- C:\Program Files

2008-04-06 à 09:43:47 - Aboutmeta
2008-02-07 à 22:04:14 - Ahead
2008-05-23 à 08:14:07 - AskTBar
2008-02-17 à 17:12:42 - AVS4YOU
2008-03-03 à 05:54:25 - AXEL
2008-06-25 à 11:39:51 - CCleaner
2007-12-05 à 14:08:21 - Common Files
2007-11-05 à 11:41:57 - ComPlus Applications
2008-04-20 à 07:43:13 - CyberQix
2008-02-29 à 08:33:51 - Dealio
2007-11-25 à 18:33:37 - directx
2008-02-17 à 18:10:47 - eBay
2008-02-17 à 19:12:57 - eMule
2008-02-17 à 17:15:44 - EoRezo
2008-05-23 à 07:54:31 - ESTsoft
2008-06-25 à 06:16:50 - Fichiers communs
2008-02-17 à 17:24:50 - FrameShow
2007-12-11 à 08:53:20 - GameSpy Arcade
2008-05-23 à 07:36:50 - Google
2008-03-04 à 06:14:07 - Hewlett-Packard
2008-04-05 à 08:43:16 - HP
2008-05-23 à 07:42:02 - InstallShield Installation Information
2008-04-13 à 22:08:31 - Internet Explorer
2008-05-23 à 17:46:56 - Java
2008-03-21 à 20:29:47 - LimeWire
2008-06-13 à 05:18:42 - LogMeIn
2008-06-25 à 12:15:33 - Lopxp
2007-11-25 à 18:44:57 - Megaware
2007-11-27 à 08:05:53 - Messenger
2008-04-06 à 09:43:28 - Messenger Plus! Live
2007-11-05 à 11:45:02 - microsoft frontpage
2008-03-07 à 15:47:21 - Microsoft Office
2008-02-08 à 18:13:07 - Microsoft SQL Server Compact Edition
2007-11-24 à 16:16:52 - Microsoft Visual Studio
2008-03-07 à 15:37:10 - Microsoft Visual Studio 8
2008-03-07 à 15:48:10 - Microsoft Works
2008-03-07 à 15:45:44 - Microsoft.NET
2007-11-05 à 11:42:32 - Movie Maker
2008-06-25 à 11:50:42 - Mozilla Firefox
2008-05-23 à 07:53:53 - Mozilla Sunbird
2008-03-07 à 15:47:48 - MSBuild
2008-02-17 à 18:29:00 - MSN
2007-11-05 à 11:41:13 - MSN Gaming Zone
2008-01-26 à 02:00:29 - MSXML 4.0
2008-06-25 à 09:31:08 - Navilog1
2008-01-24 à 11:15:39 - Nero
2008-02-07 à 22:38:38 - NeroInstall.bak
2007-11-05 à 11:42:47 - NetMeeting
2008-02-05 à 10:09:10 - Norton AntiVirus
2008-06-25 à 06:40:51 - Norton Security Scan
2007-11-05 à 11:41:22 - Online Services
2008-05-16 à 17:38:46 - ooVoo
2007-11-27 à 08:05:00 - Outlook Express
2008-02-17 à 21:38:45 - Pando Networks
2008-06-03 à 19:44:36 - PartyGaming
2008-03-11 à 13:15:28 - PhotoFiltre
2008-02-17 à 17:25:08 - PhotoMix
2008-05-26 à 15:02:44 - Picasa2
2008-06-10 à 07:26:40 - ProtectionAssuree
2008-05-23 à 07:38:17 - Rainlendar2
2008-01-06 à 16:03:13 - REGSHAVE
2008-02-05 à 15:08:34 - Seagrand
2008-02-29 à 08:34:17 - Search Settings
2007-11-05 à 11:43:35 - Services en ligne
2007-11-07 à 06:31:32 - Silicon Integrated Systems
2007-11-07 à 06:26:21 - SiS VGA Utilities V3.80
2008-04-23 à 12:28:48 - SM
2008-06-25 à 10:34:25 - Spyware-Secure
2008-03-11 à 13:04:06 - Studio-Scrap
2008-02-16 à 22:52:41 - StuffPlug3
2008-05-23 à 17:47:57 - Sun
2008-06-25 à 06:17:20 - SUPERAntiSpyware
2008-02-17 à 17:20:05 - Symantec
2008-02-17 à 16:31:30 - ToniArts
2008-02-22 à 16:00:40 - Tracker Software
2008-06-25 à 08:14:07 - Trend Micro
2008-06-24 à 16:39:49 - TrojansFiltre
2007-11-07 à 06:10:22 - Uninstall Information
2008-02-17 à 19:16:06 - VideoLAN
2008-02-27 à 21:53:15 - Windows Live
2008-05-23 à 07:42:38 - Windows Live Toolbar
2008-05-23 à 07:45:42 - Windows Media Connect 2
2008-05-23 à 07:47:38 - Windows Media Player
2007-11-05 à 11:41:02 - Windows NT
2007-11-23 à 13:54:55 - Windows Sidebar
2007-11-05 à 11:43:37 - WindowsUpdate
2008-06-25 à 05:39:53 - Winsos
2008-02-02 à 07:36:17 - Wondershare
2007-11-05 à 11:45:02 - xerox
2008-05-23 à 08:20:02 - Yahoo!

========== Tâches planifiées

Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job: C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Norton AntiVirus - Effectuer une analyse complète du système - Windows.job: C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"

========== Clés registre

========== Bloqueur popups Internet Explorer

www.skyrock.com
www.fil-info-france.com
www.le-test.net

========== Suggestion ( /!\ Nécessite une interprétation.) ==========

+- Registre : Aucune suggestion.

- Fin du rapport -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:43, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O2 - BHO: (no name) - {BB954B86-F399-4533-8505-320A2C9F9031} - C:\WINDOWS\system32\mlJCuUkK.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\spvtmigk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: jbllrlot.dll yxclparv.dll bctgioht.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 9 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour .

Impératif : redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

evaromain Messages postés 142 Statut Membre

voila ca a ete un peu long mais j'ai les rapports
apparement certains spywer n ont pas su s 'effacer

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890

15:11:19 25/06/2008
mbam-log-6-25-2008 (15-11-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 75840
Temps écoulé: 32 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3334da50 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\atcrfumo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\omufrcta.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iouuloaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\faoluuoi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KkUuCJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KkUuCJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\monmkghr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhgkmnom.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypwpgswk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwsgpwpy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP229\A0044753.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP250\A0051188.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spvtmigk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890

15:11:19 25/06/2008
mbam-log-6-25-2008 (15-11-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 75840
Temps écoulé: 32 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3334da50 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\atcrfumo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\omufrcta.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iouuloaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\faoluuoi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KkUuCJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KkUuCJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\monmkghr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhgkmnom.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypwpgswk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwsgpwpy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP229\A0044753.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP250\A0051188.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spvtmigk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Delete on reboot.

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > evaromain Messages postés 142 Statut Membre

tu m'as poster 2 fois Malwarebytes , ... il me faut le nouvel hijackthis ;)

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

oupsss desole une erreur de manipulation

voila la bon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:18, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: jbllrlot.dll yxclparv.dll bctgioht.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 10 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Impec ...

fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

evaromain Messages postés 142 Statut Membre

merci de ton aide je vais faire ca tout de suite

evaromain Messages postés 142 Statut Membre > evaromain Messages postés 142 Statut Membre

j'ai un petit soucis, quand l'ordinateur a redémarrer, combofix s'est ouvert et était en train de préparer le rapport, après 15-20 minutes d'attentes il marquait: le fichier est introuvable et apres la fenetre s'est éteinte. je n'arrive pas a trouver le rapport. et en plus, il a mis internet explorer en moteur de recherche principale alors que je travaille avec mozilla firefox . j'ai remis ce moteur de recherche en principale, mais tout mes marques page et le reste a disparu......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {e40d5a27-4a6d-aa6a-e314-4fb413c0cb5a} - {a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e} - C:\WINDOWS\system32\lgqvwfxw.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 11 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Il me faut ce rapport :
Fais une recherche dans C/ et tapes : Combofix.txt ou C-Fix.txt

evaromain Messages postés 142 Statut Membre

deso j'ai du partir assez vite...
je vais chercher apres le rapport

Réponse 12 / 90

evaromain Messages postés 142 Statut Membre

il ne trouve aucun fichier alors je vais recommencer avec combofix

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Ok ... mais fermes bien toute tes applications , déconnectes toi et désactives tes défenses !

