Sujet Précédent Sujet Suivant

Probléme trojan!

yoap Messages postés 16 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai depuis quelques temps un irréductible trojan qui ne veut pas disparaitre malgré l 'utilisation de spybot, Avg antispyware et ayant comme antivirus Antivir qui me le détecte quand j'allume le Pc ou quand je mets un programme en route par exemple, j'ai l'impression qui réduit la capacité de mon pc petit à petit, mais peut-être qu'il n'y a pas que cela.
Ce trojan ce nomme " TR/BHO.czo", son emplacement est c:\windows\system32\nss24D.dll . Mais je ne le trouve pas dans system32.
J'ai essayer avec antivir de le neutraliser, bloquer, effacer mais rien n'y fait.
Si quelqu'un peut m'aider pour m'en débarrasser, cela serait sympa, merci.
A voir également:

20 réponses

Réponse 1 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

télécharge ceci

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

L'installation ne donne pas de grande difficulté, elle ne sera pas détaillée.
Cependant à l'issu de l'installation, il est conseillé de laisser l'option Update Malwarebyte's Anti-Malware cochée afin d'effectuer une mise à jour de la définition virale.

•• Pour démarrer Malwarebyte's Anti-Malware, double-cliquez sur l'icône créée sur le bureau.

Afin de supprimer un maximum d'infections, il convient de redémarrer votre ordinateur en mode sans échec, pour cela suivez les instructions de cette page : Redémarrer en mode sans échec

Démarrer Malwarebyte's Anti-Malware, vous devez avoir une icône sur le bureau.

Sinon cliquez sur le menu Démarrer / Programmes / Malwarebyte's Anti-Malware / Malwarebyte's Anti-Malware

*• Sélectionnez Perform full scan puis cliquez sur le bouton Scan pour lancer le scan.

* •Laissez vos disques dur cochés, vous pouvez décochez le lecteur de disquette et CD-Rom
* •Cliquez sur le bouton Start Scan pour démarrer le scan.

Le scan s'effectue... les éléments scannés défilent en haut.

* •Objet scanned correspond au nombre d'éléments scannés.
* •Objets infected correspond au nombre d'éléments malicieux détectés.

Laissez l'opération s'effectuer, si vous désirez annuler, cliquez sur le bouton Abort Scan en bas à droite.

* •Une fois le scan complété, vous recevez un message disant que celui-ci a réussi
* •Cliquez sur le bouton Show Results en bas pour afficher les éléments détectés

* •Les éléments détectés apparaissent sous forme de liste.
* •Ces derniers sont tous cochés, pour les supprimer, cliquez sur le bouton Remove Selected en bas à gauche.

* •Une barre de progression affiche l'avancement de la suppression

* •Si des éléments infectieux très difficiles à supprimer sont détectés (ce n'est donc pas forcément le cas), un message vous signale que le système devra être redémarré après le processus de suppression des malwares.
* •Cliquez sur le bouton Yes pour continuer.

* ••Un rapport de scan s'ouvre, sauvegardez le afin de pouvoir le récupérer en mode normal.••*

_____________________
colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 20
yoap Messages postés 16 Statut Membre
 
Salut et merci de m accorder du temps, alors j'ai fais les deux scans. J'ai une 21 infections dans les valeurs et clé du registre avec le logiciel pour les malwares et 13 dossiers ou fichiers infectés, dois-je poster le rapport?

Sinon voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:48, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Fast.exe
C:\Apps\Powercinema\PCMService.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\taskswitch.exe
C:\APPS\OD2\OD2State.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: dcads - {5a1f70ef-9aa4-487f-d13c-d500b02de68c} - C:\WINDOWS\system32\nss24D.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Chin cool.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aimclock] C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [bpimcuiyi] c:\documents and settings\damade\local settings\application data\bpimcuiyi.exe bpimcuiyi
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 3 / 20
yoap Messages postés 16 Statut Membre
 
J'ai oublié de dire qu'en rallumant le pc après l'analyse en mode sans échec avec le logiciel anti malware, Antivir ma signalé 3 fois de suite au démarrage en mode normal que le trojan citait dans le premier message était toujours présent.
0
Réponse 4 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok il en reste mais il faut me coller tous les rapports demandés!

________________

si tu as norton et antivir vire un des deux sinon l'ordi va planter!

________________

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

__________________

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
yoap Messages postés 16 Statut Membre
 
Voici le rapport du logiciel malwarebytes: Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1071
Windows 5.1.2600 Service Pack 2

08:28:58 20/08/2008
mbam-log-08-20-2008 (08-28-43).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 274027
Temps écoulé: 5 hour(s), 45 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e94c3af8-d32c-4389-ac9a-be17471edc42} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63eadaa3-1cea-43e0-a7dd-eb46dba8a47e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.BHO) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\damade\Local Settings\Application Data\bpimcuiyi_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\damade\Local Settings\Application Data\bpimcuiyi_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\damade\Local Settings\Application Data\bpimcuiyi.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\damade\Local Settings\Application Data\wmetkbqheh_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\damade\Local Settings\Application Data\wmetkbqheh_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\damade\Local Settings\Application Data\wmetkbqheh.dat (Adware.Navipromo.H) -> No action taken.
C:\WINDOWS\system32\nsd38.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> No action taken.
C:\Documents and Settings\GILOU\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
C:\Documents and Settings\damade\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.

