Trojan

lameche -  
 Utilisateur anonyme -
Bonjour,
j ai un probleme de trojan pouvez vous m aider
Configuration: Windows XP
Firefox 2.0.0.14

26 réponses

  • 1
  • 2
Résumé de la discussion

Une infection par Trojan et adware est détectée sur un système Windows XP avec Firefox, présentant des composants malveillants tels que Trojan.Zlob, Rogue.AntiSpyCheck et Adware.Starware. Les éléments de réponse recommandent d’opérer en mode sans échec, puis d’utiliser Combofix et Malwarebytes, en générant des rapports HijackThis et Combofix pour guider la suppression et la quarantine. Des listes détaillent les fichiers, dossiers et clés de registre infectés, avec des actions comme Quarantined, Delete on reboot ou Suppression immédiate selon les éléments, et des redémarrages répétés. En cas de persistance, la solution consiste à poursuivre le nettoyage avec des outils complémentaires et à vérifier les extensions et paramètres du navigateur afin d’éviter de futures réinfections.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut ,

    soit plus precis, quels sont les ymptomes ?

    Télécharge HijackThis ici :

    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    0
  2. lameche
     
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Web Technologies\iebtm.exe
    C:\Program Files\Web Technologies\wcs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
    C:\Program Files\Web Technologies\iebtmm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OFFICE One6.0\program\soffice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Web Technologies\wcm.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  3. Utilisateur anonyme
     
    LE RAPPORT N EST PAS COMPLET ET T AS PAS REPONDU A MA QUESTION
    0
    1. lameche
       
      ben j ai l antivirus qui me dis que j ai un trojan horse
      0
  4. lameche
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09:25, on 29/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Web Technologies\iebtm.exe
    C:\Program Files\Web Technologies\wcs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
    C:\Program Files\Web Technologies\iebtmm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OFFICE One6.0\program\soffice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Web Technologies\wcm.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    le rapport n est toujours pas complet manque les lignes 02 04 09 016 etc
    0
  7. lameche
     
    comment je fais pour l avoir complet
    0
  8. Utilisateur anonyme
     
    on verra apres

    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    ps : les rapport sont aussi rangé dans l onglet rapport/log
    0
    1. lameche
       
      Malwarebytes' Anti-Malware 1.19
      Version de la base de données: 902
      Windows 5.1.2600 Service Pack 2

      19:24:04 29/06/2008
      mbam-log-6-29-2008 (19-24-04).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 101842
      Temps écoulé: 57 minute(s), 40 second(s)

      Processus mémoire infecté(s): 4
      Module(s) mémoire infecté(s): 3
      Clé(s) du Registre infectée(s): 34
      Valeur(s) du Registre infectée(s): 13
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 32
      Fichier(s) infecté(s): 102

