Sujet Précédent Sujet Suivant

AVAST détecte YSNIFF !!!

Chéri_e_2004 Messages postés 22 Statut Membre -  
 Utilisateur anonyme -
Bonjour, suite à l'installation d ela dernière version de Avast, celui ci detecte systématiquement un certain fichier du non de : "SVC: YSNIFF" type sevices cachés. (sic)

Avast propose bien de le supprimer, mais rien y fait !

Si quelqu'un ici à rencontré cela et à une suggestion d'éradication; bienvenue

Si plus d'infos nécessaire dites le moi aussi.

Merci, Deniz
A voir également:

45 réponses

Précédent
Réponse 21 / 45
Utilisateur anonyme
 
Re ,

Il va falloir recommencer OAD. 

[' YSNIFF ']


il ne faut pas ceci -> '

Juste :

YSNIFF

++
0
Réponse 22 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir, j'ai l'impression qu'on progresse ! ??

resultat dimanche soir.txt
*****************************************

03/08/2008 ---- 20:35:57,00

----------------------------------
§§§§§§ [YSNIFF] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_USERS\S-1-5-21-2650906804-2791411030-1591295623-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="ysniff"

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 23 / 45
Utilisateur anonyme
 
Re ,
On va essayer ça :

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation en gras ci-dessous, (copie tout d'un trait) : ( y compris Regedit4, et la ligne vide en dessous )

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YSNIFF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YSNIFF ]
[HKEY_USERS\S-1-5-21-2650906804-2791411030-1591295623-1006\S­oftware\Microsoft\Search Assistant\ACMru\5603]
"000"=-

Puis "fichier" -> "enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

Cela doit ressembler à ça

Double clique sur fix.reg

→ tu dois OBLIGATOIREMENT* avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

*Prevenir si le message n'apparait pas.

************************************************************

→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

→ Double-clic sur DSS.exe pour lancer l'outil.

→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

++
0
Réponse 24 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir, on obtient ça
ça aide ?
Merci
Deniz

Deckard's System Scanner v20071014.68
Run by acer on 2008-08-05 00:49:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-08-04 22:50:03 UTC - RP787 - Deckard's System Scanner Restore Point
3: 2008-08-03 18:42:33 UTC - RP786 - Removed SPYWAREfighter.
2: 2008-08-03 09:05:24 UTC - RP785 - Point de vérification système
1: 2008-08-02 08:54:37 UTC - RP784 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as acer.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:43, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\acer\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {5947833E-3E8D-4278-D6C6-34D19F3B9F9A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adzgalore - {92e4271b-6f1d-02e3-9896-2bc2d84e4302} - C:\WINDOWS\system32\nstE.dll (file missing)
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - (no file)
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\acer\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
Utilisateur anonyme
 
Salut ,
Ton pc contient d'autres infections .

Nous allons supprimer SweetIM.

Extrait des conditions d'utilisation :

"If you choose to use the SweetIM Software or the Services, you may be exposed to a variety of risks such as : (i) unauthorized invasion of your privacy during, or as a result of, your or another's use of the Service (ii) unauthorized exposure of information and material posted by you or others on or through the Services. (iii) potential exposure to objectionable material and/or parties, such as content and messages that may offend and which may contain contaminated files.,(iv) spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, "imposturing", electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be illegal."

Traduction :

"Si vous choisissez d'utiliser le programme SweetIM ou l'un de ses services , vous serez exposé a une variété de risques tel que : Intrusion dans votre vie privée , et cela pour quiconque utilisera ce Service. L'exposition faite sans votre autorisation d'informations concernant votre matériel donné par vous même ou l'un des Services. Une potentielle exposition à des messages ( publicitaires ) pouvant choquer ou contenir des fichiers infectés. Ce qui peut entrainer : Usurpation d'identité electronique , écoute téléphonique , écoute du trafic sur le réseaux ,spamming , 'crackage' de mots de passe , harcélement , fraude , falsification , impostures , diverses atteintes electronique , hacking , nuking , contamination du système sans limitation d'utilisation de virus , les vers & les trojans causent des dégats ou intrusions non autorisés et/ou recouvrement d'informations des données présentes dans votre ordinateur ainsi que d'autres formes d'activitées qui peuvent être illégales.

● Télécharge SIM-Remover.exe sur ton bureau.
● Double clique dessus pour lancer l'application.

● A la fin du scan , ce message doit apparaître " COMPLETE ! press any key to quit program " .

************************************************************************************

Imprime ou enregistre ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. ►► FAIT LE

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse

Tutorial : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

++
0
Réponse 26 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Salut C_XX
Voilà le rapport !

Ca a fait un sacré clean on dirrai !