Je vais faire le reste et je le poste après.
0
Réponse 6 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok vire tout ce qui a été trouvé

a plus
0
Réponse 7 / 20
yoap Messages postés 16 Statut Membre
 
Rapport fixnavi : Search Navipromo version 3.6.4 commencé le 20/08/2008 à 10:50:13.17

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "damade"

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\damade\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\GILOU\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\damade\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\GILOU\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\damade\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\GILOU\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\damade\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\GILOU\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\damade\locals~1\applic~1" :

* Dans "C:\DOCUME~1\GILOU\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 20/08/2008 à 11:18:14.64 ***
0
Réponse 8 / 20
yoap Messages postés 16 Statut Membre
 
Rapport lop s:

--------------------\\ Lop S&D 4.2.3-1 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
Phoenix - AwardBIOS v6.00PG
USER : Loy la Star ( Administrator )
USER : GILOU ( Not Administrator ! )
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 19-08-2008|02:08 )
Option : [1] ( 20/08/2008|11:20 )

--------------------\\ Listing des dossiers dans APPLIC~1

[16/07/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/02/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[07/09/2004|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[25/12/2007|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/12/2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/08/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Armagetron
[04/11/2007|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[22/07/2008|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/01/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[17/11/2004|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[30/09/2002|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[02/03/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/08/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/08/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[15/09/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
[02/08/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[26/08/2007|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet debug mess great
[17/02/2008|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[23/02/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[07/10/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[23/09/2007|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LUUnInstall.LiveUpdate
[23/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[14/08/2007|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[19/08/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/06/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
[10/08/2007|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/01/2008|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[06/08/2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[10/12/2005|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05/09/2004|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[05/08/2007|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[25/12/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[23/09/2004|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/02/2006|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
[30/09/2002|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[25/07/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[18/02/2008|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[20/08/2008|08:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/09/2007|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[02/08/2008|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/02/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[10/08/2004|14:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[04/01/2008|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/08/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[04/04/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[28/09/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[02/02/2008|14:01] C:\DOCUME~1\damade\APPLIC~1\.ABC
[16/07/2008|16:53] C:\DOCUME~1\damade\APPLIC~1\Adobe
[10/02/2008|16:07] C:\DOCUME~1\damade\APPLIC~1\AdobeUM
[25/12/2007|17:12] C:\DOCUME~1\damade\APPLIC~1\Apple Computer
[23/08/2007|22:59] C:\DOCUME~1\damade\APPLIC~1\Armagetron
[04/11/2007|13:47] C:\DOCUME~1\damade\APPLIC~1\AVG7
[27/01/2007|02:09] C:\DOCUME~1\damade\APPLIC~1\Axialis
[01/02/2008|23:35] C:\DOCUME~1\damade\APPLIC~1\Cabos
[01/02/2008|23:35] C:\DOCUME~1\damade\APPLIC~1\Cabos.plist
[04/09/2004|21:08] C:\DOCUME~1\damade\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\damade\APPLIC~1\desktop.ini
[24/08/2007|18:24] C:\DOCUME~1\damade\APPLIC~1\DivX
[17/02/2008|14:09] C:\DOCUME~1\damade\APPLIC~1\dvdcss
[14/07/2008|17:05] C:\DOCUME~1\damade\APPLIC~1\FMZilla
[19/05/2008|18:24] C:\DOCUME~1\damade\APPLIC~1\GDIPFONTCACHEV1.DAT
[03/12/2007|16:46] C:\DOCUME~1\damade\APPLIC~1\GetRightToGo
[04/08/2007|15:20] C:\DOCUME~1\damade\APPLIC~1\Google
[02/08/2008|12:35] C:\DOCUME~1\damade\APPLIC~1\Grisoft
[14/09/2004|13:23] C:\DOCUME~1\damade\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\damade\APPLIC~1\Identities
[30/10/2004|20:27] C:\DOCUME~1\damade\APPLIC~1\Jasc
[05/09/2004|12:06] C:\DOCUME~1\damade\APPLIC~1\Leadertech
[04/01/2008|21:01] C:\DOCUME~1\damade\APPLIC~1\ma-config.com
[04/08/2007|16:33] C:\DOCUME~1\damade\APPLIC~1\Macromedia
[19/08/2008|22:39] C:\DOCUME~1\damade\APPLIC~1\Malwarebytes
[22/10/2007|13:07] C:\DOCUME~1\damade\APPLIC~1\Microsoft
[27/06/2008|19:38] C:\DOCUME~1\damade\APPLIC~1\Mozilla
[10/09/2007|04:21] C:\DOCUME~1\damade\APPLIC~1\MSN6
[26/11/2005|16:52] C:\DOCUME~1\damade\APPLIC~1\Musicmatch
[05/09/2004|00:56] C:\DOCUME~1\damade\APPLIC~1\OD2
[23/08/2007|23:17] C:\DOCUME~1\damade\APPLIC~1\OpenArena
[20/08/2008|09:14] C:\DOCUME~1\damade\APPLIC~1\OpenOffice.org2
[17/02/2008|21:32] C:\DOCUME~1\damade\APPLIC~1\proDAD
[18/02/2008|01:01] C:\DOCUME~1\damade\APPLIC~1\Publish Providers
[25/02/2006|01:35] C:\DOCUME~1\damade\APPLIC~1\Real
[27/12/2007|02:21] C:\DOCUME~1\damade\APPLIC~1\Samsung
[16/03/2008|15:35] C:\DOCUME~1\damade\APPLIC~1\SecuROM
[20/08/2008|09:13] C:\DOCUME~1\damade\APPLIC~1\Skype
[20/08/2008|08:40] C:\DOCUME~1\damade\APPLIC~1\skypePM
[13/01/2008|02:48] C:\DOCUME~1\damade\APPLIC~1\SMasterMind Prefs.txt
[18/10/2004|23:21] C:\DOCUME~1\damade\APPLIC~1\Sonic
[18/02/2008|00:59] C:\DOCUME~1\damade\APPLIC~1\Sony
[29/09/2007|21:36] C:\DOCUME~1\damade\APPLIC~1\Sony Setup
[11/11/2007|15:23] C:\DOCUME~1\damade\APPLIC~1\SopCast
[10/08/2004|14:16] C:\DOCUME~1\damade\APPLIC~1\Sun
[23/09/2007|22:12] C:\DOCUME~1\damade\APPLIC~1\Symantec
[15/08/2007|00:04] C:\DOCUME~1\damade\APPLIC~1\Talkback
[20/05/2008|15:19] C:\DOCUME~1\damade\APPLIC~1\TaoUSign
[10/09/2007|11:09] C:\DOCUME~1\damade\APPLIC~1\TRUST LIVE
[17/02/2008|14:51] C:\DOCUME~1\damade\APPLIC~1\Ulead Systems
[10/08/2008|20:07] C:\DOCUME~1\damade\APPLIC~1\Vista Start Menu
[20/05/2008|13:39] C:\DOCUME~1\damade\APPLIC~1\vlc
[29/08/2007|23:13] C:\DOCUME~1\damade\APPLIC~1\Wormux
[01/12/2007|15:12] C:\DOCUME~1\damade\APPLIC~1\Xi
[10/08/2004|14:26] C:\DOCUME~1\damade\APPLIC~1\You've Got Pictures Screensaver
[13/10/2007|19:34] C:\DOCUME~1\damade\APPLIC~1\ZimTV

