Pop up ou Virus ADS [Résolu/Fermé]

Signaler
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013
-
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
-
Bonjour,
A chaque fois que je click sur un lien de mon moteur de recherche(google) j'ai des fenetres qui s'ouvre se nommant "ADS........"
Que faut-il faire ? SVP est-ce que quelqu'un peut m'aider.......
Je ne suis pas spécialiste en la matière !
Merci d'avance pour l'aide que vous m'apporterez!

System :Windows 98

17 réponses

Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
Bonjour,


Menu démarrer --> Panneau de configuration --> Ajout-Suppression de programmes

Désinstaller tout ce qui a trait a Eorezo, voici quelques exemples :

eorezo
eoWeather
eoEngine (3.4)


Redémarre l'ordinateur.

Supprime s'ils existent encore les répertoires résiduels :

C:\Program Files\eoRezo
ou autres ( fais une recherche ).

A+
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
404
Waaah Verni; mon parquet est un peu terne tu veux pas m´aider ?
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
D'accord, pendant ce temps, tu viens amuser les enfants. ils aiment bien les chatouilles. Lol
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
404
A l´occasion d´un vernissage; pourquoi pas ? :D
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

Merci pour l'aide mais je n'ai rien a ce niveau là??
Peut-on faire autrement?
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message.

A+
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:49, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\CreativesFiles\Plugins\RazaWebHook.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\zampaglione\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\CreativesFiles\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.53.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/3462/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD LT 2000i Fra\AcPreview.ocx
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABDF4AB-8982-4780-B0E4-6D1F95C2BDFB}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{F13316B7-2C69-4F0C-87BA-D7C8228ABAA9}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:49, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\CreativesFiles\Plugins\RazaWebHook.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\zampaglione\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\CreativesFiles\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.53.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/3462/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD LT 2000i Fra\AcPreview.ocx
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABDF4AB-8982-4780-B0E4-6D1F95C2BDFB}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{F13316B7-2C69-4F0C-87BA-D7C8228ABAA9}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:49, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\CreativesFiles\Plugins\RazaWebHook.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\zampaglione\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\CreativesFiles\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.53.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/3462/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD LT 2000i Fra\AcPreview.ocx
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ABDF4AB-8982-4780-B0E4-6D1F95C2BDFB}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{F13316B7-2C69-4F0C-87BA-D7C8228ABAA9}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}: NameServer = 85.255.113.131,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.131 85.255.112.146
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
Il y a déjà une première infection. Ta connexion est détournée vers un proxy ukrainien.

Ferme tous les programmes et télécharge FixWareout sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe

Lance le fix, suis les invites pour l’installation.
Une fois l’installation terminée, vérifie que l’option RunThisFix est bien côchée.

Le fix va ouvrir une fenêtre noire. Il te sera demandé d’appuyer sur une touche pour continuer.
A la fin de la recherche, ton ordinateur va redémarrer et sera plus long que d’habitude.

Après redémarrage, choisis ton compte. Le fix va continuer à travailler.
A la fin de la désinfection, un rapport va s’ouvrir.

Copie/Colle le contenu dans ton prochain message, ainsi qu'un nouveau ( un seul ) rapport Hijackthis.