Merci de ton aide.
Prochaine étapes ? Merci
Deniz

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2

23:18:56 06/08/2008
mbam-log-8-6-2008 (23-18-56).txt

Type de recherche: Examen complet (C:\|J:\|K:\|)
Eléments examinés: 123806
Temps écoulé: 41 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpmsky (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92e4271b-6f1d-02e3-9896-2bc2d84e4302} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92e4271b-6f1d-02e3-9896-2bc2d84e4302} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll (Adware.Agent) -> Quarantined and deleted successfully.
0
Réponse 27 / 45
Utilisateur anonyme
 
Re ,
En effet.

● Vide la quarantaine de Malwarebyte's Anti-Malware:

_ Clique sur le raccourci de "Malwarebytes' Anti-Malware" , puis sur "Quarantaine" .

sélectionne les divers éléments en cliquant sur "Tout" puis clique sur "Supprime".

+ reposte un rapport DSS.

++
0
Réponse 28 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir / Bonjour, on est un peu décalé dans le temps là ! LOL

Bon voilà ci dessous le rapport de DSS.

Toujours YSNIFF detecté au démarage.

Merci de ton aide !
Denis

*************************************************
Deckard's System Scanner v20071014.68
Run by acer on 2008-08-07 22:01:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as acer.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:58, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\acer\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5947833E-3E8D-4278-D6C6-34D19F3B9F9A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\acer\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 29 / 45
Utilisateur anonyme
 
Re ,

→ Télécharge LOP S&D sur ton bureau.

Ton Anti-virus risque de gueuler pendant la procédure , ne t'inquiète pas. Désactive-le si necessaire.

→ Ensuite double clique sur LopSD.exe pour lancer l'installation. Accepte le contrat de license.

Un message va t'informer que le repertoire n'existe pas , répond ' oui ' à la question qui s'en suit.

→ Maintenant double clique sur Lop S&D ( raccourci Lop S&D présent sur le bureau).

Au menu principal, choisis l'option 1

--- Le programme va travailler ---

En fin d'analyse un rapport va apparaître , copie-en le contenu dans ta prochaine réponse.

( rapport sauvegardé aussi dans C:\lopR.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide) /!\

Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm

++
0
Réponse 30 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir, voilà le rapport de Lop S&D
J'ai du mal à voir l'action qu a été fait.
Bon si ça te parle tant mieux.
Merci de ton aide et de m'indiquer la prochaine étape.
Bonne soirée
Deniz

--------------------\\ Lop S&D 4.2.2-5 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : acer ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 08/08/2008 | 16:49:28,57 ] [ PC : ACER-755E621E64 ]
[ MAJ : 01-08-2008 | 01:40 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[12/07/2008|17:26] C:\DOCUME~1\acer\APPLIC~1\.wyzo
[26/07/2007|13:51] C:\DOCUME~1\acer\APPLIC~1\Adobe
[03/09/2006|22:51] C:\DOCUME~1\acer\APPLIC~1\AdobeUM
[15/11/2006|00:52] C:\DOCUME~1\acer\APPLIC~1\Ahead
[10/03/2008|01:42] C:\DOCUME~1\acer\APPLIC~1\ArcSoft
[02/03/2008|23:57] C:\DOCUME~1\acer\APPLIC~1\Azureus
[03/06/2006|17:48] C:\DOCUME~1\acer\APPLIC~1\CyberLink
[16/12/2005|04:04] C:\DOCUME~1\acer\APPLIC~1\desktop.ini
[02/03/2007|23:45] C:\DOCUME~1\acer\APPLIC~1\DivX
[03/10/2006|19:44] C:\DOCUME~1\acer\APPLIC~1\Droppix
[18/12/2006|03:56] C:\DOCUME~1\acer\APPLIC~1\Ethereal
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\ezpinst.exe
[11/05/2008|20:12] C:\DOCUME~1\acer\APPLIC~1\GanymedeNet
[15/11/2006|12:59] C:\DOCUME~1\acer\APPLIC~1\Google
[03/12/2007|17:35] C:\DOCUME~1\acer\APPLIC~1\Help
[24/05/2006|02:23] C:\DOCUME~1\acer\APPLIC~1\Identities
[11/05/2008|09:55] C:\DOCUME~1\acer\APPLIC~1\InstallShield
[17/04/2007|21:23] C:\DOCUME~1\acer\APPLIC~1\internaldb6334.dat
[14/07/2008|02:05] C:\DOCUME~1\acer\APPLIC~1\Lavasoft
[08/08/2008|16:49] C:\DOCUME~1\acer\APPLIC~1\LimeWire
[09/04/2008|17:33] C:\DOCUME~1\acer\APPLIC~1\Logitech
[03/06/2006|18:00] C:\DOCUME~1\acer\APPLIC~1\Macromedia
[06/08/2008|22:32] C:\DOCUME~1\acer\APPLIC~1\Malwarebytes
[30/03/2007|12:18] C:\DOCUME~1\acer\APPLIC~1\Microsoft
[16/06/2006|13:24] C:\DOCUME~1\acer\APPLIC~1\Microsoft Web Folders
[03/06/2006|18:11] C:\DOCUME~1\acer\APPLIC~1\Mozilla
[13/06/2006|23:27] C:\DOCUME~1\acer\APPLIC~1\Opera
[21/01/2007|11:52] C:\DOCUME~1\acer\APPLIC~1\Paltalk
[09/05/2007|23:29] C:\DOCUME~1\acer\APPLIC~1\PC Tools
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.cat
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.inf
[03/10/2006|19:30] C:\DOCUME~1\acer\APPLIC~1\pcouffin.log
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.sys
[03/06/2006|17:57] C:\DOCUME~1\acer\APPLIC~1\Spybot - Search & Destroy
[03/06/2006|18:17] C:\DOCUME~1\acer\APPLIC~1\Sun
[03/06/2006|17:33] C:\DOCUME~1\acer\APPLIC~1\Symantec
[03/06/2006|18:08] C:\DOCUME~1\acer\APPLIC~1\Talkback
[20/02/2008|20:47] C:\DOCUME~1\acer\APPLIC~1\TeamViewer
[16/07/2008|18:01] C:\DOCUME~1\acer\APPLIC~1\Test pure each
[03/06/2006|18:06] C:\DOCUME~1\acer\APPLIC~1\TuneUp Software
[18/12/2007|00:36] C:\DOCUME~1\acer\APPLIC~1\vlc
[01/01/2008|17:20] C:\DOCUME~1\acer\APPLIC~1\Vso
[05/03/2007|02:57] C:\DOCUME~1\acer\APPLIC~1\Webroot
[25/03/2008|02:31] C:\DOCUME~1\acer\APPLIC~1\WinButler
[03/03/2007|00:32] C:\DOCUME~1\acer\APPLIC~1\WinssCookie.txt
[18/12/2006|03:47] C:\DOCUME~1\acer\APPLIC~1\Yahoo!