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

ComboFix 08-06-20.4 - emilie molle 2008-06-25 17:19:56.2 - NTFSx86
Endroit: C:\Documents and Settings\emilie molle\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\emilie molle\Application Data\Hotbar_Icons
C:\Documents and Settings\emilie molle\Application Data\Hotbar_Icons\Registryrepair.ico
C:\WINDOWS\BM3334da50.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acstjfqj.ini
C:\WINDOWS\system32\bxcjoudk.dll
C:\WINDOWS\system32\dbjmsbgl.ini
C:\WINDOWS\system32\djakiifi.ini
C:\WINDOWS\system32\dsbiwrjl.ini
C:\WINDOWS\system32\eatlegib.ini
C:\WINDOWS\system32\gmbpxnjq.dll
C:\WINDOWS\system32\gsxgpbbc.dll
C:\WINDOWS\system32\hdwkbcbg.dll
C:\WINDOWS\system32\iropdolk.dll
C:\WINDOWS\system32\jbpnwgkr.dll
C:\WINDOWS\system32\jqmcxuch.dll
C:\WINDOWS\system32\kkuefiqb.dll
C:\WINDOWS\system32\KkUuCJlm.ini
C:\WINDOWS\system32\KkUuCJlm.ini2
C:\WINDOWS\system32\kwypfctj.dll
C:\WINDOWS\system32\mbuwtqvj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgsjtevx.ini
C:\WINDOWS\system32\nnagscit.dll
C:\WINDOWS\system32\NpqpAJlm.ini
C:\WINDOWS\system32\NpqpAJlm.ini2
C:\WINDOWS\system32\pfmrynub.dll
C:\WINDOWS\system32\PVuwvGgh.ini
C:\WINDOWS\system32\qgowrdxr.dll
C:\WINDOWS\system32\rpugjaqu.dll
C:\WINDOWS\system32\sgrtmnsb.ini
C:\WINDOWS\system32\sjrgxdpx.ini
C:\WINDOWS\system32\sokuxnla.ini
C:\WINDOWS\system32\stpkrflj.dll
C:\WINDOWS\system32\svfmxsll.dll
C:\WINDOWS\system32\tooqfcmd.ini
C:\WINDOWS\system32\ufbsactx.dll
C:\WINDOWS\system32\unqegsej.dll
C:\WINDOWS\system32\vecxvwxb.dll
C:\WINDOWS\system32\wiimmnqr.dll
C:\WINDOWS\system32\wscadxfp.ini
C:\WINDOWS\system32\xciruycm.ini
C:\WINDOWS\system32\xdxqqrnb.ini
C:\WINDOWS\system32\xmrmptnf.ini
C:\WINDOWS\system32\xthwycjd.ini
C:\WINDOWS\system32\xxxjcriv.dll
C:\WINDOWS\system32\ygedqkot.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
.

2008-06-25 16:10 . 2008-06-25 16:10 <REP> d-------- C:\WINDOWS\LastGood
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 14:32 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 13:54 . 2008-06-25 14:15 <REP> d-------- C:\Program Files\Lopxp
2008-06-25 13:39 . 2008-06-25 13:39 <REP> d-------- C:\Program Files\CCleaner
2008-06-25 12:05 . 2008-06-25 12:43 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-25 11:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-25 11:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-25 11:49 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-25 11:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-25 11:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-25 11:49 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-25 11:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-25 11:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-25 11:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-25 11:02 . 2008-06-25 11:31 <REP> d-------- C:\Program Files\Navilog1
2008-06-25 10:14 . 2008-06-25 10:14 <REP> d-------- C:\Program Files\Trend Micro
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\SUPERAntiSpyware.com
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 08:16 . 2008-06-25 08:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-25 07:37 . 2008-06-25 07:39 <REP> d-------- C:\Program Files\Winsos
2008-06-24 21:04 . 2008-06-24 21:04 101,728 --a------ C:\WINDOWS\system32\lgqvwfxw.dll
2008-06-24 18:38 . 2008-06-24 18:39 <REP> d-------- C:\Program Files\TrojansFiltre
2008-06-23 20:58 . 2008-06-23 20:58 91,488 --a------ C:\WINDOWS\system32\xcyjulmi.dll
2008-06-23 19:42 . 2008-06-23 19:42 91,488 --a------ C:\WINDOWS\system32\ghulgdrm.dll
2008-06-23 19:42 . 2008-06-23 19:42 91,488 --a------ C:\WINDOWS\system32\ebxllpdo.dll
2008-06-23 18:22 . 2008-06-23 18:22 91,488 --a------ C:\WINDOWS\system32\kiesvaoa.dll
2008-06-22 18:26 . 2008-06-22 18:26 101,728 --a------ C:\WINDOWS\system32\vrljiygt.dll
2008-06-22 18:21 . 2008-06-22 18:21 90,464 --a------ C:\WINDOWS\system32\gvfhvpsk.dll
2008-06-21 18:23 . 2008-06-21 18:23 101,728 --a------ C:\WINDOWS\system32\purtcknp.dll
2008-06-21 18:20 . 2008-06-21 18:20 90,464 --a------ C:\WINDOWS\system32\qwqmjvmp.dll
2008-06-20 18:25 . 2008-06-20 18:25 101,744 --a------ C:\WINDOWS\system32\fajpuuff.dll
2008-06-20 18:19 . 2008-06-20 18:19 90,464 --a------ C:\WINDOWS\system32\lmxkeeii.dll
2008-06-19 18:22 . 2008-06-19 18:22 101,632 --a------ C:\WINDOWS\system32\eulkywbr.dll
2008-06-19 18:19 . 2008-06-19 18:19 90,320 --a------ C:\WINDOWS\system32\uwhqtaro.dll
2008-06-10 21:41 . 2008-06-10 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 21:39 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-10 21:39 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-10 21:39 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-10 21:38 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-10 21:38 . 2008-06-10 21:38 1,024 --a------ C:\.rnd
2008-06-10 21:37 . 2008-06-13 07:18 <REP> d-------- C:\Program Files\LogMeIn
2008-06-10 21:09 . 2008-06-10 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LookMyPC
2008-06-10 09:29 . 2008-06-10 09:29 357,768 --a------ C:\Documents and Settings\emilie molle\SymXPep2.dll
2008-06-10 09:26 . 2008-06-10 09:26 <REP> d-------- C:\Program Files\ProtectionAssuree
2008-06-10 09:26 . 2004-10-07 14:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-03 01:28 . 2008-06-03 21:44 <REP> d-------- C:\Program Files\PartyGaming
2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-05-26 17:02 . 2008-05-26 17:02 <REP> d-------- C:\Program Files\Picasa2
2008-05-26 17:02 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 17:02 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 06:40 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-25 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-13 21:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-23 17:47 --------- d-----w C:\Program Files\Sun
2008-05-23 17:46 --------- d-----w C:\Program Files\Java
2008-05-23 17:44 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-23 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-05-23 08:14 --------- d-----w C:\Program Files\AskTBar
2008-05-23 07:56 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\Dealio
2008-05-23 07:54 --------- d-----w C:\Program Files\ESTsoft
2008-05-23 07:54 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\ESTsoft
2008-05-23 07:53 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-23 07:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-23 07:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 07:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-23 07:38 --------- d-----w C:\Program Files\Rainlendar2
2008-05-23 07:36 --------- d-----w C:\Program Files\Google
2008-05-16 17:38 --------- d-----w C:\Program Files\ooVoo
2008-05-01 10:44 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-05-01 10:44 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\LimeWire
2008-04-30 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_16.07.03.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 13:17:55 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-25 13:59:11 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-25 13:17:55 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-25 13:59:12 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-25 13:17:55 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-25 13:59:12 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-25 13:17:55 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-25 13:59:12 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:58 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e}]
2008-06-24 21:04 101728 --a------ C:\WINDOWS\system32\lgqvwfxw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [2008-05-14 12:18 13268784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.EXE" [2008-03-28 13:31 2116102]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jbllrlot.dll yxclparv.dll bctgioht.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 103720 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-08-24 23:07 51048 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
C:\Program Files\ChristmasTree\ChristmasTree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\error junk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Contrôle parental\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Help Creative Meow City]
C:\Documents and Settings\All Users\Application Data\aim rect help creative\Soap Amok.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
C:\Program Files\Its Label\ItsTV\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-24 22:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 2007-04-10 21:06 53248 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2007-01-18 12:59 389120 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56202:TCP"= 56202:TCP:Pando P2P TCP Listening Port
"56202:UDP"= 56202:UDP:Pando P2P UDP Listening Port
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 22:21:43 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
"2008-06-23 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Windows.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 17:23:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Temps d'accomplissement: 2008-06-25 17:29:21
ComboFix-quarantined-files.txt 2008-06-25 15:28:54