A+
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

voici les 2 rapports

Username "zampaglione" - 18/08/2008 20:46:20 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdwec.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.131 85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{24CD1CAB-02A6-4076-B99B-A5EC9A2269CF}
"nameserver"="85.255.113.131,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4ABDF4AB-8982-4780-B0E4-6D1F95C2BDFB}
"nameserver"="85.255.113.131,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F13316B7-2C69-4F0C-87BA-D7C8228ABAA9}
"nameserver"="85.255.113.131,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4ABDF4AB-8982-4780-B0E4-6D1F95C2BDFB}
"DhcpNameServer"="85.255.113.131,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F13316B7-2C69-4F0C-87BA-D7C8228ABAA9}
"DhcpNameServer"="85.255.113.131,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F40F0325-E264-4190-8B25-6B2C7D0AFE01}
"DhcpNameServer"="85.255.113.131,85.255.112.146" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
C:\Casino Deleted
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdwec.ren 50688 13/06/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"EPSON Stylus DX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADE.EXE /P26 \"EPSON Stylus DX4800 Series\" /O6 \"USB002\" /M \"Stylus DX4800\""
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Nero DriveSpeed"="C:\\PROGRA~1\\Ahead\\NEROTO~1\\DRIVES~1.EXE"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AnumanLive"="C:\\Documents and Settings\\zampaglione\\Application Data\\Anuman Interactive\\AnumanLive\\AnumanLive.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
~~~~~ End report ~~~~~


Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:12, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\zampaglione\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\CreativesFiles\Plugins\RazaWebHook.dll
O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\zampaglione\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\CreativesFiles\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_v2.1.0.53.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/3462/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD LT 2000i Fra\AcPreview.ocx
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
Grand amateur de P2P ( emule, sharazea ) !!
Attention aux cracks, tu risques d'attrapé une infection bien plus embétante que celle de ton PC.

Je remarque que tu as installé le sponsor de MSN.

Télécharge LopS&D.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Installe le logiciel.
Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel
Tu choisis la langue et l'option 1 pour effectuer la recherche.
A la fin de la recherche, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt.
Tu posteras ce rapport dans le prochain message.

A+
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : zampaglione ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 18/08/2008 | 21:24:07 ] [ PC : SOTO (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[02/09/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
[27/08/2007|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
[09/03/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/03/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
[03/07/2005|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/09/2006|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[28/07/2005|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[16/05/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[30/09/2002|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/07/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[06/07/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[01/05/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
[19/09/2006|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/03/2008|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/10/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[17/04/2008|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
[08/09/2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx34.tmp
[30/04/2005|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[05/03/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[28/12/2005|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/05/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[12/05/2008|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[20/07/2007|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[07/11/2004|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[04/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[25/12/2005|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[28/05/2007|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[29/07/2004|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/03/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
[30/09/2002|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[16/03/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[25/02/2008|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[25/05/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[14/10/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[10/11/2005|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[19/11/2005|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[13/06/2005|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[28/12/2005|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/03/2007|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[11/03/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2006|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[15/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[19/09/2007|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[11/03/2006|16:36] C:\DOCUME~1\brignon\APPLIC~1\3M