[06/11/2006|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\118300.34
[15/02/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[28/01/2008|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/07/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
[20/02/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[10/12/2006|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[03/06/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/12/2005|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[03/10/2006|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[03/06/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[21/07/2008|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/05/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[09/04/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[06/08/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/07/2008|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/01/2008|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[30/11/2006|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/06/2006|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07/08/2008|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[03/06/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[05/03/2007|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
[04/06/2006|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml3.tmp
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml4.tmp
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml5.tmp
[15/12/2006|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[16/12/2005|04:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[24/05/2006|02:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/05/2006|02:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/12/2005|03:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[28/01/2007|19:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[08/02/2007|20:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[05/03/2007|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

[05/03/2007|02:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[03/06/2006|20:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[01/08/2008 17:15][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[08/08/2008 10:39][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[24/05/2006|11:17] C:\Program Files\Acer
[08/07/2008|17:04] C:\Program Files\Adobe
[09/04/2007|10:10] C:\Program Files\AdSponsorCL
[28/01/2008|15:04] C:\Program Files\ahead
[16/07/2008|09:03] C:\Program Files\Alwil Software
[10/03/2008|01:37] C:\Program Files\ArcSoft
[06/06/2006|13:09] C:\Program Files\a-squared
[24/01/2007|11:59] C:\Program Files\BarreConfCMCIC
[03/02/2008|10:59] C:\Program Files\CA Yahoo! Anti-Spy
[05/12/2006|03:08] C:\Program Files\CCleaner
[21/05/2008|17:40] C:\Program Files\CDex
[30/09/2007|02:57] C:\Program Files\Copystar
[17/07/2008|11:36] C:\Program Files\Dictionnaire
[21/01/2008|02:21] C:\Program Files\DivX
[21/01/2008|02:21] C:\Program Files\checs
[03/08/2008|20:43] C:\Program Files\Fichiers communs
[17/02/2008|02:32] C:\Program Files\Free Easy Burner
[16/07/2008|17:47] C:\Program Files\gnubg
[25/07/2008|20:45] C:\Program Files\Google
[08/05/2008|16:30] C:\Program Files\IncrediMail
[25/07/2008|20:59] C:\Program Files\InstallShield Installation Information
[20/05/2007|07:25] C:\Program Files\Internet Explorer
[10/05/2007|16:26] C:\Program Files\Inventel
[23/07/2008|16:09] C:\Program Files\Java
[14/07/2008|02:05] C:\Program Files\Lavasoft
[02/06/2008|16:59] C:\Program Files\Lexmark 1200 Series
[07/12/2006|12:09] C:\Program Files\Lexmark 730 Series
[05/07/2008|23:18] C:\Program Files\LimeWire
[09/04/2008|17:33] C:\Program Files\Logitech
[10/12/2006|13:14] C:\Program Files\Lx_cats
[06/08/2008|22:32] C:\Program Files\Malwarebytes' Anti-Malware
[16/09/2007|19:14] C:\Program Files\Managed DirectX (0900)
[29/07/2008|02:10] C:\Program Files\Max PC Booster
[21/01/2008|02:21] C:\Program Files\Messenger
[30/09/2007|03:14] C:\Program Files\Micro Application