[30/09/2002|12:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|13:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[18/10/2007|20:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[10/08/2004|14:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/08/2004|14:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[10/08/2004|14:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[10/08/2004|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[10/08/2004|14:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[11/04/2008|19:52] C:\DOCUME~1\GILOU\APPLIC~1\Adobe
[29/12/2007|22:56] C:\DOCUME~1\GILOU\APPLIC~1\Apple Computer
[03/11/2007|23:31] C:\DOCUME~1\GILOU\APPLIC~1\AVG7
[18/02/2007|15:21] C:\DOCUME~1\GILOU\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\GILOU\APPLIC~1\desktop.ini
[24/05/2008|10:02] C:\DOCUME~1\GILOU\APPLIC~1\DivX
[06/08/2007|04:38] C:\DOCUME~1\GILOU\APPLIC~1\Google
[02/08/2008|21:20] C:\DOCUME~1\GILOU\APPLIC~1\Grisoft
[10/01/2007|15:11] C:\DOCUME~1\GILOU\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\GILOU\APPLIC~1\Identities
[04/08/2007|17:57] C:\DOCUME~1\GILOU\APPLIC~1\Macromedia
[09/03/2008|12:24] C:\DOCUME~1\GILOU\APPLIC~1\Microsoft
[28/06/2008|13:31] C:\DOCUME~1\GILOU\APPLIC~1\Mozilla
[05/05/2007|13:58] C:\DOCUME~1\GILOU\APPLIC~1\OD2
[20/08/2008|10:31] C:\DOCUME~1\GILOU\APPLIC~1\OpenOffice.org2
[04/08/2007|13:02] C:\DOCUME~1\GILOU\APPLIC~1\Real
[10/08/2004|14:16] C:\DOCUME~1\GILOU\APPLIC~1\Sun
[10/08/2004|14:28] C:\DOCUME~1\GILOU\APPLIC~1\Symantec
[26/08/2007|16:31] C:\DOCUME~1\GILOU\APPLIC~1\Talkback
[17/02/2008|20:21] C:\DOCUME~1\GILOU\APPLIC~1\Ulead Systems
[03/02/2008|10:56] C:\DOCUME~1\GILOU\APPLIC~1\Xi
[10/08/2004|14:26] C:\DOCUME~1\GILOU\APPLIC~1\You've Got Pictures Screensaver