[06/11/2006|14:14] C:\DOCUME~1\brignon\APPLIC~1\Adobe
[06/11/2006|14:11] C:\DOCUME~1\brignon\APPLIC~1\AdobeDLM.log
[31/01/2006|15:56] C:\DOCUME~1\brignon\APPLIC~1\AdobeUM
[03/10/2004|22:11] C:\DOCUME~1\brignon\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\brignon\APPLIC~1\desktop.ini
[06/11/2006|14:11] C:\DOCUME~1\brignon\APPLIC~1\dm.ini
[20/03/2006|14:42] C:\DOCUME~1\brignon\APPLIC~1\EPSON
[06/11/2006|18:50] C:\DOCUME~1\brignon\APPLIC~1\Google
[04/12/2004|19:55] C:\DOCUME~1\brignon\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\brignon\APPLIC~1\Identities
[25/04/2005|21:56] C:\DOCUME~1\brignon\APPLIC~1\Kazaa Lite
[05/07/2006|22:42] C:\DOCUME~1\brignon\APPLIC~1\Leadertech
[23/02/2005|23:05] C:\DOCUME~1\brignon\APPLIC~1\Macromedia
[11/03/2007|14:03] C:\DOCUME~1\brignon\APPLIC~1\Microsoft
[11/03/2007|14:01] C:\DOCUME~1\brignon\APPLIC~1\Mozilla
[11/03/2007|14:01] C:\DOCUME~1\brignon\APPLIC~1\Nvu
[11/03/2007|13:59] C:\DOCUME~1\brignon\APPLIC~1\Propellerhead Software
[23/08/2005|00:59] C:\DOCUME~1\brignon\APPLIC~1\Real
[05/07/2006|22:42] C:\DOCUME~1\brignon\APPLIC~1\Sonic
[30/05/2007|22:04] C:\DOCUME~1\brignon\APPLIC~1\Sun
[16/02/2008|18:56] C:\DOCUME~1\brignon\APPLIC~1\Symantec
[04/07/2006|19:57] C:\DOCUME~1\brignon\APPLIC~1\yahoo!

[30/09/2002|12:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|13:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/09/2002|12:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[29/07/2004|09:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[26/12/2007|13:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[25/07/2007|18:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/05/2006|18:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[27/09/2006|13:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/03/2006|22:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec


[11/03/2006|04:22] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\3M
[24/04/2007|20:46] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\7Wonders
[27/08/2007|17:42] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Ableton
[04/08/2008|15:10] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Adobe
[07/09/2007|23:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\AdobeUM
[15/05/2008|18:32] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Anuman Interactive
[03/10/2004|14:53] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Autodesk
[10/02/2007|14:59] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\BonkEnc
[02/04/2007|20:16] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Boomzap
[26/04/2008|22:28] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CaribbeanHideaway
[02/10/2004|17:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\desktop.ini
[24/09/2007|21:54] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\DivX
[16/11/2004|18:36] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\DVD Shrink
[06/11/2005|21:38] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\EA
[19/11/2005|13:47] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\EPSON
[06/07/2007|17:07] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\ESTsoft
[16/04/2008|21:18] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[26/02/2006|20:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Google
[02/10/2004|20:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Help
[10/06/2008|23:02] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Identities
[18/10/2007|20:31] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\iWin
[02/02/2005|22:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Kazaa Lite
[04/11/2004|00:04] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Leadertech
[02/02/2005|22:00] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Macromedia
[13/11/2004|15:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Magix
[05/03/2008|20:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Malwarebytes
[29/05/2008|00:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Microsoft
[23/07/2007|18:24] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Mozilla
[10/01/2008|14:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\MSN6
[02/11/2006|21:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\NetMedia Providers
[10/02/2007|22:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Nvu
[13/04/2008|16:09] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Oberon Media
[28/05/2007|13:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Propellerhead Software
[04/11/2006|20:14] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Publish Providers
[01/05/2008|20:10] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Real
[17/03/2007|21:16] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\River Past G5
[13/02/2007|22:06] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Serif
[14/01/2008|22:53] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Shareaza
[04/11/2004|00:04] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sonic
[01/11/2006|22:11] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sonic Foundry
[08/05/2005|10:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sony
[26/02/2008|19:47] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sony Setup
[15/03/2006|19:07] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\STOIK
[30/05/2007|22:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sun
[16/02/2008|19:08] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Symantec
[14/08/2008|23:56] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Viewpoint
[07/10/2007|17:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\vlc
[15/02/2008|17:45] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinButler
[11/11/2007|18:32] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinRAR
[15/08/2008|23:52] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\yahoo!
[10/06/2008|23:02] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Zylom

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/08/2008 21:00][--ah-----] C:\WINDOWS\tasks\AE99FFB2918A710E.job
[18/08/2008 20:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AE99FFB2918A710E.job )=( c:\docume~1\zampag~1\applic~1\webant~1\CAMPAUDIOFIVE.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/03/2007|14:25] C:\Program Files\3B Software
[27/06/2008|12:25] C:\Program Files\Adobe
[02/10/2004|17:10] C:\Program Files\Ahead
[14/02/2008|23:46] C:\Program Files\Alwil Software
[11/03/2008|19:21] C:\Program Files\AOL 8.0
[29/07/2004|09:41] C:\Program Files\AOL Compagnon
[10/09/2006|21:40] C:\Program Files\APLI-AGIPA
[03/05/2008|13:22] C:\Program Files\ARCHPR
[02/07/2007|18:26] C:\Program Files\Audacity
[26/04/2007|18:31] C:\Program Files\AutoCAD LT 2000i Fra
[26/02/2008|19:47] C:\Program Files\BestPractice
[08/06/2007|17:08] C:\Program Files\BonkEnc
[20/06/2008|13:38] C:\Program Files\Casino Network Euro
[18/07/2008|21:53] C:\Program Files\Conduit
[29/07/2004|09:42] C:\Program Files\CyberLink
[15/01/2008|21:29] C:\Program Files\directx
[15/08/2008|23:52] C:\Program Files\DivX
[08/07/2007|22:54] C:\Program Files\DVD SHRINK
[12/03/2008|19:10] C:\Program Files\Elaborate Bytes
[04/08/2008|15:18] C:\Program Files\Empire Interactive
[27/01/2008|15:55] C:\Program Files\epson
[06/07/2007|17:05] C:\Program Files\ESTsoft
[26/09/2005|15:46] C:\Program Files\fdjeux
[05/02/2005|11:22] C:\Program Files\Feurio
[27/06/2008|20:21] C:\Program Files\Fichiers communs
[10/03/2008|22:11] C:\Program Files\Google
[02/09/2007|00:52] C:\Program Files\Image-Line
[04/08/2008|15:18] C:\Program Files\InstallShield Installation Information
[14/08/2008|14:13] C:\Program Files\Internet Explorer
[24/03/2008|17:05] C:\Program Files\Java
[05/08/2008|10:41] C:\Program Files\Las Vegas Casino
[08/09/2006|16:31] C:\Program Files\Logitech
[05/03/2008|20:34] C:\Program Files\Malwarebytes' Anti-Malware
[14/08/2008|14:17] C:\Program Files\Messenger
[11/03/2008|19:49] C:\Program Files\MessengerPlus! 3
[30/07/2005|11:13] C:\Program Files\MGI
[25/11/2007|18:38] C:\Program Files\Micro Application
[09/05/2007|12:11] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[30/09/2002|13:05] C:\Program Files\microsoft frontpage
[02/10/2004|17:03] C:\Program Files\Microsoft Office
[18/05/2008|12:12] C:\Program Files\Microsoft Picture It! PhotoPub
[29/07/2004|09:46] C:\Program Files\Microsoft Works
[30/05/2008|18:23] C:\Program Files\Mio DigiWalker
[18/08/2008|09:38] C:\Program Files\Mon Logiciel Gratuit
[07/04/2008|17:58] C:\Program Files\monAlbumPhoto
[17/02/2007|00:57] C:\Program Files\Movie Maker
[30/09/2002|13:00] C:\Program Files\MSN
[30/09/2002|13:00] C:\Program Files\MSN Gaming Zone
[20/06/2007|22:11] C:\Program Files\MyWebSearchWB
[04/01/2008|21:50] C:\Program Files\NaturalSoft
[20/07/2007|12:24] C:\Program Files\NETGEAR
[04/02/2005|14:57] C:\Program Files\NetMeeting
[27/01/2008|15:53] C:\Program Files\Neuf
[30/01/2008|22:47] C:\Program Files\neuf_VOD
[29/07/2004|09:41] C:\Program Files\Nullsoft
[03/05/2008|13:22] C:\Program Files\Oberon Media
[13/06/2007|17:39] C:\Program Files\Outlook Express
[04/08/2005|17:52] C:\Program Files\Oxilog
[27/06/2008|20:21] C:\Program Files\phelios
[07/11/2007|20:04] C:\Program Files\Propellerhead
[18/11/2004|18:23] C:\Program Files\QuinqSoft
[04/11/2005|21:30] C:\Program Files\Real
[28/05/2007|13:23] C:\Program Files\Recycle
[20/07/2008|19:02] C:\Program Files\ReflexiveArcade
[16/04/2008|19:50] C:\Program Files\Sectors of Death
[16/05/2008|23:05] C:\Program Files\Secured_eMule
[30/09/2002|13:00] C:\Program Files\Services en ligne
[14/01/2008|21:16] C:\Program Files\Shareaza
[17/01/2008|13:10] C:\Program Files\Shareaza Applications
[23/06/2008|18:01] C:\Program Files\shockwave.com
[23/02/2005|13:35] C:\Program Files\shrink francais
[29/07/2004|09:44] C:\Program Files\Sonic
[12/03/2008|19:09] C:\Program Files\Sony
[26/02/2008|19:47] C:\Program Files\Sony Setup
[16/03/2005|19:13] C:\Program Files\temp
[19/04/2008|18:59] C:\Program Files\THQ
[19/04/2008|19:10] C:\Program Files\titan quest
[18/08/2008|20:28] C:\Program Files\Trend Micro
[08/07/2008|18:15] C:\Program Files\Trymedia
[25/02/2006|13:56] C:\Program Files\Ubi Soft
[05/08/2008|10:04] C:\Program Files\ULTRANIUM 5 DEMO
[30/09/2002|13:09] C:\Program Files\Uninstall Information
[29/07/2004|09:41] C:\Program Files\Viewpoint
[26/02/2008|19:54] C:\Program Files\Vstplugins
[11/07/2007|20:28] C:\Program Files\Winamp
[11/03/2008|20:08] C:\Program Files\Windows Live
[27/01/2008|15:53] C:\Program Files\Windows Live Toolbar
[02/10/2004|17:19] C:\Program Files\Windows Media Components
[26/04/2008|20:12] C:\Program Files\Windows Media Connect 2
[26/04/2008|20:12] C:\Program Files\Windows Media Player
[04/02/2005|14:57] C:\Program Files\Windows NT
[02/02/2005|21:42] C:\Program Files\WindowsUpdate
[12/11/2007|19:31] C:\Program Files\WinRAR
[16/11/2004|18:41] C:\Program Files\WinZip
[30/09/2002|13:05] C:\Program Files\xerox
[20/07/2007|17:57] C:\Program Files\Yahoo!
[09/11/2005|21:04] C:\Program Files\Zuma Deluxe

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/03/2008|22:13] C:\Program Files\Fichiers communs\Adobe
[29/07/2004|09:40] C:\Program Files\Fichiers communs\AOL
[29/07/2004|09:41] C:\Program Files\Fichiers communs\aolshare
[02/10/2004|20:14] C:\Program Files\Fichiers communs\Autodesk Shared
[02/10/2004|17:03] C:\Program Files\Fichiers communs\Designer
[19/11/2005|13:39] C:\Program Files\Fichiers communs\InstallShield
[30/05/2007|21:56] C:\Program Files\Fichiers communs\Java
[08/09/2006|16:32] C:\Program Files\Fichiers communs\Logitech
[03/05/2005|21:46] C:\Program Files\Fichiers communs\Macrovision Shared