[16/06/2006|13:24] C:\Program Files\microsoft frontpage
[04/06/2006|16:39] C:\Program Files\Microsoft Office
[18/07/2006|10:29] C:\Program Files\Microsoft Visual Studio
[24/05/2006|02:33] C:\Program Files\Movie Maker
[08/08/2008|14:59] C:\Program Files\Mozilla Firefox
[16/12/2005|03:06] C:\Program Files\MSN
[24/05/2006|02:33] C:\Program Files\MSN Gaming Zone
[08/02/2007|14:27] C:\Program Files\MSN Messenger
[28/01/2008|15:08] C:\Program Files\Nero
[24/05/2006|02:34] C:\Program Files\NetMeeting
[16/06/2006|12:46] C:\Program Files\NewTech Infosystems
[03/04/2007|15:54] C:\Program Files\opspuwsr
[03/03/2007|17:12] C:\Program Files\Outlook Express
[21/01/2007|11:52] C:\Program Files\Paltalk Messenger
[27/05/2007|23:29] C:\Program Files\pasystem
[10/03/2007|18:03] C:\Program Files\QuickTime
[24/05/2006|02:36] C:\Program Files\Realtek
[21/05/2007|01:26] C:\Program Files\RegSupreme
[20/05/2007|02:58] C:\Program Files\Securitoo
[24/05/2006|02:36] C:\Program Files\Services en ligne
[30/07/2008|19:57] C:\Program Files\Soulseek
[25/07/2008|02:05] C:\Program Files\Trend Micro
[24/07/2008|02:00] C:\Program Files\Trillian
[25/07/2008|20:58] C:\Program Files\Trust
[16/12/2005|03:17] C:\Program Files\Uninstall Information
[16/07/2008|17:46] C:\Program Files\VisualRoute 2008
[03/10/2006|19:29] C:\Program Files\VSO
[20/05/2007|03:04] C:\Program Files\Wanadoo
[05/03/2007|02:59] C:\Program Files\Webroot
[21/01/2008|02:21] C:\Program Files\Windows Media Connect 2
[08/02/2007|12:34] C:\Program Files\Windows Media Player
[24/05/2006|02:36] C:\Program Files\Windows NT
[16/12/2005|03:07] C:\Program Files\WindowsUpdate
[16/12/2006|03:53] C:\Program Files\WinPcap
[14/07/2008|00:03] C:\Program Files\WinRAR
[01/01/2008|17:42] C:\Program Files\wnaspi32.dll
[24/05/2006|02:36] C:\Program Files\xerox
[12/06/2006|02:55] C:\Program Files\XP Codec Pack
[21/07/2008|00:32] C:\Program Files\Yahoo!
[21/06/2006|13:34] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[15/02/2008|03:16] C:\Program Files\Fichiers communs\Adobe
[28/01/2008|15:12] C:\Program Files\Fichiers communs\Ahead
[24/05/2006|11:18] C:\Program Files\Fichiers communs\ArcSoft
[16/06/2006|13:29] C:\Program Files\Fichiers communs\Designer
[12/06/2006|14:31] C:\Program Files\Fichiers communs\EPSON
[10/02/2008|20:50] C:\Program Files\Fichiers communs\eSellerate
[10/05/2007|16:26] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[24/05/2006|02:32] C:\Program Files\Fichiers communs\InstallShield
[16/12/2005|03:21] C:\Program Files\Fichiers communs\Java
[28/01/2008|15:16] C:\Program Files\Fichiers communs\LightScribe
[11/05/2008|10:06] C:\Program Files\Fichiers communs\Logishrd
[11/05/2008|09:56] C:\Program Files\Fichiers communs\Logitech
[09/04/2008|17:32] C:\Program Files\Fichiers communs\Microsoft Shared
[24/05/2006|02:32] C:\Program Files\Fichiers communs\MSSoap
[16/12/2005|03:20] C:\Program Files\Fichiers communs\muvee Technologies
[16/06/2006|12:46] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/05/2006|02:32] C:\Program Files\Fichiers communs\ODBC
[25/07/2008|20:58] C:\Program Files\Fichiers communs\PCCamera
[29/01/2008|00:13] C:\Program Files\Fichiers communs\Scanner
[24/05/2006|02:32] C:\Program Files\Fichiers communs\Services
[24/05/2006|02:32] C:\Program Files\Fichiers communs\SpeechEngines
[03/03/2007|17:12] C:\Program Files\Fichiers communs\System
[22/07/2008|09:03] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 40 Processus )

iexplore.exe ~ [672]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\acer\APPLIC~1\TESTPU~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
C:\DOCUME~1\acer\APPLIC~1\Test pure each
C:\DOCUME~1\acer\Cookies\acer@advertstream[1].txt
C:\DOCUME~1\acer\Cookies\acer@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\help list load]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\acer\\APPLIC~1\\TESTPU~1\\sectblah.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 16:50:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 111