Pre-Run: 57,112,166,400 octets libres
Post-Run: 57,102,364,672 octets libres

289 --- E O F --- 2008-05-16 22:12:06

Réponse 13 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Et be ... analyse en cours ...

evaromain Messages postés 142 Statut Membre

que dois je faire??

Réponse 14 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Fais exactement ce qui suit :

1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous en gras ( et rien d'autre ! ) dans le fichier texte que tu viens de créer :

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5bc0c31-4bf4-413e-a6aa-d6a472a5d04e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINSOS VERIFY"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Help Creative Meow City]

File::
C:\WINDOWS\system32\lgqvwfxw.dll
C:\Program Files\Winsos\WINSOS.EXE
C:\Documents and Settings\All Users\Application Data\aim rect help creative\Soap Amok.exe
C:\WINDOWS\system32\xcyjulmi.dll
C:\WINDOWS\system32\ghulgdrm.dll
C:\WINDOWS\system32\ebxllpdo.dll
C:\WINDOWS\system32\kiesvaoa.dll
C:\WINDOWS\system32\vrljiygt.dll
C:\WINDOWS\system32\gvfhvpsk.dll
C:\WINDOWS\system32\purtcknp.dll
C:\WINDOWS\system32\qwqmjvmp.dll
C:\WINDOWS\system32\fajpuuff.dll
C:\WINDOWS\system32\lmxkeeii.dll
C:\WINDOWS\system32\eulkywbr.dll
C:\WINDOWS\system32\uwhqtaro.dll

Folder::
C:\Program Files\Winsos
C:\Program Files\AskTBar
C:\Documents and Settings\emilie molle\Application Data\Dealio
C:\Program Files\ProtectionAssuree
C:\Program Files\Winsos

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...

2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touche à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

evaromain Messages postés 142 Statut Membre

ComboFix 08-06-20.4 - emilie molle 2008-06-25 18:18:38.4 - NTFSx86
Endroit: C:\Documents and Settings\emilie molle\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\Documents and Settings\emilie molle\Application Data\Dealio
C:\Documents and Settings\emilie molle\Application Data\Dealio\dinstallhelper.4D9E986E880745BFAD65DE5B95CED589.dll
C:\Documents and Settings\emilie molle\Application Data\Dealio\dinstallhelper.CB9EBCA47AA1476AA382BE7F5B9B9D89.dll
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\chevron-small.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\deal_report.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\deals-leftcap.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\ebay_login.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\err_mainwindow.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\err_toolbar.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\global_scripts.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\headerbgthin.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\highlight-bg.png
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\logo.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\logo_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\man_toolbar.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\man_toolbar.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\post-this-deal.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\post-this-deal_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\scripts.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\scroller.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search-chevron.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search-chevron_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search_bg_blink.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\separator.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\settings.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\settings_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\yahoo-search.png
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\resFF\deal_report.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\resFF\ebay_login.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\index.76.35
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.10.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.109.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.110.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.12.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.13.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.130.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.135.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.153.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.155.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.156.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.16.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.161.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.178.66
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.184.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.188.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.189.45
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.196.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.198.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.199.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.200.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.201.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.202.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.203.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.205.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.213.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.214.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.215.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.216.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.217.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.218.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.219.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.220.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.221.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.222.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.223.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.226.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.227.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.228.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.229.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.23.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.239.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.24.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.240.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.241.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.242.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.243.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.244.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.245.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.247.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.248.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.249.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.250.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.251.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.252.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.253.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.254.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.255.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.256.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.257.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.279.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.28.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.282.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.283.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.284.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.289.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.290.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.291.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.296.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.297.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.304.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.307.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.308.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.31.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.310.46
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.311.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.315.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.316.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.317.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.318.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.319.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.32.48
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.334.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.335.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.336.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.337.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.338.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.339.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.34.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.340.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.341.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.349.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.35.48
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.350.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.351.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.352.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.353.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.354.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.357.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.358.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.359.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.360.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.361.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.362.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.363.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.364.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.365.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.367.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.368.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.369.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.370.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.371.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.372.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.373.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.375.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.376.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.377.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.378.65
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.384.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.386.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.387.59
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.388.59
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.389.59
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.390.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.391.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.392.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.393.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.394.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.396.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.397.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.398.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.399.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.403.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.404.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.405.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.406.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.407.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.408.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.409.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.412.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.413.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.414.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.415.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.416.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.417.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.418.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.419.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.420.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.421.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.423.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.424.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.425.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.426.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.427.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.428.65
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.429.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.430.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.432.65
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.433.64
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.434.65
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.435.64
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.436.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.437.64
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.438.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.439.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.440.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.442.73
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.443.73
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.444.73
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.445.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.446.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.450.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.451.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.452.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.453.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.454.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.456.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.457.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.458.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.459.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.460.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.462.74
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.463.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.464.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.465.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.468.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.469.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.470.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.471.73
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.472.70
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.478.74
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.479.73
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.480.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.481.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.482.74
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.49.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.50.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.500.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.501.74
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.502.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.51.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.52.72
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.520.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.521.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.522.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.53.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.531.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.532.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.534.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.54.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.55.45
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.56.69
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.57.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.58.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.593.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.595.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.63.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.66.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.70.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.71.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\index.3.67.22
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.109.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.178.66
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.198.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.245.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.247.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.279.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.283.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.284.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.289.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.290.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.297.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.315.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.319.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.335.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.337.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.340.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.360.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.386.59
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.388.59
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.391.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.398.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.399.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.403.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.404.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.405.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.406.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.407.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.408.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.409.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.412.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.413.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.414.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.415.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.416.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.417.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.418.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.419.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.420.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.421.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.424.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.427.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.432.65
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.49.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.51.46
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.52.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.53.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.54.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.57.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rulesFF\rules.3.58.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\temp\dealio-14053.log
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\temp\dod_cache.xml
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\ProtectionAssuree
C:\Program Files\Winsos
C:\Program Files\Winsos\AUTO.txt
C:\Program Files\Winsos\connect.exe
C:\Program Files\Winsos\flashlogiciel.swf
C:\Program Files\Winsos\INVITE3.SWF
C:\Program Files\Winsos\license us.txt
C:\Program Files\Winsos\license.txt
C:\Program Files\Winsos\pays.txt
C:\Program Files\Winsos\PSAPI.DLL
C:\Program Files\Winsos\RUNDLL32.EXE
C:\Program Files\Winsos\unins000.dat
C:\Program Files\Winsos\unins000.exe
C:\Program Files\Winsos\update.exe
C:\Program Files\Winsos\UPDATE\LISTE2.SOS
C:\Program Files\Winsos\UPDATE\VIRAL2.SOS
C:\Program Files\Winsos\VIDE.exe
C:\Program Files\Winsos\WD120ACTION.DLL
C:\Program Files\Winsos\WD120COD.DLL
C:\Program Files\Winsos\WD120COM.DLL
C:\Program Files\Winsos\WD120CPL.DLL
C:\Program Files\Winsos\WD120ETAT.DLL
C:\Program Files\Winsos\WD120GRF.DLL
C:\Program Files\Winsos\WD120HTML.DLL
C:\Program Files\Winsos\WD120IMG.DLL
C:\Program Files\Winsos\WD120IMG2.DLL
C:\Program Files\Winsos\WD120MAT.DLL
C:\Program Files\Winsos\WD120OBJ.DLL
C:\Program Files\Winsos\WD120OLE.DLL
C:\Program Files\Winsos\WD120PDF.DLL
C:\Program Files\Winsos\WD120PRN.DLL
C:\Program Files\Winsos\WD120RTF.DLL
C:\Program Files\Winsos\WD120STD.DLL
C:\Program Files\Winsos\WD120TEST.DLL
C:\Program Files\Winsos\WD120VM.DLL
C:\Program Files\Winsos\WD120XLS.DLL
C:\Program Files\Winsos\WD120XML.DLL
C:\Program Files\Winsos\WD120ZIP.DLL
C:\Program Files\Winsos\WEBSITE.url
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\Winsos\Winsos.exe.lnk
C:\Program Files\Winsos\WINSOS.ico
C:\Program Files\Winsos\Winsos.url
C:\Program Files\Winsos\winsosdefrag.exe
C:\WINDOWS\BM3334da50.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ebxllpdo.dll
C:\WINDOWS\system32\eulkywbr.dll
C:\WINDOWS\system32\fajpuuff.dll
C:\WINDOWS\system32\ghulgdrm.dll
C:\WINDOWS\system32\gvfhvpsk.dll
C:\WINDOWS\system32\kiesvaoa.dll
C:\WINDOWS\system32\lgqvwfxw.dll
C:\WINDOWS\system32\lmxkeeii.dll
C:\WINDOWS\system32\purtcknp.dll
C:\WINDOWS\system32\qwqmjvmp.dll
C:\WINDOWS\system32\rpslchdg.ini
C:\WINDOWS\system32\UwGOoUvw.ini
C:\WINDOWS\system32\UwGOoUvw.ini2
C:\WINDOWS\system32\uwhqtaro.dll
C:\WINDOWS\system32\vrljiygt.dll
C:\WINDOWS\system32\wvUoOGwU.dll
C:\WINDOWS\system32\xcyjulmi.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
.