[14/01/2006|18:09] C:\Program Files\Fichiers communs\MAGIX Shared
[30/07/2005|11:13] C:\Program Files\Fichiers communs\MGI Shared
[09/04/2005|14:29] C:\Program Files\Fichiers communs\Micro Application Shared
[11/03/2008|20:07] C:\Program Files\Fichiers communs\Microsoft Shared
[30/09/2002|13:02] C:\Program Files\Fichiers communs\MSSoap
[03/05/2008|13:22] C:\Program Files\Fichiers communs\Oberon Media
[30/09/2002|12:55] C:\Program Files\Fichiers communs\ODBC
[13/09/2007|18:40] C:\Program Files\Fichiers communs\Real
[11/03/2008|18:55] C:\Program Files\Fichiers communs\Services
[30/09/2002|12:55] C:\Program Files\Fichiers communs\SpeechEngines
[29/07/2004|09:44] C:\Program Files\Fichiers communs\SureThing Shared
[27/06/2008|20:21] C:\Program Files\Fichiers communs\SWF Studio
[25/02/2008|18:17] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|17:39] C:\Program Files\Fichiers communs\System
[29/07/2004|09:41] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[08/05/2005|10:41] C:\Program Files\Fichiers communs\Vbox
[11/03/2008|20:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/09/2007|18:40] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 44 Processus )

iexplore.exe ~ [PID:2776] ~ [Threads:29]
MsgPlus.exe ~ [PID:3176] ~ [Threads:1]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CaribbeanHideaway
C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CaribbeanHideaway\profiles.cs.dso
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertstream[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@adultfriendfinder[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertising-light[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertising[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@banner.cotedazurpalace[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@cotedazurpalace[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@adopt.euroclick[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@partypoker[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@banner.32vegas[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@fr.crazyvegascasino[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@promo.vegasred[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@vegas7casino[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@vegasred[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegas7casino[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasaffiliates[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasred[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasslotcasino[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www2.vegasslotcasino[1].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@2xmoinscher[2].txt
C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.2xmoinscher[1].txt
C:\WINDOWS\Tasks\AE99FFB2918A710E.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 21:25:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.tmp
[b]==> VUNDO <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinButler

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ZAMPAG~1\Recent\Cradle Of Rome Crack.rar.lnk


[F:320][D:32]-> C:\DOCUME~1\ZAMPAG~1\LOCALS~1\Temp
[F:1248][D:0]-> C:\DOCUME~1\ZAMPAG~1\Cookies
[F:179][D:8]-> C:\DOCUME~1\ZAMPAG~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 21:28:20,79
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
1) Relance le logiciel LopS&D.

Choisis l'option 3 pour supprimer l'infection.
A la fin du nettoyage, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt. Tu posteras ce rapport dans le prochain message.

Désinstalle LopS&D par la panneau de configuration et Ajout/Suppression de programmes.
Puis redémarre l'ordinateur.

Une info sur cette infection ( pages de pubs )
On attrape ces pubs via justement des bannières de publicités sur des pages Webs ou en installant certains logiciels comme :
* BitDownload
* BitGrabber
* BitRoll
* MessengerPlus! 3 sous le nom de sponsors
* Messenger Plus! Live sous le nom de sponsors
* NetPumper
* TorrentQ
* Torrent101

2) Télécharge VundoFix sur ton bureau :
http://www.atribune.org/ccount/click.php?id=4

Double-clique sur VundoFix.exe pour le lancer.
Clique sur Scan For Vundo pour lancer la recherche.

Une fois la recherche terminée, clique sur Remove Vundo uniquement si il ya des fichiers infectieux.
Il te sera alors demandé de supprimer les fichiers. Clique sur YES.

Ton PC va redémarrer.

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse.

A+
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

Voici le 1er


--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : zampaglione ] [ "C:\Lop SD" ] [ Selection : 3 ]
[ 18/08/2008 | 21:41:55 ] [ PC : SOTO (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CaribbeanHideaway\profiles.cs.dso
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertstream[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertising-light[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@advertising[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@banner.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@partypoker[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@banner.32vegas[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@fr.crazyvegascasino[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@promo.vegasred[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@vegas7casino[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@vegasred[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegas7casino[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasred[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.vegasslotcasino[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www2.vegasslotcasino[1].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\ZAMPAG~1\Cookies\zampaglione@www.2xmoinscher[1].txt