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

[F:99][D:5]-> C:\DOCUME~1\acer\LOCALS~1\Temp
[F:144][D:0]-> C:\DOCUME~1\acer\Cookies
[F:5224][D:11]-> C:\DOCUME~1\acer\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 16:51:34,81
0
Réponse 31 / 45
Utilisateur anonyme
 
Re ,

Relance Lop S&D

> option2 ( suppression )

Et poste le rapport obtenu.

( rapport situé dans C:\lopR.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

********************************

Clique sur démarrerexécuter ► copie/colle ceci & valide :

"%userprofile%\bureau\dss.exe" /config

► Valide. et clique sur Scan.
► Cela va ouvrir le panneau de configuration de DSS
► Clique sur Check All puis Scan

++
0
Réponse 32 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bon voilà les 2 logs
Merci
Bon Week end.
Denis

------------->>>> lopR2.txt <<<<-------------------------------------------------------------------------------------

--------------------\\ Lop S&D 4.2.2-5 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : acer ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 08/08/2008 | 23:27:40,34 ] [ PC : ACER-755E621E64 ]
[ MAJ : 01-08-2008 | 01:40 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\acer\Cookies\acer@advertstream[1].txt
Supprime! - C:\DOCUME~1\acer\Cookies\acer@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
Supprime! - C:\DOCUME~1\acer\APPLIC~1\Test pure each
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\DOCUME~1\acer\APPLIC~1\WinButler

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[12/07/2008|17:26] C:\DOCUME~1\acer\APPLIC~1\.wyzo
[26/07/2007|13:51] C:\DOCUME~1\acer\APPLIC~1\Adobe
[03/09/2006|22:51] C:\DOCUME~1\acer\APPLIC~1\AdobeUM
[15/11/2006|00:52] C:\DOCUME~1\acer\APPLIC~1\Ahead
[10/03/2008|01:42] C:\DOCUME~1\acer\APPLIC~1\ArcSoft
[02/03/2008|23:57] C:\DOCUME~1\acer\APPLIC~1\Azureus
[03/06/2006|17:48] C:\DOCUME~1\acer\APPLIC~1\CyberLink
[16/12/2005|04:04] C:\DOCUME~1\acer\APPLIC~1\desktop.ini
[02/03/2007|23:45] C:\DOCUME~1\acer\APPLIC~1\DivX
[03/10/2006|19:44] C:\DOCUME~1\acer\APPLIC~1\Droppix
[18/12/2006|03:56] C:\DOCUME~1\acer\APPLIC~1\Ethereal
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\ezpinst.exe
[11/05/2008|20:12] C:\DOCUME~1\acer\APPLIC~1\GanymedeNet
[15/11/2006|12:59] C:\DOCUME~1\acer\APPLIC~1\Google
[03/12/2007|17:35] C:\DOCUME~1\acer\APPLIC~1\Help
[24/05/2006|02:23] C:\DOCUME~1\acer\APPLIC~1\Identities
[11/05/2008|09:55] C:\DOCUME~1\acer\APPLIC~1\InstallShield
[17/04/2007|21:23] C:\DOCUME~1\acer\APPLIC~1\internaldb6334.dat
[14/07/2008|02:05] C:\DOCUME~1\acer\APPLIC~1\Lavasoft
[08/08/2008|18:57] C:\DOCUME~1\acer\APPLIC~1\LimeWire
[09/04/2008|17:33] C:\DOCUME~1\acer\APPLIC~1\Logitech
[03/06/2006|18:00] C:\DOCUME~1\acer\APPLIC~1\Macromedia
[06/08/2008|22:32] C:\DOCUME~1\acer\APPLIC~1\Malwarebytes
[30/03/2007|12:18] C:\DOCUME~1\acer\APPLIC~1\Microsoft
[16/06/2006|13:24] C:\DOCUME~1\acer\APPLIC~1\Microsoft Web Folders
[03/06/2006|18:11] C:\DOCUME~1\acer\APPLIC~1\Mozilla
[13/06/2006|23:27] C:\DOCUME~1\acer\APPLIC~1\Opera
[21/01/2007|11:52] C:\DOCUME~1\acer\APPLIC~1\Paltalk
[09/05/2007|23:29] C:\DOCUME~1\acer\APPLIC~1\PC Tools
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.cat
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.inf
[03/10/2006|19:30] C:\DOCUME~1\acer\APPLIC~1\pcouffin.log
[03/10/2006|19:29] C:\DOCUME~1\acer\APPLIC~1\pcouffin.sys
[03/06/2006|17:57] C:\DOCUME~1\acer\APPLIC~1\Spybot - Search & Destroy
[03/06/2006|18:17] C:\DOCUME~1\acer\APPLIC~1\Sun
[03/06/2006|17:33] C:\DOCUME~1\acer\APPLIC~1\Symantec
[03/06/2006|18:08] C:\DOCUME~1\acer\APPLIC~1\Talkback
[20/02/2008|20:47] C:\DOCUME~1\acer\APPLIC~1\TeamViewer
[03/06/2006|18:06] C:\DOCUME~1\acer\APPLIC~1\TuneUp Software
[18/12/2007|00:36] C:\DOCUME~1\acer\APPLIC~1\vlc
[01/01/2008|17:20] C:\DOCUME~1\acer\APPLIC~1\Vso
[05/03/2007|02:57] C:\DOCUME~1\acer\APPLIC~1\Webroot
[03/03/2007|00:32] C:\DOCUME~1\acer\APPLIC~1\WinssCookie.txt
[18/12/2006|03:47] C:\DOCUME~1\acer\APPLIC~1\Yahoo!