2008-06-25 18:13 . 2008-06-25 18:19 354 ---hs---- C:\WINDOWS\system32\rpslchdg.ini
2008-06-25 18:05 . 2008-06-25 18:05 0 --a------ C:\WINDOWS\BM3334da50.xml
2008-06-25 17:53 . 2008-06-25 17:53 107,936 --a------ C:\WINDOWS\system32\evcnyxdt.dll
2008-06-25 17:50 . 2008-06-25 17:50 84,880 --a------ C:\WINDOWS\system32\gdhclspr.dll
2008-06-25 17:48 . 2008-06-25 17:48 91,472 --a------ C:\WINDOWS\system32\nbmgqnuw.dll
2008-06-25 17:42 . 2008-06-25 17:42 25,504 --a------ C:\WINDOWS\system32\geBroMDw.dll
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 14:32 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 13:54 . 2008-06-25 14:15 <REP> d-------- C:\Program Files\Lopxp
2008-06-25 13:39 . 2008-06-25 13:39 <REP> d-------- C:\Program Files\CCleaner
2008-06-25 12:05 . 2008-06-25 12:43 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-25 11:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-25 11:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-25 11:49 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-25 11:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-25 11:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-25 11:49 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-25 11:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-25 11:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-25 11:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-25 11:02 . 2008-06-25 11:31 <REP> d-------- C:\Program Files\Navilog1
2008-06-25 10:14 . 2008-06-25 10:14 <REP> d-------- C:\Program Files\Trend Micro
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\SUPERAntiSpyware.com
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 08:16 . 2008-06-25 08:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-24 18:38 . 2008-06-24 18:39 <REP> d-------- C:\Program Files\TrojansFiltre
2008-06-10 21:41 . 2008-06-10 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 21:39 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-10 21:39 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-10 21:39 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-10 21:38 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-10 21:38 . 2008-06-10 21:38 1,024 --a------ C:\.rnd
2008-06-10 21:37 . 2008-06-13 07:18 <REP> d-------- C:\Program Files\LogMeIn
2008-06-10 21:09 . 2008-06-10 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LookMyPC
2008-06-10 09:29 . 2008-06-10 09:29 357,768 --a------ C:\Documents and Settings\emilie molle\SymXPep2.dll
2008-06-10 09:26 . 2004-10-07 14:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-03 01:28 . 2008-06-03 21:44 <REP> d-------- C:\Program Files\PartyGaming
2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-05-26 17:02 . 2008-05-26 17:02 <REP> d-------- C:\Program Files\Picasa2
2008-05-26 17:02 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 17:02 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 06:40 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-25 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-13 21:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-23 17:47 --------- d-----w C:\Program Files\Sun
2008-05-23 17:46 --------- d-----w C:\Program Files\Java
2008-05-23 17:44 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-23 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-05-23 07:54 --------- d-----w C:\Program Files\ESTsoft
2008-05-23 07:54 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\ESTsoft
2008-05-23 07:53 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-23 07:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-23 07:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 07:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-23 07:38 --------- d-----w C:\Program Files\Rainlendar2
2008-05-23 07:36 --------- d-----w C:\Program Files\Google
2008-05-16 17:38 --------- d-----w C:\Program Files\ooVoo
2008-05-01 10:44 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-05-01 10:44 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\LimeWire
2008-04-30 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_16.07.03.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 13:52:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 16:12:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-25 13:17:55 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-25 13:59:11 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-25 13:17:55 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-25 13:59:12 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-25 13:17:55 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-25 13:59:12 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-25 13:17:55 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-25 13:59:12 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52043E63-F814-41BB-A8B8-A35474C6C1BD}]
2008-06-25 17:42 25504 --a------ C:\WINDOWS\system32\geBroMDw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:58 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{816238bf-9ed9-41c8-a844-96089f10471e}]
2008-06-25 17:53 107936 --a------ C:\WINDOWS\system32\evcnyxdt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [2008-05-14 12:18 13268784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"3007e9cc"="C:\WINDOWS\system32\gdhclspr.dll" [2008-06-25 17:50 84880]
"BM3334da50"="C:\WINDOWS\system32\nbmgqnuw.dll" [2008-06-25 17:48 91472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
"{52043E63-F814-41BB-A8B8-A35474C6C1BD}"= C:\WINDOWS\system32\geBroMDw.dll [2008-06-25 17:42 25504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBroMDw]
geBroMDw.dll 2008-06-25 17:42 25504 C:\WINDOWS\system32\geBroMDw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 103720 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-08-24 23:07 51048 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
C:\Program Files\ChristmasTree\ChristmasTree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\error junk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Contrôle parental\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
C:\Program Files\Its Label\ItsTV\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-24 22:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 2007-04-10 21:06 53248 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2007-01-18 12:59 389120 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56202:TCP"= 56202:TCP:Pando P2P TCP Listening Port
"56202:UDP"= 56202:UDP:Pando P2P UDP Listening Port
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 22:21:43 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-23 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Windows.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 18:23:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBroMDw.dll
.
Temps d'accomplissement: 2008-06-25 18:29:51
ComboFix-quarantined-files.txt 2008-06-25 16:28:42
ComboFix2.txt 2008-06-25 15:29:22