Supprime! - C:\WINDOWS\Tasks\AE99FFB2918A710E.job
Supprime! - C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CaribbeanHideaway

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[02/09/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
[27/08/2007|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
[09/03/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/03/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
[03/07/2005|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/09/2006|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[28/07/2005|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[16/05/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[30/09/2002|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/07/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[06/07/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[01/05/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games
[19/09/2006|22:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/03/2008|23:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/10/2005|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[17/04/2008|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
[08/09/2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ISx34.tmp
[30/04/2005|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[05/03/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[28/12/2005|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/05/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[12/05/2008|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[20/07/2007|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[07/11/2004|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[04/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[25/12/2005|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[28/05/2007|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[29/07/2004|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/03/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
[30/09/2002|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[16/03/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[25/02/2008|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[25/05/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[14/10/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[10/11/2005|00:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[19/11/2005|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[28/12/2005|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/03/2007|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[11/03/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2006|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[15/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[19/09/2007|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[11/03/2006|16:36] C:\DOCUME~1\brignon\APPLIC~1\3M
[06/11/2006|14:14] C:\DOCUME~1\brignon\APPLIC~1\Adobe
[06/11/2006|14:11] C:\DOCUME~1\brignon\APPLIC~1\AdobeDLM.log
[31/01/2006|15:56] C:\DOCUME~1\brignon\APPLIC~1\AdobeUM
[03/10/2004|22:11] C:\DOCUME~1\brignon\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\brignon\APPLIC~1\desktop.ini
[06/11/2006|14:11] C:\DOCUME~1\brignon\APPLIC~1\dm.ini
[20/03/2006|14:42] C:\DOCUME~1\brignon\APPLIC~1\EPSON
[06/11/2006|18:50] C:\DOCUME~1\brignon\APPLIC~1\Google
[04/12/2004|19:55] C:\DOCUME~1\brignon\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\brignon\APPLIC~1\Identities
[25/04/2005|21:56] C:\DOCUME~1\brignon\APPLIC~1\Kazaa Lite
[05/07/2006|22:42] C:\DOCUME~1\brignon\APPLIC~1\Leadertech
[23/02/2005|23:05] C:\DOCUME~1\brignon\APPLIC~1\Macromedia
[11/03/2007|14:03] C:\DOCUME~1\brignon\APPLIC~1\Microsoft
[11/03/2007|14:01] C:\DOCUME~1\brignon\APPLIC~1\Mozilla
[11/03/2007|14:01] C:\DOCUME~1\brignon\APPLIC~1\Nvu
[11/03/2007|13:59] C:\DOCUME~1\brignon\APPLIC~1\Propellerhead Software
[23/08/2005|00:59] C:\DOCUME~1\brignon\APPLIC~1\Real
[05/07/2006|22:42] C:\DOCUME~1\brignon\APPLIC~1\Sonic
[30/05/2007|22:04] C:\DOCUME~1\brignon\APPLIC~1\Sun
[16/02/2008|18:56] C:\DOCUME~1\brignon\APPLIC~1\Symantec
[04/07/2006|19:57] C:\DOCUME~1\brignon\APPLIC~1\yahoo!

[30/09/2002|12:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|13:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/09/2002|12:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[29/07/2004|09:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

[26/12/2007|13:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[25/07/2007|18:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/05/2006|18:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec

[27/09/2006|13:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/03/2006|22:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec


[11/03/2006|04:22] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\3M
[24/04/2007|20:46] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\7Wonders
[27/08/2007|17:42] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Ableton
[04/08/2008|15:10] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Adobe
[07/09/2007|23:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\AdobeUM
[15/05/2008|18:32] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Anuman Interactive
[03/10/2004|14:53] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Autodesk
[10/02/2007|14:59] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\BonkEnc
[02/04/2007|20:16] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Boomzap
[02/10/2004|17:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\desktop.ini
[24/09/2007|21:54] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\DivX
[16/11/2004|18:36] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\DVD Shrink
[06/11/2005|21:38] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\EA