[06/11/2006|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\118300.34
[15/02/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[28/01/2008|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[20/02/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[10/12/2006|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[03/06/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[16/12/2005|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[03/10/2006|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
[03/06/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[21/07/2008|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/05/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[09/04/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[06/08/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/07/2008|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/01/2008|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[30/11/2006|00:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/07/2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/06/2006|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07/08/2008|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[03/06/2006|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[05/03/2007|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
[04/06/2006|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml3.tmp
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml4.tmp
[21/05/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml5.tmp
[15/12/2006|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[16/12/2005|04:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[24/05/2006|02:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/05/2006|02:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/12/2005|03:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[28/01/2007|19:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[08/02/2007|20:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[05/03/2007|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

[05/03/2007|02:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[03/06/2006|20:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/08/2008 17:15][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[08/08/2008 10:39][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[24/05/2006|11:17] C:\Program Files\Acer
[08/07/2008|17:04] C:\Program Files\Adobe
[09/04/2007|10:10] C:\Program Files\AdSponsorCL
[28/01/2008|15:04] C:\Program Files\ahead
[16/07/2008|09:03] C:\Program Files\Alwil Software
[10/03/2008|01:37] C:\Program Files\ArcSoft
[06/06/2006|13:09] C:\Program Files\a-squared
[24/01/2007|11:59] C:\Program Files\BarreConfCMCIC
[03/02/2008|10:59] C:\Program Files\CA Yahoo! Anti-Spy
[05/12/2006|03:08] C:\Program Files\CCleaner
[21/05/2008|17:40] C:\Program Files\CDex
[30/09/2007|02:57] C:\Program Files\Copystar
[17/07/2008|11:36] C:\Program Files\Dictionnaire
[21/01/2008|02:21] C:\Program Files\DivX
[21/01/2008|02:21] C:\Program Files\checs
[03/08/2008|20:43] C:\Program Files\Fichiers communs
[17/02/2008|02:32] C:\Program Files\Free Easy Burner
[16/07/2008|17:47] C:\Program Files\gnubg
[25/07/2008|20:45] C:\Program Files\Google
[08/05/2008|16:30] C:\Program Files\IncrediMail
[25/07/2008|20:59] C:\Program Files\InstallShield Installation Information
[20/05/2007|07:25] C:\Program Files\Internet Explorer
[10/05/2007|16:26] C:\Program Files\Inventel
[23/07/2008|16:09] C:\Program Files\Java
[14/07/2008|02:05] C:\Program Files\Lavasoft
[02/06/2008|16:59] C:\Program Files\Lexmark 1200 Series
[07/12/2006|12:09] C:\Program Files\Lexmark 730 Series
[05/07/2008|23:18] C:\Program Files\LimeWire
[09/04/2008|17:33] C:\Program Files\Logitech
[10/12/2006|13:14] C:\Program Files\Lx_cats
[06/08/2008|22:32] C:\Program Files\Malwarebytes' Anti-Malware
[16/09/2007|19:14] C:\Program Files\Managed DirectX (0900)
[29/07/2008|02:10] C:\Program Files\Max PC Booster
[21/01/2008|02:21] C:\Program Files\Messenger
[30/09/2007|03:14] C:\Program Files\Micro Application
[16/06/2006|13:24] C:\Program Files\microsoft frontpage
[04/06/2006|16:39] C:\Program Files\Microsoft Office
[18/07/2006|10:29] C:\Program Files\Microsoft Visual Studio
[24/05/2006|02:33] C:\Program Files\Movie Maker
[08/08/2008|23:08] C:\Program Files\Mozilla Firefox
[16/12/2005|03:06] C:\Program Files\MSN