Pre-Run: 57,079,291,904 octets libres
Post-Run: 57,068,703,744 octets libres

600 --- E O F --- 2008-05-16 22:12:06

ComboFix 08-06-20.4 - emilie molle 2008-06-25 18:18:38.4 - NTFSx86
Endroit: C:\Documents and Settings\emilie molle\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\Documents and Settings\emilie molle\Application Data\Dealio
C:\Documents and Settings\emilie molle\Application Data\Dealio\dinstallhelper.4D9E986E880745BFAD65DE5B95CED589.dll
C:\Documents and Settings\emilie molle\Application Data\Dealio\dinstallhelper.CB9EBCA47AA1476AA382BE7F5B9B9D89.dll
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\chevron-small.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\deal_report.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\deals-leftcap.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\ebay_login.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\err_mainwindow.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\err_toolbar.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\global_scripts.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\headerbgthin.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\highlight-bg.png
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\logo.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\logo_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\man_toolbar.html
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\man_toolbar.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\post-this-deal.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\post-this-deal_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\scripts.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\scroller.js
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search-chevron.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search-chevron_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\search_bg_blink.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\separator.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\settings.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\settings_over.gif
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\yahoo-search.png
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\resFF\deal_report.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\resFF\ebay_login.jpg
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\index.76.35
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.10.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.109.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.110.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.12.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.13.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.130.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.135.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.153.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.155.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.156.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.16.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.161.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.178.66
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.184.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.188.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.189.45
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.196.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.198.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.199.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.200.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.201.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.202.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.203.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.205.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.213.71
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.214.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.215.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.216.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.217.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.218.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.219.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.220.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.221.57
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.222.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.223.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.226.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.227.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.228.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.229.76
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.23.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.239.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.24.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.240.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.241.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.242.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.243.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.244.63
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.245.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.247.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.248.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.249.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.250.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.251.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.252.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.253.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.254.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.255.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.256.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.257.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.279.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.28.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.282.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.283.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.284.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.289.67
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.290.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.291.61
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.296.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.297.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.304.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.307.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.308.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.31.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.310.46
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.311.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.315.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.316.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.317.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.318.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.319.49
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.32.48
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.334.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.335.60
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.336.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.337.44
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.338.75
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.339.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.34.43
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.340.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.341.47
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.349.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.35.48
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.350.50
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.351.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.352.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.353.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.354.51
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.357.62
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.358.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.359.52
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.360.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.361.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.362.68
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.363.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.364.54
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.365.53
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.367.56
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.368.58
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.369.55
C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\rules\rules.1.370.56

Réponse 15 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bon ,
Redémarres ton PC .

Une petite question : est-ce que tu désacitves bien ton Antivirus avant le passage de Combofix ?

evaromain Messages postés 142 Statut Membre

desole j'avait un soucis avec ma fille c'est pour ca que je repondait pas

mohn antivirus ne fonctionne pas donc est ce que je dois quand meme le desactiver malgrés ca?

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > evaromain Messages postés 142 Statut Membre

Bien évidemment , c'est pour cela que combofix ne passe pas ! C'est pourtant bien préciser non ? ^^

On reprend depuis le début :

----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuies sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparaît à un moment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

oui c'est juste veuillez m en excuser je pensait que comme il ne marchait pas, il etait desactiver
voila les rapport desole a nouveau pour le retard mais mon pc ralentit de plus en plus...

ComboFix 08-06-20.4 - emilie molle 2008-06-25 21:01:02.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.127 [GMT 2:00]
Endroit: C:\Documents and Settings\emilie molle\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM3334da50.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\feNnTBeg.ini
C:\WINDOWS\system32\feNnTBeg.ini2
C:\WINDOWS\system32\geBTnNef.dll
C:\WINDOWS\system32\ogerjvux.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
.

2008-06-25 20:57 . 2008-06-25 21:01 354 ---hs---- C:\WINDOWS\system32\ogerjvux.ini
2008-06-25 20:47 . 2008-06-25 20:47 0 --a------ C:\WINDOWS\BM3334da50.xml
2008-06-25 19:38 . 2008-06-25 19:38 107,936 --a------ C:\WINDOWS\system32\ccfhlysd.dll
2008-06-25 19:38 . 2008-06-25 19:38 84,880 --a------ C:\WINDOWS\system32\xuvjrego.dll
2008-06-25 19:36 . 2008-06-25 19:36 91,472 --a------ C:\WINDOWS\system32\haiuwsvq.dll
2008-06-25 18:30 . 2008-06-25 18:30 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Dealio
2008-06-25 18:13 . 2008-06-25 18:19 354 ---hs---- C:\WINDOWS\system32\rpslchdg.ini
2008-06-25 17:53 . 2008-06-25 17:53 107,936 --a------ C:\WINDOWS\system32\evcnyxdt.dll
2008-06-25 17:50 . 2008-06-25 17:50 84,880 --a------ C:\WINDOWS\system32\gdhclspr.dll
2008-06-25 17:48 . 2008-06-25 17:48 91,472 --a------ C:\WINDOWS\system32\nbmgqnuw.dll
2008-06-25 17:42 . 2008-06-25 17:42 25,504 --a------ C:\WINDOWS\system32\geBroMDw.dll
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 14:32 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 13:54 . 2008-06-25 14:15 <REP> d-------- C:\Program Files\Lopxp
2008-06-25 13:39 . 2008-06-25 13:39 <REP> d-------- C:\Program Files\CCleaner
2008-06-25 12:05 . 2008-06-25 12:43 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-25 11:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-25 11:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-25 11:49 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-25 11:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-25 11:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-25 11:49 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-25 11:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-25 11:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-25 11:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-25 11:02 . 2008-06-25 11:31 <REP> d-------- C:\Program Files\Navilog1
2008-06-25 10:14 . 2008-06-25 10:14 <REP> d-------- C:\Program Files\Trend Micro
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\SUPERAntiSpyware.com
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 08:16 . 2008-06-25 08:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-24 18:38 . 2008-06-24 18:39 <REP> d-------- C:\Program Files\TrojansFiltre
2008-06-10 21:41 . 2008-06-10 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 21:39 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-10 21:39 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-10 21:39 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-10 21:38 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-10 21:38 . 2008-06-10 21:38 1,024 --a------ C:\.rnd
2008-06-10 21:37 . 2008-06-13 07:18 <REP> d-------- C:\Program Files\LogMeIn
2008-06-10 21:09 . 2008-06-10 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LookMyPC
2008-06-10 09:29 . 2008-06-10 09:29 357,768 --a------ C:\Documents and Settings\emilie molle\SymXPep2.dll
2008-06-10 09:26 . 2004-10-07 14:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-03 01:28 . 2008-06-03 21:44 <REP> d-------- C:\Program Files\PartyGaming
2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-05-26 17:02 . 2008-05-26 17:02 <REP> d-------- C:\Program Files\Picasa2
2008-05-26 17:02 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 17:02 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 06:40 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-25 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-13 21:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-23 17:47 --------- d-----w C:\Program Files\Sun
2008-05-23 17:46 --------- d-----w C:\Program Files\Java
2008-05-23 17:44 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-23 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-05-23 07:54 --------- d-----w C:\Program Files\ESTsoft
2008-05-23 07:54 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\ESTsoft
2008-05-23 07:53 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-23 07:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-23 07:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 07:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-23 07:38 --------- d-----w C:\Program Files\Rainlendar2
2008-05-23 07:36 --------- d-----w C:\Program Files\Google
2008-05-16 17:38 --------- d-----w C:\Program Files\ooVoo
2008-05-01 10:44 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-05-01 10:44 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\LimeWire
2008-04-30 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_16.07.03.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 13:52:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 18:56:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-25 13:17:55 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-25 13:59:11 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-25 13:17:55 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-25 13:59:12 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-25 13:17:55 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-25 13:59:12 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-25 13:17:55 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-25 13:59:12 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3967a3e8-71d0-42ed-bddb-501399dc8b78}]
2008-06-25 19:38 107936 --a------ C:\WINDOWS\system32\ccfhlysd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52043E63-F814-41BB-A8B8-A35474C6C1BD}]
2008-06-25 17:42 25504 --a------ C:\WINDOWS\system32\geBroMDw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:58 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [2008-05-14 12:18 13268784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"3007e9cc"="C:\WINDOWS\system32\xuvjrego.dll" [2008-06-25 19:38 84880]
"BM3334da50"="C:\WINDOWS\system32\haiuwsvq.dll" [2008-06-25 19:36 91472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
"{52043E63-F814-41BB-A8B8-A35474C6C1BD}"= C:\WINDOWS\system32\geBroMDw.dll [2008-06-25 17:42 25504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBroMDw]
geBroMDw.dll 2008-06-25 17:42 25504 C:\WINDOWS\system32\geBroMDw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 103720 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-08-24 23:07 51048 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
C:\Program Files\ChristmasTree\ChristmasTree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\error junk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Contrôle parental\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
C:\Program Files\Its Label\ItsTV\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-24 22:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 2007-04-10 21:06 53248 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2007-01-18 12:59 389120 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56202:TCP"= 56202:TCP:Pando P2P TCP Listening Port
"56202:UDP"= 56202:UDP:Pando P2P UDP Listening Port
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 22:21:43 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-23 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Windows.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 21:04:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBroMDw.dll
.
Temps d'accomplissement: 2008-06-25 21:09:47
ComboFix-quarantined-files.txt 2008-06-25 19:09:30
ComboFix2.txt 2008-06-25 16:29:52
ComboFix3.txt 2008-06-25 15:29:22