[19/11/2005|13:47] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\EPSON
[06/07/2007|17:07] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\ESTsoft
[16/04/2008|21:18] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[26/02/2006|20:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Google
[02/10/2004|20:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Help
[10/06/2008|23:02] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Identities
[18/10/2007|20:31] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\iWin
[02/02/2005|22:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Kazaa Lite
[04/11/2004|00:04] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Leadertech
[02/02/2005|22:00] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Macromedia
[13/11/2004|15:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Magix
[05/03/2008|20:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Malwarebytes
[29/05/2008|00:15] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Microsoft
[23/07/2007|18:24] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Mozilla
[10/01/2008|14:13] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\MSN6
[02/11/2006|21:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\NetMedia Providers
[10/02/2007|22:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Nvu
[13/04/2008|16:09] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Oberon Media
[28/05/2007|13:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Propellerhead Software
[04/11/2006|20:14] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Publish Providers
[01/05/2008|20:10] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Real
[17/03/2007|21:16] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\River Past G5
[13/02/2007|22:06] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Serif
[14/01/2008|22:53] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Shareaza
[04/11/2004|00:04] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sonic
[01/11/2006|22:11] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sonic Foundry
[08/05/2005|10:34] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sony
[26/02/2008|19:47] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sony Setup
[15/03/2006|19:07] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\STOIK
[30/05/2007|22:19] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Sun
[16/02/2008|19:08] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Symantec
[07/10/2007|17:41] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\vlc
[15/02/2008|17:45] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinButler
[11/11/2007|18:32] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinRAR
[15/08/2008|23:52] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\yahoo!
[10/06/2008|23:02] C:\DOCUME~1\ZAMPAG~1\APPLIC~1\Zylom

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/08/2008 20:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/03/2007|14:25] C:\Program Files\3B Software
[27/06/2008|12:25] C:\Program Files\Adobe
[02/10/2004|17:10] C:\Program Files\Ahead
[14/02/2008|23:46] C:\Program Files\Alwil Software
[11/03/2008|19:21] C:\Program Files\AOL 8.0
[29/07/2004|09:41] C:\Program Files\AOL Compagnon
[10/09/2006|21:40] C:\Program Files\APLI-AGIPA
[03/05/2008|13:22] C:\Program Files\ARCHPR
[02/07/2007|18:26] C:\Program Files\Audacity
[26/04/2007|18:31] C:\Program Files\AutoCAD LT 2000i Fra
[26/02/2008|19:47] C:\Program Files\BestPractice
[08/06/2007|17:08] C:\Program Files\BonkEnc
[20/06/2008|13:38] C:\Program Files\Casino Network Euro
[18/07/2008|21:53] C:\Program Files\Conduit
[29/07/2004|09:42] C:\Program Files\CyberLink
[15/01/2008|21:29] C:\Program Files\directx
[15/08/2008|23:52] C:\Program Files\DivX
[08/07/2007|22:54] C:\Program Files\DVD SHRINK
[12/03/2008|19:10] C:\Program Files\Elaborate Bytes
[04/08/2008|15:18] C:\Program Files\Empire Interactive
[27/01/2008|15:55] C:\Program Files\epson
[06/07/2007|17:05] C:\Program Files\ESTsoft
[26/09/2005|15:46] C:\Program Files\fdjeux
[05/02/2005|11:22] C:\Program Files\Feurio
[27/06/2008|20:21] C:\Program Files\Fichiers communs
[10/03/2008|22:11] C:\Program Files\Google
[02/09/2007|00:52] C:\Program Files\Image-Line
[04/08/2008|15:18] C:\Program Files\InstallShield Installation Information
[14/08/2008|14:13] C:\Program Files\Internet Explorer
[24/03/2008|17:05] C:\Program Files\Java
[05/08/2008|10:41] C:\Program Files\Las Vegas Casino
[08/09/2006|16:31] C:\Program Files\Logitech
[05/03/2008|20:34] C:\Program Files\Malwarebytes' Anti-Malware
[14/08/2008|14:17] C:\Program Files\Messenger
[11/03/2008|19:49] C:\Program Files\MessengerPlus! 3
[30/07/2005|11:13] C:\Program Files\MGI
[25/11/2007|18:38] C:\Program Files\Micro Application
[09/05/2007|12:11] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[30/09/2002|13:05] C:\Program Files\microsoft frontpage
[02/10/2004|17:03] C:\Program Files\Microsoft Office
[18/05/2008|12:12] C:\Program Files\Microsoft Picture It! PhotoPub
[29/07/2004|09:46] C:\Program Files\Microsoft Works
[30/05/2008|18:23] C:\Program Files\Mio DigiWalker
[18/08/2008|09:38] C:\Program Files\Mon Logiciel Gratuit
[07/04/2008|17:58] C:\Program Files\monAlbumPhoto
[17/02/2007|00:57] C:\Program Files\Movie Maker
[30/09/2002|13:00] C:\Program Files\MSN
[30/09/2002|13:00] C:\Program Files\MSN Gaming Zone
[20/06/2007|22:11] C:\Program Files\MyWebSearchWB
[04/01/2008|21:50] C:\Program Files\NaturalSoft
[20/07/2007|12:24] C:\Program Files\NETGEAR
[04/02/2005|14:57] C:\Program Files\NetMeeting
[27/01/2008|15:53] C:\Program Files\Neuf
[30/01/2008|22:47] C:\Program Files\neuf_VOD
[29/07/2004|09:41] C:\Program Files\Nullsoft
[03/05/2008|13:22] C:\Program Files\Oberon Media
[13/06/2007|17:39] C:\Program Files\Outlook Express
[04/08/2005|17:52] C:\Program Files\Oxilog