[19/08/2008|21:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[19/08/2008|21:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[10/09/2007|16:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[26/11/2007|18:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[04/11/2007|13:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/11/2007|13:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/09/2004|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[15/08/2008 15:00][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[19/08/2008 11:45][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/08/2008 10:37][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[20/08/2008 09:07][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[03/02/2008|01:57] C:\Program Files\7-Zip
[19/11/2006|01:10] C:\Program Files\Actions
[12/05/2008|22:00] C:\Program Files\Adobe
[17/02/2008|22:23] C:\Program Files\AdorageI-GfxDatas
[17/02/2008|21:25] C:\Program Files\AdorageI-SAL
[06/07/2008|16:46] C:\Program Files\adslTV
[21/11/2007|14:59] C:\Program Files\Advanced Sound Recorder
[10/09/2007|11:09] C:\Program Files\Adverts
[28/02/2005|23:10] C:\Program Files\Ahead
[14/08/2007|15:02] C:\Program Files\Alwil Software
[15/11/2007|22:20] C:\Program Files\Antipub
[07/09/2004|23:29] C:\Program Files\AOL 9.0
[10/08/2004|14:26] C:\Program Files\AOL Compagnon
[25/12/2007|14:15] C:\Program Files\Apple Software Update
[13/09/2005|00:14] C:\Program Files\Aros Magic
[11/04/2008|14:48] C:\Program Files\ASIO4ALL v2
[30/12/2006|23:26] C:\Program Files\Astra
[27/01/2007|02:31] C:\Program Files\Atomic Clock Sync
[29/09/2007|21:26] C:\Program Files\Audacity
[19/05/2008|15:43] C:\Program Files\AV Vcs 6.0 DIAMOND
[22/03/2008|12:44] C:\Program Files\AVI MPEG RM WMV Joiner
[22/07/2008|23:02] C:\Program Files\Avira
[22/03/2008|12:44] C:\Program Files\avisplit
[12/08/2007|03:21] C:\Program Files\AviSynth 2.5
[02/03/2008|17:09] C:\Program Files\Bonjour
[04/01/2008|03:01] C:\Program Files\Boonty
[04/01/2008|03:01] C:\Program Files\BoontyGames
[12/12/2004|15:23] C:\Program Files\Borland
[01/02/2008|23:21] C:\Program Files\Cabos
[24/09/2007|12:14] C:\Program Files\CCleaner
[13/05/2008|00:28] C:\Program Files\CDex_170b2
[10/08/2004|14:18] C:\Program Files\Common Files
[30/09/2002|13:01] C:\Program Files\ComPlus Applications
[04/09/2004|21:31] C:\Program Files\CosmoSoftware
[10/02/2008|00:57] C:\Program Files\Counter-Strike 1.6 + Half-Life
[19/08/2008|11:47] C:\Program Files\Crawler
[13/08/2007|23:38] C:\Program Files\CursorXP
[10/08/2004|14:31] C:\Program Files\CyberLink
[04/11/2007|18:02] C:\Program Files\Dcads Games Collection
[05/09/2007|18:08] C:\Program Files\DD PlayCam
[10/04/2008|22:28] C:\Program Files\DesktopEarth
[17/11/2004|19:36] C:\Program Files\Digital Video Duplicator
[04/09/2004|21:26] C:\Program Files\directx
[24/08/2007|18:21] C:\Program Files\DivX
[27/01/2007|02:35] C:\Program Files\Don't Touch My Computer 2
[11/08/2007|23:21] C:\Program Files\Doom 3
[10/11/2007|14:49] C:\Program Files\DVDVIDEOSOFT
[16/12/2006|01:24] C:\Program Files\DX-Ball
[16/03/2008|15:03] C:\Program Files\EA Sports
[12/08/2007|03:18] C:\Program Files\eRightSoft
[24/12/2007|17:45] C:\Program Files\EvilLyrics
[26/12/2007|19:51] C:\Program Files\ffdshow
[20/08/2008|09:09] C:\Program Files\Fichiers communs
[13/12/2006|21:02] C:\Program Files\Football Generation
[04/01/2008|20:37] C:\Program Files\Free Download Manager
[14/07/2008|17:07] C:\Program Files\Free Music Zilla
[04/03/2005|20:07] C:\Program Files\Gabest
[08/01/2007|00:04] C:\Program Files\GJ Games
[09/09/2007|22:38] C:\Program Files\Google
[02/08/2008|12:35] C:\Program Files\Grisoft
[01/06/2008|01:07] C:\Program Files\HarmoTab
[16/02/2008|23:40] C:\Program Files\hkSFV
[01/03/2008|14:06] C:\Program Files\Illustrate
[11/04/2008|14:48] C:\Program Files\Image-Line
[13/06/2008|16:52] C:\Program Files\InstallShield Installation Information
[04/09/2004|22:31] C:\Program Files\InterActual
[14/08/2008|11:14] C:\Program Files\Internet Explorer
[20/01/2008|04:44] C:\Program Files\iPod
[20/01/2008|04:44] C:\Program Files\iTunes
[15/02/2008|22:37] C:\Program Files\IZArc
[30/10/2004|20:00] C:\Program Files\Jasc Software Inc
[20/07/2008|13:43] C:\Program Files\Java
[27/01/2007|02:14] C:\Program Files\JerMar Software
[29/01/2005|20:22] C:\Program Files\JHC SoftWare
[25/12/2006|13:07] C:\Program Files\Lame MP3 Codec
[04/09/2004|21:27] C:\Program Files\Larousse
[07/10/2007|15:23] C:\Program Files\Lavasoft
[10/08/2004|14:26] C:\Program Files\Learn2.com
[02/06/2007|17:52] C:\Program Files\Lexmark 2200 Series
[04/09/2004|23:38] C:\Program Files\Lexmark_RMN
[10/02/2008|00:18] C:\Program Files\LimeWire
[17/11/2004|19:28] C:\Program Files\LiveUpdate
[05/09/2007|18:23] C:\Program Files\Look 310S
[04/01/2008|21:01] C:\Program Files\ma-config.com
[03/09/2007|18:13] C:\Program Files\Macrogaming
[19/08/2008|22:39] C:\Program Files\Malwarebytes' Anti-Malware
[13/06/2008|16:51] C:\Program Files\Maxtor
[14/08/2008|11:20] C:\Program Files\Messenger
[13/01/2008|00:31] C:\Program Files\Messenger Plus! Live
[10/09/2007|13:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/09/2004|14:34] C:\Program Files\Microsoft Encarta
[30/09/2002|13:05] C:\Program Files\microsoft frontpage
[10/08/2004|14:33] C:\Program Files\microsoft office
[14/08/2008|11:56] C:\Program Files\Microsoft Silverlight
[10/08/2004|14:33] C:\Program Files\Microsoft Visual Studio
[12/11/2007|03:49] C:\Program Files\MMConvert
[14/09/2005|01:12] C:\Program Files\Morgan
[08/10/2007|02:36] C:\Program Files\Movie Maker
[20/08/2008|10:42] C:\Program Files\Mozilla Firefox
[07/10/2006|23:37] C:\Program Files\MP3 Player Utilities
[18/02/2008|00:40] C:\Program Files\MSBuild
[30/09/2002|13:00] C:\Program Files\MSN
[30/09/2002|13:00] C:\Program Files\MSN Gaming Zone
[07/04/2008|03:27] C:\Program Files\MSN Messenger
[12/08/2008|00:28] C:\Program Files\MSNFix
[04/09/2004|21:32] C:\Program Files\MSXML 4.0
[18/02/2008|04:02] C:\Program Files\MSXML 6.0
[02/01/2008|19:04] C:\Program Files\MusicBrainz Tagger
[26/11/2005|16:52] C:\Program Files\Musicmatch
[20/08/2008|11:18] C:\Program Files\Navilog1
[31/12/2007|01:41] C:\Program Files\Neoact
[08/10/2007|02:33] C:\Program Files\NetMeeting
[08/08/2007|20:40] C:\Program Files\Neuf
[23/09/2007|22:14] C:\Program Files\Norton AntiVirus
[10/09/2007|15:21] C:\Program Files\Norton Internet Security
[19/08/2008|13:34] C:\Program Files\Norton Security Scan
[27/01/2007|02:11] C:\Program Files\ObjectDock
[15/03/2008|15:43] C:\Program Files\OpenOffice.org 2.3
[13/10/2007|20:08] C:\Program Files\Outlook Express
[11/04/2008|14:43] C:\Program Files\Outsim
[18/06/2007|12:04] C:\Program Files\Philips
[16/04/2008|04:27] C:\Program Files\Picasa2
[10/06/2008|14:59] C:\Program Files\PKR
[25/10/2004|17:23] C:\Program Files\PLUS!
[23/09/2007|22:44] C:\Program Files\PopUp Killer
[23/12/2007|18:39] C:\Program Files\Project64 1.6
[20/01/2008|04:40] C:\Program Files\QuickTime
[12/08/2007|12:19] C:\Program Files\RALINK
[10/08/2004|14:26] C:\Program Files\Real
[04/01/2008|21:41] C:\Program Files\Realtek AC97
[18/02/2008|00:30] C:\Program Files\Reference Assemblies
[12/01/2008|04:08] C:\Program Files\RomuSoft
[27/12/2007|02:08] C:\Program Files\Samsung
[12/09/2007|19:05] C:\Program Files\SaveNow
[27/05/2007|19:33] C:\Program Files\SEGA
[30/09/2002|13:00] C:\Program Files\Services en ligne
[05/09/2007|18:09] C:\Program Files\SetupDriver
[08/06/2008|16:53] C:\Program Files\SIW
[25/07/2008|01:10] C:\Program Files\Skype
[02/02/2008|02:11] C:\Program Files\Smart Projects
[21/08/2007|20:54] C:\Program Files\SmartSound Software
[30/12/2006|19:18] C:\Program Files\Snakin'
[10/08/2004|14:36] C:\Program Files\Sonic
[18/02/2008|00:44] C:\Program Files\Sony
[18/02/2008|00:27] C:\Program Files\Sony Setup
[11/11/2007|15:22] C:\Program Files\SopCast
[09/06/2008|02:43] C:\Program Files\SpeedFan
[20/08/2008|09:07] C:\Program Files\Spybot - Search & Destroy
[07/06/2008|12:36] C:\Program Files\StuffPlug3
[10/09/2007|15:15] C:\Program Files\Symantec
[23/09/2007|22:13] C:\Program Files\SymNetDrv
[27/01/2007|02:13] C:\Program Files\TClockEx
[14/09/2004|13:14] C:\Program Files\The Learning Company
[20/08/2008|09:02] C:\Program Files\Trend Micro
[08/08/2007|22:40] C:\Program Files\TRUST LIVE
[17/02/2008|13:48] C:\Program Files\Ulead Systems
[29/10/2007|16:37] C:\Program Files\UltraDefrag
[30/09/2002|13:09] C:\Program Files\Uninstall Information
[04/01/2008|21:44] C:\Program Files\VIA
[16/11/2007|12:59] C:\Program Files\VideoLAN
[10/08/2004|14:26] C:\Program Files\Viewpoint
[29/10/2007|00:56] C:\Program Files\Vista Start Menu
[11/04/2008|14:48] C:\Program Files\VstPlugins
[22/12/2004|16:53] C:\Program Files\Wanadoo edition
[23/09/2007|21:54] C:\Program Files\Winamp
[17/11/2004|19:28] C:\Program Files\WinASPI
[27/01/2007|02:10] C:\Program Files\WinCustomize
[16/11/2007|04:28] C:\Program Files\Windows Live
[19/11/2007|12:57] C:\Program Files\Windows Live Toolbar
[12/11/2007|03:51] C:\Program Files\Windows Media Components
[11/08/2008|21:53] C:\Program Files\Windows Media Connect 2
[11/08/2008|22:10] C:\Program Files\Windows Media Player
[08/10/2007|02:32] C:\Program Files\Windows NT
[03/08/2007|20:04] C:\Program Files\WindowsUpdate
[10/09/2007|13:31] C:\Program Files\Wormux 0.7
[30/09/2002|13:05] C:\Program Files\xerox
[01/12/2007|15:11] C:\Program Files\Xi
[24/09/2007|12:13] C:\Program Files\Yahoo!
[30/12/2006|19:00] C:\Program Files\Zero
[13/10/2007|19:34] C:\Program Files\ZimTV