[24/05/2006|02:33] C:\Program Files\MSN Gaming Zone
[08/02/2007|14:27] C:\Program Files\MSN Messenger
[28/01/2008|15:08] C:\Program Files\Nero
[24/05/2006|02:34] C:\Program Files\NetMeeting
[16/06/2006|12:46] C:\Program Files\NewTech Infosystems
[03/04/2007|15:54] C:\Program Files\opspuwsr
[03/03/2007|17:12] C:\Program Files\Outlook Express
[21/01/2007|11:52] C:\Program Files\Paltalk Messenger
[27/05/2007|23:29] C:\Program Files\pasystem
[10/03/2007|18:03] C:\Program Files\QuickTime
[24/05/2006|02:36] C:\Program Files\Realtek
[21/05/2007|01:26] C:\Program Files\RegSupreme
[20/05/2007|02:58] C:\Program Files\Securitoo
[24/05/2006|02:36] C:\Program Files\Services en ligne
[30/07/2008|19:57] C:\Program Files\Soulseek
[25/07/2008|02:05] C:\Program Files\Trend Micro
[24/07/2008|02:00] C:\Program Files\Trillian
[25/07/2008|20:58] C:\Program Files\Trust
[16/12/2005|03:17] C:\Program Files\Uninstall Information
[16/07/2008|17:46] C:\Program Files\VisualRoute 2008
[03/10/2006|19:29] C:\Program Files\VSO
[20/05/2007|03:04] C:\Program Files\Wanadoo
[05/03/2007|02:59] C:\Program Files\Webroot
[21/01/2008|02:21] C:\Program Files\Windows Media Connect 2
[08/02/2007|12:34] C:\Program Files\Windows Media Player
[24/05/2006|02:36] C:\Program Files\Windows NT
[16/12/2005|03:07] C:\Program Files\WindowsUpdate
[16/12/2006|03:53] C:\Program Files\WinPcap
[14/07/2008|00:03] C:\Program Files\WinRAR
[01/01/2008|17:42] C:\Program Files\wnaspi32.dll
[24/05/2006|02:36] C:\Program Files\xerox
[12/06/2006|02:55] C:\Program Files\XP Codec Pack
[21/07/2008|00:32] C:\Program Files\Yahoo!
[21/06/2006|13:34] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[15/02/2008|03:16] C:\Program Files\Fichiers communs\Adobe
[28/01/2008|15:12] C:\Program Files\Fichiers communs\Ahead
[24/05/2006|11:18] C:\Program Files\Fichiers communs\ArcSoft
[16/06/2006|13:29] C:\Program Files\Fichiers communs\Designer
[12/06/2006|14:31] C:\Program Files\Fichiers communs\EPSON
[10/02/2008|20:50] C:\Program Files\Fichiers communs\eSellerate
[10/05/2007|16:26] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[24/05/2006|02:32] C:\Program Files\Fichiers communs\InstallShield
[16/12/2005|03:21] C:\Program Files\Fichiers communs\Java
[28/01/2008|15:16] C:\Program Files\Fichiers communs\LightScribe
[11/05/2008|10:06] C:\Program Files\Fichiers communs\Logishrd
[11/05/2008|09:56] C:\Program Files\Fichiers communs\Logitech
[09/04/2008|17:32] C:\Program Files\Fichiers communs\Microsoft Shared
[24/05/2006|02:32] C:\Program Files\Fichiers communs\MSSoap
[16/12/2005|03:20] C:\Program Files\Fichiers communs\muvee Technologies
[16/06/2006|12:46] C:\Program Files\Fichiers communs\NewTech Infosystems
[24/05/2006|02:32] C:\Program Files\Fichiers communs\ODBC
[25/07/2008|20:58] C:\Program Files\Fichiers communs\PCCamera
[29/01/2008|00:13] C:\Program Files\Fichiers communs\Scanner
[24/05/2006|02:32] C:\Program Files\Fichiers communs\Services
[24/05/2006|02:32] C:\Program Files\Fichiers communs\SpeechEngines
[03/03/2007|17:12] C:\Program Files\Fichiers communs\System
[22/07/2008|09:03] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 40 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\help list load]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\acer\\APPLIC~1\\TESTPU~1\\sectblah.exe -uninstall"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 23:28:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 111

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

[F:108][D:5]-> C:\DOCUME~1\acer\LOCALS~1\Temp
[F:142][D:0]-> C:\DOCUME~1\acer\Cookies
[F:5315][D:11]-> C:\DOCUME~1\acer\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 23:29:51,82



------------------------>>>> main2.txt <<<<----------------------------------------------


Deckard's System Scanner v20071014.68
Run by acer on 2008-08-08 23:38:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
8: 2008-08-08 21:38:30 UTC - RP791 - Deckard's System Scanner Restore Point
7: 2008-08-08 12:43:13 UTC - RP790 - Point de vérification système
6: 2008-08-07 11:59:30 UTC - RP789 - Point de vérification système
5: 2008-08-06 07:45:30 UTC - RP788 - Point de vérification système
4: 2008-08-04 22:50:03 UTC - RP787 - Deckard's System Scanner Restore Point

-- First Restore Point --
1: 2008-08-02 08:54:37 UTC - RP784 - Point de vérification système

Performed disk cleanup.