[27/06/2008|20:21] C:\Program Files\phelios
[07/11/2007|20:04] C:\Program Files\Propellerhead
[18/11/2004|18:23] C:\Program Files\QuinqSoft
[04/11/2005|21:30] C:\Program Files\Real
[28/05/2007|13:23] C:\Program Files\Recycle
[20/07/2008|19:02] C:\Program Files\ReflexiveArcade
[16/04/2008|19:50] C:\Program Files\Sectors of Death
[16/05/2008|23:05] C:\Program Files\Secured_eMule
[30/09/2002|13:00] C:\Program Files\Services en ligne
[14/01/2008|21:16] C:\Program Files\Shareaza
[17/01/2008|13:10] C:\Program Files\Shareaza Applications
[23/06/2008|18:01] C:\Program Files\shockwave.com
[23/02/2005|13:35] C:\Program Files\shrink francais
[29/07/2004|09:44] C:\Program Files\Sonic
[12/03/2008|19:09] C:\Program Files\Sony
[26/02/2008|19:47] C:\Program Files\Sony Setup
[16/03/2005|19:13] C:\Program Files\temp
[19/04/2008|18:59] C:\Program Files\THQ
[19/04/2008|19:10] C:\Program Files\titan quest
[18/08/2008|20:28] C:\Program Files\Trend Micro
[08/07/2008|18:15] C:\Program Files\Trymedia
[25/02/2006|13:56] C:\Program Files\Ubi Soft
[05/08/2008|10:04] C:\Program Files\ULTRANIUM 5 DEMO
[30/09/2002|13:09] C:\Program Files\Uninstall Information
[26/02/2008|19:54] C:\Program Files\Vstplugins
[11/07/2007|20:28] C:\Program Files\Winamp
[11/03/2008|20:08] C:\Program Files\Windows Live
[27/01/2008|15:53] C:\Program Files\Windows Live Toolbar
[02/10/2004|17:19] C:\Program Files\Windows Media Components
[26/04/2008|20:12] C:\Program Files\Windows Media Connect 2
[26/04/2008|20:12] C:\Program Files\Windows Media Player
[04/02/2005|14:57] C:\Program Files\Windows NT
[02/02/2005|21:42] C:\Program Files\WindowsUpdate
[12/11/2007|19:31] C:\Program Files\WinRAR
[16/11/2004|18:41] C:\Program Files\WinZip
[30/09/2002|13:05] C:\Program Files\xerox
[20/07/2007|17:57] C:\Program Files\Yahoo!
[09/11/2005|21:04] C:\Program Files\Zuma Deluxe

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/03/2008|22:13] C:\Program Files\Fichiers communs\Adobe
[29/07/2004|09:40] C:\Program Files\Fichiers communs\AOL
[29/07/2004|09:41] C:\Program Files\Fichiers communs\aolshare
[02/10/2004|20:14] C:\Program Files\Fichiers communs\Autodesk Shared
[02/10/2004|17:03] C:\Program Files\Fichiers communs\Designer
[19/11/2005|13:39] C:\Program Files\Fichiers communs\InstallShield
[30/05/2007|21:56] C:\Program Files\Fichiers communs\Java
[08/09/2006|16:32] C:\Program Files\Fichiers communs\Logitech
[03/05/2005|21:46] C:\Program Files\Fichiers communs\Macrovision Shared
[14/01/2006|18:09] C:\Program Files\Fichiers communs\MAGIX Shared
[30/07/2005|11:13] C:\Program Files\Fichiers communs\MGI Shared
[09/04/2005|14:29] C:\Program Files\Fichiers communs\Micro Application Shared
[11/03/2008|20:07] C:\Program Files\Fichiers communs\Microsoft Shared
[30/09/2002|13:02] C:\Program Files\Fichiers communs\MSSoap
[03/05/2008|13:22] C:\Program Files\Fichiers communs\Oberon Media
[30/09/2002|12:55] C:\Program Files\Fichiers communs\ODBC
[13/09/2007|18:40] C:\Program Files\Fichiers communs\Real
[11/03/2008|18:55] C:\Program Files\Fichiers communs\Services
[30/09/2002|12:55] C:\Program Files\Fichiers communs\SpeechEngines
[29/07/2004|09:44] C:\Program Files\Fichiers communs\SureThing Shared
[27/06/2008|20:21] C:\Program Files\Fichiers communs\SWF Studio
[25/02/2008|18:17] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|17:39] C:\Program Files\Fichiers communs\System
[29/07/2004|09:41] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[08/05/2005|10:41] C:\Program Files\Fichiers communs\Vbox
[11/03/2008|20:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/09/2007|18:40] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 44 Processus )

MsgPlus.exe ~ [PID:3176] ~ [Threads:1]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 21:43:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.tmp
[b]==> VUNDO <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\ZAMPAG~1\APPLIC~1\WinButler

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ZAMPAG~1\Recent\Cradle Of Rome Crack.rar.lnk


[F:320][D:32]-> C:\DOCUME~1\ZAMPAG~1\LOCALS~1\Temp
[F:1228][D:0]-> C:\DOCUME~1\ZAMPAG~1\Cookies
[F:339][D:8]-> C:\DOCUME~1\ZAMPAG~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 21:44:26,35
Pour le Vundofix. il n'y aucun rapport puisuq'il n'ya aucune infection.
Je pense que c'est bon tout fonctionne normalement !!! merci du coup de main qui facilite la vie de nouveau !!
merci BEÄUCOUP !!!!
@+
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
Attends, ce n'est pas terminé.
regarde la fin du rapport LopS&D.

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nqstv.tmp
[b]==> VUNDO <==/b


Je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.
Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.

A+
Messages postés
98
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
10 avril 2013

Voici le rapport : effectivement il y avait 10 infections.................... merci encore

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1070
Windows 5.1.2600 Service Pack 3

14:57:29 19/08/2008
mbam-log-08-19-2008 (14-57-29).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 191274
Temps écoulé: 2 hour(s), 45 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\zampaglione\Local Settings\Temp\GLK22.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\zampaglione\Local Settings\Temp\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP93\A0074594.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\zampaglione\Local Settings\Temp\inst2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
178
1) Poste un nouveau rapport Hijackthis.

2) Puis, tu vas télécharger ComBoFix sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu ) et déconnecte toi d'Internet.

Lance Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

Réactive les protections de ton PC.

A+