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/05/2008|22:03] C:\Program Files\Fichiers communs\Adobe
[23/09/2007|21:42] C:\Program Files\Fichiers communs\Adobe Systems Shared
[10/08/2004|14:26] C:\Program Files\Fichiers communs\AOL
[10/08/2004|14:26] C:\Program Files\Fichiers communs\aolshare
[25/12/2007|14:14] C:\Program Files\Fichiers communs\Apple
[04/01/2008|03:02] C:\Program Files\Fichiers communs\BOONTY Shared
[10/08/2004|14:33] C:\Program Files\Fichiers communs\Designer
[12/11/2007|03:36] C:\Program Files\Fichiers communs\DVDVIDEOSOFT
[10/08/2004|14:30] C:\Program Files\Fichiers communs\InstallShield
[17/02/2008|13:58] C:\Program Files\Fichiers communs\InterVideo
[10/08/2004|14:16] C:\Program Files\Fichiers communs\Java
[05/09/2007|18:23] C:\Program Files\Fichiers communs\Look310S
[02/03/2008|16:41] C:\Program Files\Fichiers communs\Macrovision Shared
[17/02/2008|13:39] C:\Program Files\Fichiers communs\Microsoft Shared
[30/09/2002|13:02] C:\Program Files\Fichiers communs\MSSoap
[10/08/2004|14:26] C:\Program Files\Fichiers communs\Nullsoft
[30/09/2002|12:55] C:\Program Files\Fichiers communs\ODBC
[26/11/2005|16:54] C:\Program Files\Fichiers communs\PhilipsMM
[10/08/2004|14:31] C:\Program Files\Fichiers communs\Real
[30/09/2002|13:02] C:\Program Files\Fichiers communs\Services
[25/07/2008|01:10] C:\Program Files\Fichiers communs\Skype
[10/08/2004|14:36] C:\Program Files\Fichiers communs\Sonic Shared
[30/09/2002|12:55] C:\Program Files\Fichiers communs\SpeechEngines
[27/01/2007|02:11] C:\Program Files\Fichiers communs\Stardock
[10/08/2004|14:32] C:\Program Files\Fichiers communs\SureThing Shared
[13/08/2008|22:26] C:\Program Files\Fichiers communs\Symantec Shared
[13/10/2007|20:08] C:\Program Files\Fichiers communs\System
[10/08/2004|14:30] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[17/02/2008|13:52] C:\Program Files\Fichiers communs\Ulead Systems
[29/12/2007|23:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[07/10/2007|15:22] C:\Program Files\Fichiers communs\Wise Installation Wizard
[10/08/2004|14:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 84 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet debug mess great
C:\Program Files\Adverts

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Love default global mess"="C:\\Documents and Settings\\All Users\\Application Data\\great coal love default\\Chin cool.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 11:23:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 679

--------------------\\ Recherche d'autres infections

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bpimcuiyi"="c:\\documents and settings\\damade\\local settings\\application data\\bpimcuiyi.exe bpimcuiyi"

[b]==> EGDACCESS <==/b

--------------------\\ Fin du rapport a 11:28:10
0
Réponse 9 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
relnce navilog et choisi l'option 2 et colles le rapport