Pre-Run: 57,106,059,264 octets libres
Post-Run: 57,095,286,784 octets libres

241 --- E O F --- 2008-05-16 22:12:06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:53, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: {87b8cd99-3105-bddb-de24-0d178e3a7693} - {3967a3e8-71d0-42ed-bddb-501399dc8b78} - C:\WINDOWS\system32\ccfhlysd.dll
O2 - BHO: (no name) - {52043E63-F814-41BB-A8B8-A35474C6C1BD} - C:\WINDOWS\system32\geBroMDw.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [3007e9cc] rundll32.exe "C:\WINDOWS\system32\xuvjrego.dll",b
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\haiuwsvq.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBroMDw - C:\WINDOWS\SYSTEM32\geBroMDw.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 16 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Non , cela ne fonctionne toujours pas !!! Désactives tes défences = antivirus + antispyware + Parefeu doivent être désactiver ... et on ce déconnecte avant ....

Recommences SVP ....

evaromain Messages postés 142 Statut Membre

j'ai quleuqes antispywer mais je n'arrive pas a les desactiver... il y a t'il un endroit ou je peux me rendre sur le pc pour désacticer directement TOUT les antispywer? Norton est désactiver

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > evaromain Messages postés 142 Statut Membre

C'est surtout SUPERAntiSpyware .... clik gauche ou droit sur l'icone de celui-ci présent dans la barre des taches et désactive sa garde ( ou protection ) ... pour le parfeu windows : paneau de config/pare feu et tu le désactives ...

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

Super antispywair est en anglais et je ne comprend absolument pas, quand je clique droit dessus, j'ai au moins une quinzaine de possibilité et je ne vois vraiment laquelle choisir pour désactiver.
ensuite pour le panneau de con,figuration, je ne sais pas l'ouvrir car une fois que j'essaie mon bureau s'efface et revient mais n'ouvre pas le programme

desolé :-(

Réponse 17 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Ecoute ... tant pis reprend la manipe de combofiix simple , mais en mode sans échec ... postes moi le rapport obtenu puis un nouvel hijack ( fais en mode normal ) ... on vera bien ...

evaromain Messages postés 142 Statut Membre

la je desespere, mon ordi bloque toujours au niveau du rapport, il ne me le donne jamais et se coupe sans raison. donc je dois toujours recommencer sans résultat. en plus, tout ce qui se rapporte a windows ne veux plus s ouvrir (documents, images, musique, panneau de configuration, explorateur windows) et tout mes marques pages de mozilla firefox ont disparu alors que j'avais des sites important pour mon travaille. je ne sais vraiment plus quoi faire,

evaromain Messages postés 142 Statut Membre > evaromain Messages postés 142 Statut Membre

je me sens completement ridicule, est ce moi qui ne fait pas comme il faut les démarches ? car en lisanbt les autres topics je vois que la majorité réussit sans probleme et moi rien ne va... :-( je suis vraiment nul en informatique meme aec des explication claire

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > evaromain Messages postés 142 Statut Membre

restes calme et zen , tu t'en es bien tiré au début , il n'y a pas de raison ...

Pour ce qui est des bug , c'est normal tu es encore bien infecter ( les virus ont déterioré ton système ,mais on pourra voir que cela à la fin )... ne touche pas à ton PC autrement que pour suivre mes indiquations ...

un tuto ( aide en fr ) pour SuperAntiSpyware :
https://www.malekal.com/?s=SUPERAntiSpyware

Supprimes tout ce que Malwarebytes à en "quarantaine" ( ouvre malware. onglet "quarantaine" : fais suprimé tout ).

Tu vas d'abors refaire un scan complet avec Malwarebytes IMPERATIVEMENT en mode sans échec ... si tu as un moindres prb pour aller en mode sans échec, fait m'en part ... Car tout à l'heure cela m'étonnerai que tu l'est fais ... ( reprend la manipe du poste 20 )

J'attends donc le résultat de ce scan et un nouvel hijackthis pour analyse ...

evaromain Messages postés 142 Statut Membre > sKe69 Messages postés 21955 Statut Contributeur sécurité

ok lol desole je desesperait, je viens de faire ceci

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 890

15:11:19 25/06/2008
mbam-log-6-25-2008 (15-11-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 75840
Temps écoulé: 32 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bb954b86-f399-4533-8505-320a2c9f9031} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3334da50 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcuukk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\atcrfumo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\omufrcta.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iouuloaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\faoluuoi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCuUkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KkUuCJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KkUuCJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\monmkghr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhgkmnom.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypwpgswk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwsgpwpy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP229\A0044753.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4CAEC31F-8B5A-435A-9C02-4D34222FEDA0}\RP250\A0051188.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spvtmigk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxclparv.dll (Trojan.vundo) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [3007e9cc] rundll32.exe "C:\WINDOWS\system32\alrmcshp.dll",b
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\kfilmoxk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 18 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

bien ... ce n'est pas le bon log malwarebytes mais ce n'est pas graves ^^ ( le dernier en date serai mieux ... )

la suite :

souligne>Télécharges VirtumundoBegone sur ton bureau</souligne>:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!! Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis ( penses avant à le renommer car ce n'es plus le cas ^^) pour analyse ...