-- HijackThis (run as acer.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:43, on 08/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXCZPSWX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\acer\bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5947833E-3E8D-4278-D6C6-34D19F3B9F9A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\acer\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 33 / 45
Utilisateur anonyme
 
Re ,

Refais moi un scan avec Gmer , poste le rapport.

++
0
Réponse 34 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Salut,
Bon voilà le GMER du samedi soir !
Fievre ou espoir ?
LOL

Merci en tous cas.
Bye
Deniz

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-09 22:30:05
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA102C618] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA102C4D4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA102C9B2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA102C0AC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA102C5AE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA102BFEC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA102C050] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA102C6CE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA102C68E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA102C80E] <-- ROOTKIT !!!

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4450FF9F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 4450FF20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4450FF64 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4450FEAC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 4450FEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4450FFDA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2972] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A15D2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4450FF9F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 4450FF20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4450FF64 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4450FEAC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 4450FEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4450FFDA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A15D2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4450FF9F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 4450FF20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4450FF64 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4450FEAC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 4450FEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4450FFDA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A15D2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[4040] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3644] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.14 ----

Service (*** hidden *** ) YSNIFF <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\YSNIFF
Reg HKLM\SYSTEM\ControlSet003\Services\YSNIFF

---- EOF - GMER 1.0.14 ----
0
Réponse 35 / 45
Utilisateur anonyme
 
Re ,

ARg . .

Un dernier test après j'appelle de l'aide ,

Va dans : Démarrer > exécuter et tape : cmd puis clique sur OK.
Copie-colle chacune de ces ligne de commande & appuie sur la touche entrée à chaque fois pour valider la commande :

gmer -del reg "HKLM\SYSTEM\CurrentControlSet\Services\YSNIFF"

gmer -del reg "HKLM\SYSTEM\ControlSet003\Services\YSNIFF"

gmer -del service YSNIFF

Essaye ceci s'il te plait.

++
0
Réponse 36 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir
Les commandes passent bien

Désolé voilà le rapport :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-11 21:44:42
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA0730618] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA07304D4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA07309B2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA07300AC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA07305AE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA072FFEC] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA0730050] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA07306CE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA073068E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA073080E] <-- ROOTKIT !!!

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4450FF9F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 4450FF20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4450FF64 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4450FEAC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 4450FEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4450FFDA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1708] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A15D2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4450FF9F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 4450FF20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4450FF64 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4450FEAC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 4450FEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4450FFDA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2700] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A15D2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3052] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.14 ----

Service (*** hidden *** ) YSNIFF <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\YSNIFF
Reg HKLM\SYSTEM\ControlSet003\Services\YSNIFF

---- EOF - GMER 1.0.14 ----
0
Réponse 37 / 45
Utilisateur anonyme
 
Re ,
Laisse tomber YSNIFF est légitime ...

https://www.google.fr/search?q=YSNIFF&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a&gws_rd=ssl

Cela provient de Yahoo messenger.

Par contre il va falloir nettoyer les outils et tout , fait signe quand tu es dispo.

++
0
Réponse 38 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
J'étais aussi arrivé au paradis de l'intellectuel (https://intellectualheaven.com/
Ce prob je l'ai que sur une machine sur 2 , une à messenger 8.1.0249 (le prob) et l'autre 8.1.0421
Mais je n'explique pas le msg de avast, présent sur les 2 au même niveau ?
mais bon ?
C louche !!!
Merci de ton aide en tous cas. c quoi la proc pour les édésinstll" ?
Merci

Deniz
0
Réponse 39 / 45
Utilisateur anonyme
 
Re ,
C'est un faux positif .
Avast & Gmer le detecte en Rootkit parce qu'il est caché.

C'est de ma faute j'aurais du le vérifier bien avant mais en ce moment plus trop le temps ni la motivation pour la désinfection ....

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

++
0
Réponse 40 / 45
Chéri_e_2004 Messages postés 22 Statut Membre
 
Bonsoir,
Voilà le rapport

-->- Recherche:

C:\Lop SD: trouvé !
C:\Documents and Settings\acer\Bureau\Dss.exe: trouvé !
C:\Documents and Settings\acer\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\acer\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\acer\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\acer\Bureau\Dss.exe: supprimé !
C:\Documents and Settings\acer\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\acer\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS\Gmer.exe: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\acer\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0

Discussions similaires

Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses
"AMD a détecté un dépassement de délai du pilote"
XDA -
XDA -

16 réponses