___________

relance lop sd , choisi l'option 2 et colles le rapport
0
Réponse 10 / 20
yoap Messages postés 16 Statut Membre
 
Voici les deux rapports :

Clean Navipromo version 3.6.4 commencé le 20/08/2008 à 12:50:27.35

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "damade"

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\damade\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\GILOU\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\damade\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\GILOU\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\damade\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\GILOU\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\damade\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\GILOU\menudm~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\damade\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\damade\locals~1\applic~1" *

* Dans "C:\DOCUME~1\GILOU\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bpimcuiyi"="c:\\documents and settings\\damade\\local settings\\application data\\bpimcuiyi.exe bpimcuiyi"

*** Nettoyage terminé le 20/08/2008 à 12:57:55.64 ***

Deuxième rapport:

--------------------\\ Lop S&D 4.2.3-1 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
Phoenix - AwardBIOS v6.00PG
USER : Loy la Star ( Administrator )
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 19-08-2008|02:08 )
Option : [2] ( 20/08/2008|13:04 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet debug mess great
Supprime! - C:\Program Files\Adverts

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[16/07/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/02/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[07/09/2004|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[25/12/2007|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[25/12/2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/08/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Armagetron
[04/11/2007|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[22/07/2008|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/01/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[17/11/2004|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[30/09/2002|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[02/03/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/08/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/08/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[02/08/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[17/02/2008|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[23/02/2008|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[07/10/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[23/09/2007|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LUUnInstall.LiveUpdate
[23/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[14/08/2007|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[19/08/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/06/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
[10/08/2007|21:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/01/2008|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[06/08/2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[10/12/2005|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05/09/2004|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[05/08/2007|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[25/12/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[23/09/2004|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/02/2006|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
[30/09/2002|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[25/07/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[18/02/2008|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[20/08/2008|08:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/09/2007|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[02/08/2008|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/02/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[04/01/2008|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/08/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[04/04/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[28/09/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[02/02/2008|14:01] C:\DOCUME~1\damade\APPLIC~1\.ABC
[16/07/2008|16:53] C:\DOCUME~1\damade\APPLIC~1\Adobe
[10/02/2008|16:07] C:\DOCUME~1\damade\APPLIC~1\AdobeUM
[25/12/2007|17:12] C:\DOCUME~1\damade\APPLIC~1\Apple Computer
[23/08/2007|22:59] C:\DOCUME~1\damade\APPLIC~1\Armagetron
[04/11/2007|13:47] C:\DOCUME~1\damade\APPLIC~1\AVG7
[27/01/2007|02:09] C:\DOCUME~1\damade\APPLIC~1\Axialis
[23/07/2008|01:29] C:\DOCUME~1\damade\APPLIC~1\Azureus
[01/02/2008|23:35] C:\DOCUME~1\damade\APPLIC~1\Cabos
[01/02/2008|23:35] C:\DOCUME~1\damade\APPLIC~1\Cabos.plist
[04/09/2004|21:08] C:\DOCUME~1\damade\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\damade\APPLIC~1\desktop.ini
[24/08/2007|18:24] C:\DOCUME~1\damade\APPLIC~1\DivX
[17/02/2008|14:09] C:\DOCUME~1\damade\APPLIC~1\dvdcss
[14/07/2008|17:05] C:\DOCUME~1\damade\APPLIC~1\FMZilla
[19/05/2008|18:24] C:\DOCUME~1\damade\APPLIC~1\GDIPFONTCACHEV1.DAT
[03/12/2007|16:46] C:\DOCUME~1\damade\APPLIC~1\GetRightToGo
[04/08/2007|15:20] C:\DOCUME~1\damade\APPLIC~1\Google
[02/08/2008|12:35] C:\DOCUME~1\damade\APPLIC~1\Grisoft
[14/09/2004|13:23] C:\DOCUME~1\damade\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\damade\APPLIC~1\Identities
[30/10/2004|20:27] C:\DOCUME~1\damade\APPLIC~1\Jasc
[05/09/2004|12:06] C:\DOCUME~1\damade\APPLIC~1\Leadertech
[13/07/2008|20:08] C:\DOCUME~1\damade\APPLIC~1\LimeWire
[04/01/2008|21:01] C:\DOCUME~1\damade\APPLIC~1\ma-config.com
[04/08/2007|16:33] C:\DOCUME~1\damade\APPLIC~1\Macromedia
[19/08/2008|22:39] C:\DOCUME~1\damade\APPLIC~1\Malwarebytes
[22/10/2007|13:07] C:\DOCUME~1\damade\APPLIC~1\Microsoft
[27/06/2008|19:38] C:\DOCUME~1\damade\APPLIC~1\Mozilla
[10/09/2007|04:21] C:\DOCUME~1\damade\APPLIC~1\MSN6
[26/11/2005|16:52] C:\DOCUME~1\damade\APPLIC~1\Musicmatch
[05/09/2004|00:56] C:\DOCUME~1\damade\APPLIC~1\OD2
[23/08/2007|23:17] C:\DOCUME~1\damade\APPLIC~1\OpenArena
[20/08/2008|13:03] C:\DOCUME~1\damade\APPLIC~1\OpenOffice.org2
[17/02/2008|21:32] C:\DOCUME~1\damade\APPLIC~1\proDAD
[18/02/2008|01:01] C:\DOCUME~1\damade\APPLIC~1\Publish Providers
[25/02/2006|01:35] C:\DOCUME~1\damade\APPLIC~1\Real
[27/12/2007|02:21] C:\DOCUME~1\damade\APPLIC~1\Samsung
[16/03/2008|15:35] C:\DOCUME~1\damade\APPLIC~1\SecuROM
[20/08/2008|13:03] C:\DOCUME~1\damade\APPLIC~1\Skype
[20/08/2008|08:40] C:\DOCUME~1\damade\APPLIC~1\skypePM
[13/01/2008|02:48] C:\DOCUME~1\damade\APPLIC~1\SMasterMind Prefs.txt
[18/10/2004|23:21] C:\DOCUME~1\damade\APPLIC~1\Sonic
[18/02/2008|00:59] C:\DOCUME~1\damade\APPLIC~1\Sony
[29/09/2007|21:36] C:\DOCUME~1\damade\APPLIC~1\Sony Setup
[11/11/2007|15:23] C:\DOCUME~1\damade\APPLIC~1\SopCast
[10/08/2004|14:16] C:\DOCUME~1\damade\APPLIC~1\Sun
[23/09/2007|22:12] C:\DOCUME~1\damade\APPLIC~1\Symantec
[15/08/2007|00:04] C:\DOCUME~1\damade\APPLIC~1\Talkback
[20/05/2008|15:19] C:\DOCUME~1\damade\APPLIC~1\TaoUSign
[10/09/2007|11:09] C:\DOCUME~1\damade\APPLIC~1\TRUST LIVE
[17/02/2008|14:51] C:\DOCUME~1\damade\APPLIC~1\Ulead Systems
[10/08/2008|20:07] C:\DOCUME~1\damade\APPLIC~1\Vista Start Menu
[20/05/2008|13:39] C:\DOCUME~1\damade\APPLIC~1\vlc
[29/08/2007|23:13] C:\DOCUME~1\damade\APPLIC~1\Wormux
[01/12/2007|15:12] C:\DOCUME~1\damade\APPLIC~1\Xi
[10/08/2004|14:26] C:\DOCUME~1\damade\APPLIC~1\You've Got Pictures Screensaver
[13/10/2007|19:34] C:\DOCUME~1\damade\APPLIC~1\ZimTV