      Processus mémoire infecté(s):
      C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
      C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
      C:\Program Files\Web Technologies\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
      C:\Program Files\Web Technologies\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\Program Files\Web Technologies\iebt.dll (Trojan.Zlob) -> Unloaded module successfully.
      C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll (Rogue.AntiSpyCheck) -> Unloaded module successfully.
      C:\Program Files\Starware370\bin\Starware370.dll (Adware.Starware) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b8301af7-d00e-4ea4-87c1-5ff4644fbba1} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8301af7-d00e-4ea4-87c1-5ff4644fbba1} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\iewarning32.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9989f1f6-70de-4244-ac9f-6672983681a0} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9989f1f6-70de-4244-ac9f-6672983681a0} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\iewarning32.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{d2608046-dd09-a225-01bf-70c1edd8b2e8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware370 (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{300a1872-2659-460f-b7d4-3fcdfd259d87} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300a1872-2659-460f-b7d4-3fcdfd259d87} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{99754ccd-6945-4467-aa62-0588d39e90f5} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{99754ccd-6945-4467-aa62-0588d39e90f5} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{bd3f0835-e0cc-4fbd-9cb7-ac15cfc6ff49} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{dd37610c-baa7-4541-b6e9-fae7d78d49d5} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{dd37610c-baa7-4541-b6e9-fae7d78d49d5} (Adware.Starware) -> Quarantined and deleted successfully.
      \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\AntiSpyCheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyCheck 2.1.exe (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{dd37610c-baa7-4541-b6e9-fae7d78d49d5} (Adware.Starware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40773882842046536556912830725863 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyCheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\Web Technologies (Trojan.Zlob) -> Delete on reboot.
      C:\Program Files\Starware370 (Adware.Starware) -> Delete on reboot.
      C:\Program Files\Starware370\bin (Adware.Starware) -> Delete on reboot.
      C:\Program Files\Starware370\icons (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\contexts (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpyCheck 2.1 (Rogue.AntiSpyCheck) -> Delete on reboot.
      C:\Program Files\XP Antivirus (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\WinAntiSpyware 2006 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\WinAntiSpyware 2006\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Manager (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Paroles (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Radio_FR (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Recherche_de_musique (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Telechargement (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Program Files\Web Technologies\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\iebt.dll (Trojan.Zlob) -> Delete on reboot.
      C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\Web Technologies\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Program Files\UAV\uav.exe (Rogue.Installer) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll (Rogue.AntiSpyCheck) -> Delete on reboot.
      C:\Documents and Settings\Messner\Local Settings\Temporary Internet Files\Content.IE5\4LTUCALN\AAVSetup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Local Settings\Temporary Internet Files\Content.IE5\8FL54AJ7\UAV2008Setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
      C:\Program Files\UAV\uav.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{1231C99F-707C-4176-AE65-F9A90A3BF86D}\RP444\A0058344.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{1231C99F-707C-4176-AE65-F9A90A3BF86D}\RP446\A0058402.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jhzpcn.dll_old (Trojan.Zlob) -> Delete on reboot.
      C:\WINDOWS\system32\uav.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\Starware370\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Program Files\Starware370\Starware370Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Program Files\Starware370\Starware370Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Program Files\Starware370\bin\Starware370.dll (Adware.Starware) -> Delete on reboot.
      C:\Program Files\Starware370\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_80.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Program Files\AntiSpyCheck 2.1\uninst.exe (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\AAV\aav.cpl (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\AAV\aav.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\AAV\aav0.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\AAV\aav1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\UAV\uav.ooo (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\UAV\uav0.dat (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\Program Files\UAV\uav1.dat (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\WinAntiSpyware 2006\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_6\Button_6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_6\Button_6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_7\Button_7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_7\Button_7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_8\Button_8Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Button_8\Button_8Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Paroles\ParolesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Paroles\ParolesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Radio_FR\Radio_FROptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Telechargement\TelechargementOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Telechargement\TelechargementOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Menu Démarrer\AntiSpyCheck 2.1.lnk (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Messner\Local Settings\Temp\WinAntiSpyware2006Setup.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
      0
    2. lameche
       
      ca y est j ai fait ce q ta dis
      0
  9. Utilisateur anonyme
     
    Réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge clean.zip, de Malekal
    http://www.malekal.com/download/clean.zip

    (1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

    (2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

    une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

    (3) Choisis l'option 1 puis patiente
    Poste le rapport obtenu

    pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
    et copie/colle le sur ta prochaine réponse .

    Ne passe pas à l'option 2 sans notre avis !

    0
    1. lameche
       
      29/06/2008 a 19:48:07,40

      *** Recherche des fichiers dans C:

      *** Recherche des fichiers dans C:\WINDOWS\

      *** Recherche des fichiers dans C:\WINDOWS\system32

      *** Recherche des fichiers dans C:\Program Files
      "C:\Program Files\AskTBar\" FOUND
      *** Fin du rapport !
      0
  10. Utilisateur anonyme
     
    -> Redémarre en mode sans échec :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    -> Tuto : http://forum.telecharger.01net.com/forum/

    -> Une fois en mode sans echec, ouvre le dossier que tu auvais crée et click sur clean.cmd et choisis l'option 2.

    -> Redémarre normalement et poste le rapport de clean + un nouveau rapport hijackthi stp
    0
    1. lameche
       
      Script execute en mode sans echec
      Rapport clean par Malekal_morte - http://www.malekal.com
      Script execute en mode sans echec 29/06/2008 a 19:56:41,78

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression des fichiers dans C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32

      *** Suppression des fichiers dans C:\Program Files
      tentative de suppression de "C:\Program Files\AskTBar\"

      *** Suppression des clefs du registre effectuee..
      *** Fin du rapport !
      0
  11. lameche
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:03:50, on 29/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OFFICE One6.0\program\soffice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    0
  12. lameche
     
    je n ai plu le message de l antivirus est ce q c bon
    0
  13. Utilisateur anonyme
     
    le rapport hijackthis n est pas complet
    0
    1. lameche
       
      comment on fait pour l avoir complet
      0
  14. Utilisateur anonyme
     
    tu copie l integralité du rapport

    le rapport ce termine par end of file
    0
    1. lameche
       
      y ve pas il me dit hisjack is all ready running
      0
  15. Utilisateur anonyme
     