evaromain Messages postés 142 Statut Membre

[06/26/2008, 0:10:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\emilie molle\Bureau\VirtumundoBeGone.exe" )
[06/26/2008, 0:10:47] - Detected System Information:
[06/26/2008, 0:10:47] - Windows Version: 5.1.2600, Service Pack 2
[06/26/2008, 0:10:47] - Current Username: emilie molle (Admin)
[06/26/2008, 0:10:47] - Windows is in NORMAL mode.
[06/26/2008, 0:10:47] - Searching for Browser Helper Objects:
[06/26/2008, 0:10:47] - BHO 1: {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
[06/26/2008, 0:10:47] - BHO 2: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/26/2008, 0:10:47] - BHO 3: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} (CInterceptor Object)
[06/26/2008, 0:10:47] - BHO 4: {52043E63-F814-41BB-A8B8-A35474C6C1BD} ()
[06/26/2008, 0:10:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2008, 0:10:47] - Checking for HKLM\...\Winlogon\Notify\geBroMDw
[06/26/2008, 0:10:47] - Found: HKLM\...\Winlogon\Notify\geBroMDw - This is probably Virtumundo.
[06/26/2008, 0:10:47] - Assigning {52043E63-F814-41BB-A8B8-A35474C6C1BD} MSEvents Object
[06/26/2008, 0:10:47] - BHO list has been changed! Starting over...
[06/26/2008, 0:10:47] - BHO 1: {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
[06/26/2008, 0:10:47] - BHO 2: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/26/2008, 0:10:47] - BHO 3: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} (CInterceptor Object)
[06/26/2008, 0:10:47] - BHO 4: {52043E63-F814-41BB-A8B8-A35474C6C1BD} (MSEvents Object)
[06/26/2008, 0:10:47] - ALERT: Found MSEvents Object!
[06/26/2008, 0:10:47] - BHO 5: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/26/2008, 0:10:47] - BHO 6: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[06/26/2008, 0:10:47] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/26/2008, 0:10:47] - BHO 8: {B0827D2B-147A-48BF-A574-2A2C311ED22A} ()
[06/26/2008, 0:10:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2008, 0:10:48] - Checking for HKLM\...\Winlogon\Notify\jkkkLeET
[06/26/2008, 0:10:48] - Key not found: HKLM\...\Winlogon\Notify\jkkkLeET, continuing.
[06/26/2008, 0:10:48] - BHO 9: {d6f13773-6359-48ed-b058-87c94afc1fc6} ()
[06/26/2008, 0:10:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2008, 0:10:48] - Checking for HKLM\...\Winlogon\Notify\slpuavaq
[06/26/2008, 0:10:48] - Key not found: HKLM\...\Winlogon\Notify\slpuavaq, continuing.
[06/26/2008, 0:10:48] - Finished Searching Browser Helper Objects
[06/26/2008, 0:10:48] - *** Detected MSEvents Object
[06/26/2008, 0:10:48] - Trying to remove MSEvents Object...
[06/26/2008, 0:10:49] - Terminating Process: IEXPLORE.EXE
[06/26/2008, 0:10:49] - Terminating Process: RUNDLL32.EXE
[06/26/2008, 0:10:49] - Disabling Automatic Shell Restart
[06/26/2008, 0:10:49] - Terminating Process: EXPLORER.EXE
[06/26/2008, 0:10:49] - Suspending the NT Session Manager System Service
[06/26/2008, 0:10:49] - Terminating Windows NT Logon/Logoff Manager
[06/26/2008, 0:10:50] - Re-enabling Automatic Shell Restart
[06/26/2008, 0:10:50] - File to disable: C:\WINDOWS\system32\geBroMDw.dll
[06/26/2008, 0:10:50] - Renaming C:\WINDOWS\system32\geBroMDw.dll -> C:\WINDOWS\system32\geBroMDw.dll.vir
[06/26/2008, 0:10:50] - File successfully renamed!
[06/26/2008, 0:10:50] - Removing HKLM\...\Browser Helper Objects\{52043E63-F814-41BB-A8B8-A35474C6C1BD}
[06/26/2008, 0:10:50] - Removing HKCR\CLSID\{52043E63-F814-41BB-A8B8-A35474C6C1BD}
[06/26/2008, 0:10:50] - Adding Kill Bit for ActiveX for GUID: {52043E63-F814-41BB-A8B8-A35474C6C1BD}
[06/26/2008, 0:10:50] - Deleting ATLEvents/MSEvents Registry entries
[06/26/2008, 0:10:50] - Removing HKLM\...\Winlogon\Notify\geBroMDw
[06/26/2008, 0:10:50] - Searching for Browser Helper Objects:
[06/26/2008, 0:10:50] - BHO 1: {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
[06/26/2008, 0:10:50] - BHO 2: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/26/2008, 0:10:50] - BHO 3: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} (CInterceptor Object)
[06/26/2008, 0:10:50] - BHO 4: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/26/2008, 0:10:50] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[06/26/2008, 0:10:50] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/26/2008, 0:10:50] - BHO 7: {B0827D2B-147A-48BF-A574-2A2C311ED22A} ()
[06/26/2008, 0:10:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2008, 0:10:50] - Checking for HKLM\...\Winlogon\Notify\jkkkLeET
[06/26/2008, 0:10:50] - Key not found: HKLM\...\Winlogon\Notify\jkkkLeET, continuing.
[06/26/2008, 0:10:50] - BHO 8: {d6f13773-6359-48ed-b058-87c94afc1fc6} ()
[06/26/2008, 0:10:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2008, 0:10:50] - Checking for HKLM\...\Winlogon\Notify\slpuavaq
[06/26/2008, 0:10:50] - Key not found: HKLM\...\Winlogon\Notify\slpuavaq, continuing.
[06/26/2008, 0:10:50] - Finished Searching Browser Helper Objects
[06/26/2008, 0:10:50] - Finishing up...
[06/26/2008, 0:10:50] - A restart is needed.
[06/26/2008, 0:10:52] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {800AD090-8FB4-4326-9A37-58A7CC1FDDEB} - C:\WINDOWS\system32\jkkkLeET.dll
O2 - BHO: {6cf1cfa4-9c78-850b-de84-953637731f6d} - {d6f13773-6359-48ed-b058-87c94afc1fc6} - C:\WINDOWS\system32\slpuavaq.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [3007e9cc] rundll32.exe "C:\WINDOWS\system32\alrmcshp.dll",b
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\kfilmoxk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

evaromain Messages postés 142 Statut Membre > evaromain Messages postés 142 Statut Membre

moi vais aller dormir... merci beaucoup pour ta patience et tn aide
peut etre a demain
bonne soirée et bonne nuit ^^

Réponse 19 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

cette fois ci on a avancé lol

Pour demain il faut impérativement fair ce-ci calmement et correctement :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

evaromain Messages postés 142 Statut Membre

voila je suis parée pour continuer lol ^^
je n'arrive toujours pas a aller dans poste de trvaille alors l'anti spywair de windows est surement activé.

ComboFix 08-06-20.4 - emilie molle 2008-06-26 7:44:35.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.147 [GMT 2:00]
Endroit: C:\Documents and Settings\emilie molle\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3334da50.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM3334da50.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\edNVyyay.ini
C:\WINDOWS\system32\edNVyyay.ini2
C:\WINDOWS\system32\jkkkLeET.dll
C:\WINDOWS\system32\kfyvdvoo.ini
C:\WINDOWS\system32\phscmrla.ini
C:\WINDOWS\system32\TEeLkkkj.ini
C:\WINDOWS\system32\TEeLkkkj.ini2
C:\WINDOWS\system32\yayyVNde.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
.