[30/09/2002|12:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[30/09/2002|13:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[18/10/2007|20:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[10/08/2004|14:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/08/2004|14:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[10/08/2004|14:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[10/08/2004|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[10/08/2004|14:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[11/04/2008|19:52] C:\DOCUME~1\GILOU\APPLIC~1\Adobe
[29/12/2007|22:56] C:\DOCUME~1\GILOU\APPLIC~1\Apple Computer
[03/11/2007|23:31] C:\DOCUME~1\GILOU\APPLIC~1\AVG7
[18/02/2007|15:21] C:\DOCUME~1\GILOU\APPLIC~1\CyberLink
[30/09/2002|12:55] C:\DOCUME~1\GILOU\APPLIC~1\desktop.ini
[24/05/2008|10:02] C:\DOCUME~1\GILOU\APPLIC~1\DivX
[06/08/2007|04:38] C:\DOCUME~1\GILOU\APPLIC~1\Google
[02/08/2008|21:20] C:\DOCUME~1\GILOU\APPLIC~1\Grisoft
[10/01/2007|15:11] C:\DOCUME~1\GILOU\APPLIC~1\Help
[30/09/2002|13:09] C:\DOCUME~1\GILOU\APPLIC~1\Identities
[04/08/2007|17:57] C:\DOCUME~1\GILOU\APPLIC~1\Macromedia
[09/03/2008|12:24] C:\DOCUME~1\GILOU\APPLIC~1\Microsoft
[28/06/2008|13:31] C:\DOCUME~1\GILOU\APPLIC~1\Mozilla
[05/05/2007|13:58] C:\DOCUME~1\GILOU\APPLIC~1\OD2
[20/08/2008|10:31] C:\DOCUME~1\GILOU\APPLIC~1\OpenOffice.org2
[04/08/2007|13:02] C:\DOCUME~1\GILOU\APPLIC~1\Real
[10/08/2004|14:16] C:\DOCUME~1\GILOU\APPLIC~1\Sun
[10/08/2004|14:28] C:\DOCUME~1\GILOU\APPLIC~1\Symantec
[26/08/2007|16:31] C:\DOCUME~1\GILOU\APPLIC~1\Talkback
[17/02/2008|20:21] C:\DOCUME~1\GILOU\APPLIC~1\Ulead Systems
[03/02/2008|10:56] C:\DOCUME~1\GILOU\APPLIC~1\Xi
[10/08/2004|14:26] C:\DOCUME~1\GILOU\APPLIC~1\You've Got Pictures Screensaver