    soit tu redémarre soit tu fais ça

    ctrl+alt+suprr

    ouvre le getionnaire des taches

    fais un clic sur hijackthis et fais fin de tache
    0
    1. lameche
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:48:13, on 29/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe
      C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
      C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
      C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\OFFICE One6.0\program\soffice.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
      O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe" /dontopenmycards
      O4 - HKLM\..\Run: [AntiSpyCheck 2.1] "C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe"
      O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
      O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
      O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
      O4 - HKCU\..\Run: [40773882842046536556912830725863] C:\Program Files\XP Antivirus\xpa.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
      O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
      O4 - Global Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  16. Utilisateur anonyme
     
    encore beaucoup d infections

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. lameche
       
      ComboFix 08-06-20.4 - Messner 2008-06-29 20:56:56.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.561 [GMT 2:00]
      Endroit: C:\Documents and Settings\Messner\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\Starware370

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
      .

      2009-04-22 21:24 . 2009-04-22 21:24 140,488 --a------ C:\WINDOWS\system32\ComDlg32.ocx
      2009-04-22 21:24 . 2009-04-22 21:24 256 --a------ C:\WINDOWS\system32\imail40.rtl
      2008-06-29 19:48 . 2008-06-29 19:48 14,480,831 --a------ C:\upload_moi_STATION.tar.gz
      2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Documents and Settings\Messner\Application Data\Malwarebytes
      2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-29 18:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-29 18:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-06-29 18:09 . 2008-06-29 18:09 <REP> d-------- C:\Program Files\Trend Micro
      2008-06-29 17:29 . 2008-06-29 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-06-29 15:57 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
      2008-06-29 15:57 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
      2008-06-29 15:57 . 2008-06-29 15:57 3,120 --a------ C:\WINDOWS\system32\118290.54
      2008-06-29 15:57 . 2008-06-29 15:57 3,120 --a------ C:\WINDOWS\118294.78
      2008-06-29 15:57 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
      2008-06-29 14:41 . 2008-06-29 16:29 0 --a------ C:\WINDOWS\system32\ieupdates.exe.tmp
      2008-06-29 14:39 . 2008-06-29 19:41 <REP> d-------- C:\Program Files\Panda Security
      2008-06-29 13:41 . 2008-06-29 18:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-06-11 14:11 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 14:11 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-01 07:02 . 2008-06-01 07:02 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-06-01 07:01 . 2008-06-01 07:02 <REP> d-------- C:\Program Files\Windows Live
      2008-06-01 07:01 . 2008-06-01 07:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-29 15:19 --------- d-----w C:\Program Files\Tarobot
      2008-06-29 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-06-29 13:27 --------- d-----w C:\Documents and Settings\Messner\Application Data\AVG7
      2008-06-29 11:56 --------- d-----w C:\Program Files\Ludiclub
      2008-06-29 09:36 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-06-26 19:46 31,986 ----a-w C:\Documents and Settings\Messner\Application Data\wklnhst.dat
      2008-06-19 21:00 --------- d-----w C:\Program Files\eMule
      2008-06-16 17:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-05-20 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-05-16 14:00 84,584 ----a-w C:\Documents and Settings\Messner\Application Data\GDIPFONTCACHEV1.DAT
      2008-05-08 18:47 --------- d-----w C:\Documents and Settings\Messner\Application Data\AdobeUM
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 21:54 68856]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
      "Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-28 11:56 580096]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
      "Logitech Utility"="LOGI_MWX.EXE" [2003-03-04 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 12:06 110592]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]
      "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
      "eCarteBleue-CLEO"="C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe" [2006-02-07 10:07 200704]
      "Antivirus"="C:\Program Files\UAV\uav.exe" [ ]
      "OoPDFSettingsv6.exe"="C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe" [2002-08-16 12:14 310272]
      "OFFICEOneNotesv6.exe"="C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe" [2002-08-16 13:00 871936]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 11:05 219136]

      C:\Documents and Settings\Messner\Menu D‚marrer\Programmes\D‚marrage\
      OFFICE One 6.0.lnk - C:\Program Files\OFFICE One6.0\program\quickstart.exe [2002-07-15 07:00:00 40960]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Digimax Viewer 1.0.lnk - C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe [2006-12-27 16:57:16 331776]
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.xvid"= xvid.dll
      "msacm.enc"= ITIG726.acm

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Tarobot\\tarobot.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
      R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-06-29 14:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
      - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
      "2008-06-29 18:28:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-29 21:00:13
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-29 21:01:17
      ComboFix-quarantined-files.txt 2008-06-29 19:01:07

      Pre-Run: 126,746,750,976 octets libres
      Post-Run: 132,278,493,184 octets libres