2008-06-26 07:35 . 2008-06-26 07:44 354 ---hs---- C:\WINDOWS\system32\phscmrla.ini
2008-06-25 23:23 . 2008-06-25 23:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 23:23 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 23:23 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 22:28 . 2008-06-25 22:28 107,936 --a------ C:\WINDOWS\system32\slpuavaq.dll
2008-06-25 22:26 . 2008-06-25 22:26 84,880 --a------ C:\WINDOWS\system32\alrmcshp.dll
2008-06-25 22:25 . 2008-06-25 22:25 91,472 --a------ C:\WINDOWS\system32\kfilmoxk.dll
2008-06-25 22:20 . 2008-06-25 22:20 294 ---hs---- C:\WINDOWS\system32\kfyvdvoo.ini
2008-06-25 22:16 . 2008-06-25 23:17 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-06-25 21:18 . 2008-06-25 21:18 107,936 --a------ C:\WINDOWS\system32\jitlkqrk.dll
2008-06-25 21:16 . 2008-06-25 21:16 91,472 --a------ C:\WINDOWS\system32\ovwgjvqq.dll
2008-06-25 20:57 . 2008-06-25 21:01 354 ---hs---- C:\WINDOWS\system32\ogerjvux.ini
2008-06-25 19:38 . 2008-06-25 19:38 107,936 --a------ C:\WINDOWS\system32\ccfhlysd.dll
2008-06-25 19:38 . 2008-06-25 19:38 84,880 --a------ C:\WINDOWS\system32\xuvjrego.dll
2008-06-25 19:36 . 2008-06-25 19:36 91,472 --a------ C:\WINDOWS\system32\haiuwsvq.dll
2008-06-25 18:30 . 2008-06-25 18:30 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Dealio
2008-06-25 18:13 . 2008-06-25 18:19 354 ---hs---- C:\WINDOWS\system32\rpslchdg.ini
2008-06-25 17:53 . 2008-06-25 17:53 107,936 --a------ C:\WINDOWS\system32\evcnyxdt.dll
2008-06-25 17:50 . 2008-06-25 17:50 84,880 --a------ C:\WINDOWS\system32\gdhclspr.dll
2008-06-25 17:48 . 2008-06-25 17:48 91,472 --a------ C:\WINDOWS\system32\nbmgqnuw.dll
2008-06-25 17:42 . 2008-06-25 17:42 25,504 --a------ C:\WINDOWS\system32\geBroMDw.dll.vir
2008-06-25 16:12 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-25 16:12 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\Malwarebytes
2008-06-25 14:32 . 2008-06-25 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 13:54 . 2008-06-25 14:15 <REP> d-------- C:\Program Files\Lopxp
2008-06-25 13:39 . 2008-06-25 13:39 <REP> d-------- C:\Program Files\CCleaner
2008-06-25 12:05 . 2008-06-25 12:43 978 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-25 11:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-25 11:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-25 11:49 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-25 11:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-25 11:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-25 11:49 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-25 11:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-25 11:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-25 11:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-25 11:02 . 2008-06-25 11:31 <REP> d-------- C:\Program Files\Navilog1
2008-06-25 10:14 . 2008-06-25 10:14 <REP> d-------- C:\Program Files\Trend Micro
2008-06-25 08:17 . 2008-06-25 22:58 <REP> d-------- C:\Documents and Settings\emilie molle\Application Data\SUPERAntiSpyware.com
2008-06-25 08:17 . 2008-06-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 18:38 . 2008-06-24 18:39 <REP> d-------- C:\Program Files\TrojansFiltre
2008-06-10 21:41 . 2008-06-10 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 21:39 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-10 21:39 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-10 21:39 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-10 21:38 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-10 21:38 . 2008-06-10 21:38 1,024 --a------ C:\.rnd
2008-06-10 21:37 . 2008-06-13 07:18 <REP> d-------- C:\Program Files\LogMeIn
2008-06-10 21:09 . 2008-06-10 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LookMyPC
2008-06-10 09:29 . 2008-06-10 09:29 357,768 --a------ C:\Documents and Settings\emilie molle\SymXPep2.dll
2008-06-10 09:26 . 2004-10-07 14:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-03 01:28 . 2008-06-03 21:44 <REP> d-------- C:\Program Files\PartyGaming
2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-05-26 17:02 . 2008-05-26 17:02 <REP> d-------- C:\Program Files\Picasa2
2008-05-26 17:02 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 17:02 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 06:40 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-25 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-13 21:34 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-23 17:47 --------- d-----w C:\Program Files\Sun
2008-05-23 17:46 --------- d-----w C:\Program Files\Java
2008-05-23 17:44 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-23 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-05-23 07:54 --------- d-----w C:\Program Files\ESTsoft
2008-05-23 07:54 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\ESTsoft
2008-05-23 07:53 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-23 07:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-23 07:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-23 07:38 --------- d-----w C:\Program Files\Rainlendar2
2008-05-23 07:36 --------- d-----w C:\Program Files\Google
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 10:44 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-05-01 10:44 --------- d-----w C:\Documents and Settings\emilie molle\Application Data\LimeWire
2008-04-30 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_16.07.03.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 13:52:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 05:34:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:34 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:02:34 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:27 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:29 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:29 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:35 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:02:38 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-06-25 13:17:55 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-26 05:29:33 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-25 13:17:55 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-26 05:29:33 74,102 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-25 13:17:55 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-26 05:29:33 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-25 13:17:55 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-26 05:29:33 467,560 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:58 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6f13773-6359-48ed-b058-87c94afc1fc6}]
2008-06-25 22:28 107936 --a------ C:\WINDOWS\system32\slpuavaq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"3007e9cc"="C:\WINDOWS\system32\alrmcshp.dll" [2008-06-25 22:26 84880]
"BM3334da50"="C:\WINDOWS\system32\kfilmoxk.dll" [2008-06-25 22:25 91472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 103720 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-08-24 23:07 51048 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
C:\Program Files\ChristmasTree\ChristmasTree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\error junk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Contrôle parental\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
C:\Program Files\Its Label\ItsTV\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-24 22:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 2007-04-10 21:06 53248 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2007-01-18 12:59 389120 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56202:TCP"= 56202:TCP:Pando P2P TCP Listening Port
"56202:UDP"= 56202:UDP:Pando P2P UDP Listening Port
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 22:21:43 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - emilie molle.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
"2008-06-23 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Windows.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 07:47:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-06-26 7:51:49
ComboFix-quarantined-files.txt 2008-06-26 05:50:46
ComboFix2.txt 2008-06-25 19:09:48
ComboFix3.txt 2008-06-25 16:29:52
ComboFix4.txt 2008-06-25 15:29:22

Pre-Run: 57,086,025,728 octets libres
Post-Run: 57,074,962,432 octets libres

325 --- E O F --- 2008-06-25 20:18:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:54:52, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {6cf1cfa4-9c78-850b-de84-953637731f6d} - {d6f13773-6359-48ed-b058-87c94afc1fc6} - C:\WINDOWS\system32\slpuavaq.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [3007e9cc] rundll32.exe "C:\WINDOWS\system32\alrmcshp.dll",b
O4 - HKLM\..\Run: [BM3334da50] Rundll32.exe "C:\WINDOWS\system32\kfilmoxk.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\emilie molle\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 20 / 90

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Effectivement , cela n'a pas fonctionner ...

On vas essayer de reparer le paneau de config :

1-Télécharges se petit soft , ZEB_RESTORE :

http://telechargement.zebulon.fr/zeb-restore.html

Enregistres ce fichier sur ton bureau.

-Clic droit Zeb-Restore.zip ==> "Extraire tout" choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
---> Coches les cases devant ( et uniquement celles-ci ! ) :

* Windows Update : rétablit la fonction Windows Update
* Panneau de configuration : réactive le Panneau de configuration
* Ajout/Suppression de programmes : restaure la fonction Ajout-Suppression de programmes
* Réparation IE : répare Internet Exploreur (pages de recherche)
* Sites de confiance et sensibles : efface le contenu de ces zones (à utiliser si vous êtes infecté par des malwares)
* Préfixes et Protocoles Internet : restore les clés des protocoles Internet (ZoneMap etc.)
* Réinitialiser Fichier Hosts : réinitialise le fichier Hosts

-Cliques sur : " Restaurer "

--->Redémarres ton PC

2-Recommences la manipe avec combofix et postes moi les rapports ...

evaromain Messages postés 142 Statut Membre

je suis bloquer a l'ouverture de "ZR_1.0.0.37" une fois que je veux l'ouvrir il se passe comme pour les autres; c'est a dire que le bureau s'en va et revient s'en ouvrir le programme

Rapport HijackThis... aider moi

90 réponses

Votre réponse

Discussions similaires

Newsletters