      138 --- E O F --- 2008-06-20 17:01:54
      0
  17. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\ComDlg32.ocx
    C:\WINDOWS\system32\imail40.rtl
    C:\upload_moi_STATION.tar.gz
    C:\WINDOWS\system32\Machnm1.exe
    C:\WINDOWS\system32\Machnm64.sys
    C:\WINDOWS\system32\118290.54
    C:\WINDOWS\118294.78
    C:\WINDOWS\system32\Machnm32.sys
    C:\WINDOWS\system32\ieupdates.exe.tmp
    C:\Program Files\UAV\uav.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe

    Folder::
    C:\Program Files\UAV

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-
    "OoPDFSettingsv6.exe"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  18. lameche
     
    ComboFix 08-06-20.4 - Messner 2008-06-29 21:25:05.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.539 [GMT 2:00]
    Endroit: C:\Documents and Settings\Messner\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Messner\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
    C:\Program Files\UAV\uav.exe
    C:\upload_moi_STATION.tar.gz
    C:\WINDOWS\118294.78
    C:\WINDOWS\system32\118290.54
    C:\WINDOWS\system32\ComDlg32.ocx
    C:\WINDOWS\system32\ieupdates.exe.tmp
    C:\WINDOWS\system32\imail40.rtl
    C:\WINDOWS\system32\Machnm1.exe
    C:\WINDOWS\system32\Machnm32.sys
    C:\WINDOWS\system32\Machnm64.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
    C:\upload_moi_STATION.tar.gz
    C:\WINDOWS\118294.78
    C:\WINDOWS\system32\118290.54
    C:\WINDOWS\system32\ComDlg32.ocx
    C:\WINDOWS\system32\ieupdates.exe.tmp
    C:\WINDOWS\system32\imail40.rtl
    C:\WINDOWS\system32\Machnm1.exe
    C:\WINDOWS\system32\Machnm32.sys
    C:\WINDOWS\system32\Machnm64.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Documents and Settings\Messner\Application Data\Malwarebytes
    2008-06-29 18:24 . 2008-06-29 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-29 18:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-29 18:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-29 18:09 . 2008-06-29 18:09 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-29 17:29 . 2008-06-29 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-29 14:39 . 2008-06-29 19:41 <REP> d-------- C:\Program Files\Panda Security
    2008-06-29 13:41 . 2008-06-29 18:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-11 14:11 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 14:11 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-01 07:02 . 2008-06-01 07:02 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-01 07:01 . 2008-06-01 07:02 <REP> d-------- C:\Program Files\Windows Live
    2008-06-01 07:01 . 2008-06-01 07:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 15:19 --------- d-----w C:\Program Files\Tarobot
    2008-06-29 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-29 13:27 --------- d-----w C:\Documents and Settings\Messner\Application Data\AVG7
    2008-06-29 11:56 --------- d-----w C:\Program Files\Ludiclub
    2008-06-29 09:36 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-26 19:46 31,986 ----a-w C:\Documents and Settings\Messner\Application Data\wklnhst.dat
    2008-06-19 21:00 --------- d-----w C:\Program Files\eMule
    2008-06-16 17:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-20 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-05-16 14:00 84,584 ----a-w C:\Documents and Settings\Messner\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-08 18:47 --------- d-----w C:\Documents and Settings\Messner\Application Data\AdobeUM
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 21:54 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
    "Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-28 11:56 580096]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
    "Logitech Utility"="LOGI_MWX.EXE" [2003-03-04 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 12:06 110592]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
    "eCarteBleue-CLEO"="C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe" [2006-02-07 10:07 200704]
    "OFFICEOneNotesv6.exe"="C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe" [2002-08-16 13:00 871936]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 11:05 219136]

    C:\Documents and Settings\Messner\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One 6.0.lnk - C:\Program Files\OFFICE One6.0\program\quickstart.exe [2002-07-15 07:00:00 40960]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Digimax Viewer 1.0.lnk - C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe [2006-12-27 16:57:16 331776]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "msacm.enc"= ITIG726.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Tarobot\\tarobot.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-29 14:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
    - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    "2008-06-29 18:28:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-29 21:25:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-29 21:26:23
    ComboFix-quarantined-files.txt 2008-06-29 19:26:19
    ComboFix2.txt 2008-06-29 19:01:18

    Pre-Run: 132,249,395,200 octets libres
    Post-Run: 132,249,333,760 octets libres

    150 --- E O F --- 2008-06-20 17:01:54
    0
  19. lameche
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:41, on 29/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe
    C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OFFICE One6.0\program\soffice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Documents and Settings\Messner\Mes documents\ECB-CLEO.exe" /dontopenmycards
    O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
    O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
    O4 - Global Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  • 1
  • 2