[19/08/2008|21:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[19/08/2008|21:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[10/09/2007|16:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[26/11/2007|18:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[04/11/2007|13:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/11/2007|13:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/09/2004|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[15/08/2008 15:00][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[19/08/2008 11:45][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/08/2008 12:37][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[20/08/2008 12:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[03/02/2008|01:57] C:\Program Files\7-Zip
[19/11/2006|01:10] C:\Program Files\Actions
[12/05/2008|22:00] C:\Program Files\Adobe
[17/02/2008|22:23] C:\Program Files\AdorageI-GfxDatas
[17/02/2008|21:25] C:\Program Files\AdorageI-SAL
[06/07/2008|16:46] C:\Program Files\adslTV
[21/11/2007|14:59] C:\Program Files\Advanced Sound Recorder
[28/02/2005|23:10] C:\Program Files\Ahead
[14/08/2007|15:02] C:\Program Files\Alwil Software
[15/11/2007|22:20] C:\Program Files\Antipub
[07/09/2004|23:29] C:\Program Files\AOL 9.0
[10/08/2004|14:26] C:\Program Files\AOL Compagnon
[25/12/2007|14:15] C:\Program Files\Apple Software Update
[13/09/2005|00:14] C:\Program Files\Aros Magic
[11/04/2008|14:48] C:\Program Files\ASIO4ALL v2
[30/12/2006|23:26] C:\Program Files\Astra
[27/01/2007|02:31] C:\Program Files\Atomic Clock Sync
[29/09/2007|21:26] C:\Program Files\Audacity
[19/05/2008|15:43] C:\Program Files\AV Vcs 6.0 DIAMOND
[22/03/2008|12:44] C:\Program Files\AVI MPEG RM WMV Joiner
[22/07/2008|23:02] C:\Program Files\Avira
[22/03/2008|12:44] C:\Program Files\avisplit
[12/08/2007|03:21] C:\Program Files\AviSynth 2.5
[02/03/2008|17:09] C:\Program Files\Bonjour
[04/01/2008|03:01] C:\Program Files\Boonty
[04/01/2008|03:01] C:\Program Files\BoontyGames
[12/12/2004|15:23] C:\Program Files\Borland
[01/02/2008|23:21] C:\Program Files\Cabos
[24/09/2007|12:14] C:\Program Files\CCleaner
[13/05/2008|00:28] C:\Program Files\CDex_170b2
[10/08/2004|14:18] C:\Program Files\Common Files
[30/09/2002|13:01] C:\Program Files\ComPlus Applications
[04/09/2004|21:31] C:\Program Files\CosmoSoftware
[10/02/2008|00:57] C:\Program Files\Counter-Strike 1.6 + Half-Life
[19/08/2008|11:47] C:\Program Files\Crawler
[13/08/2007|23:38] C:\Program Files\CursorXP
[10/08/2004|14:31] C:\Program Files\CyberLink
[04/11/2007|18:02] C:\Program Files\Dcads Games Collection
[05/09/2007|18:08] C:\Program Files\DD PlayCam
[10/04/2008|22:28] C:\Program Files\DesktopEarth
[17/11/2004|19:36] C:\Program Files\Digital Video Duplicator
[04/09/2004|21:26] C:\Program Files\directx
[24/08/2007|18:21] C:\Program Files\DivX
[10/04/2008|15:28] C:\Program Files\DJ Mix Pro
[27/01/2007|02:35] C:\Program Files\Don't Touch My Computer 2
[11/08/2007|23:21] C:\Program Files\Doom 3
[10/11/2007|14:49] C:\Program Files\DVDVIDEOSOFT
[16/12/2006|01:24] C:\Program Files\DX-Ball
[16/03/2008|15:03] C:\Program Files\EA Sports
[12/08/2007|03:18] C:\Program Files\eRightSoft
[24/12/2007|17:45] C:\Program Files\EvilLyrics
[26/12/2007|19:51] C:\Program Files\ffdshow
[20/08/2008|12:58] C:\Program Files\Fichiers communs
[13/12/2006|21:02] C:\Program Files\Football Generation
[04/01/2008|20:37] C:\Program Files\Free Download Manager
[14/07/2008|17:07] C:\Program Files\Free Music Zilla
[04/03/2005|20:07] C:\Program Files\Gabest
[08/01/2007|00:04] C:\Program Files\GJ Games
[09/09/2007|22:38] C:\Program Files\Google
[02/08/2008|12:35] C:\Program Files\Grisoft
[01/06/2008|01:07] C:\Program Files\HarmoTab
[16/02/2008|23:40] C:\Program Files\hkSFV
[01/03/2008|14:06] C:\Program Files\Illustrate
[11/04/2008|14:48] C:\Program Files\Image-Line
[13/06/2008|16:52] C:\Program Files\InstallShield Installation Information
[04/09/2004|22:31] C:\Program Files\InterActual
[14/08/2008|11:14] C:\Program Files\Internet Explorer
[20/01/2008|04:44] C:\Program Files\iPod
[20/01/2008|04:44] C:\Program Files\iTunes
[15/02/2008|22:37] C:\Program Files\IZArc
[30/10/2004|20:00] C:\Program Files\Jasc Software Inc
[20/07/2008|13:43] C:\Program Files\Java
[27/01/2007|02:14] C:\Program Files\JerMar Software
[29/01/2005|20:22] C:\Program Files\JHC SoftWare
[25/12/2006|13:07] C:\Program Files\Lame MP3 Codec
[04/09/2004|21:27] C:\Program Files\Larousse
[07/10/2007|15:23] C:\Program Files\Lavasoft
[10/08/2004|14:26] C:\Program Files\Learn2.com
[02/06/2007|17:52] C:\Program Files\Lexmark 2200 Series
[04/09/2004|23:38] C:\Program Files\Lexmark_RMN
[10/02/2008|00:18] C:\Program Files\LimeWire
[17/11/2004|19:28] C:\Program Files\LiveUpdate
[05/09/2007|18:23] C:\Program Files\Look 310S
[04/01/2008|21:01] C:\Program Files\ma-config.com
[03/09/2007|18:13] C:\Program Files\Macrogaming
[19/08/2008|22:39] C:\Program Files\Malwarebytes' Anti-Malware
[13/06/2008|16:51] C:\Program Files\Maxtor
[14/08/2008|11:20] C:\Program Files\Messenger
[13/01/2008|00:31] C:\Program Files\Messenger Plus! Live
[10/09/2007|13:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/09/2004|14:34] C:\Program Files\Microsoft Encarta
[30/09/2002|13:05] C:\Program Files\microsoft frontpage
[10/08/2004|14:33] C:\Program Files\microsoft office
[14/08/2008|11:56] C:\Program Files\Microsoft Silverlight
[10/08/2004|14:33] C:\Program Files\Microsoft Visual Studio
[12/11/2007|03:49] C:\Program Files\MMConvert
[14/09/2005|01:12] C:\Program Files\Morgan
[08/10/2007|02:36] C:\Program Files\Movie Maker
[20/08/2008|12:48] C:\Program Files\Mozilla Firefox
[07/10/2006|23:37] C:\Program Files\MP3 Player Utilities
[18/02/2008|00:40] C:\Program Files\MSBuild
[30/09/2002|13:00] C:\Program Files\MSN
[30/09/2002|13:00] C:\Program Files\MSN Gaming Zone
[07/04/2008|03:27] C:\Program Files\MSN Messenger
[12/08/2008|00:28] C:\Program Files\MSNFix
[04/09/2004|21:32] C:\Program Files\MSXML 4.0
[18/02/2008|04:02] C:\Program Files\MSXML 6.0
[02/01/2008|19:04] C:\Program Files\MusicBrainz Tagger
[26/11/2005|16:52] C:\Program Files\Musicmatch
[20/08/2008|12:57] C:\Program Files\Navilog1
[31/12/2007|01:41] C:\Program Files\Neoact
[08/10/2007|02:33] C:\Program Files\NetMeeting
[08/08/2007|20:40] C:\Program Files\Neuf
[23/09/2007|22:14] C:\Program Files\Norton AntiVirus
[10/09/2007|15:21] C:\Program Files\Norton Internet Security
[19/08/2008|13:34] C:\Program Files\Norton Security Scan
[27/01/2007|02:11] C:\Program Files\ObjectDock
[15/03/2008|15:43] C:\Program Files\OpenOffice.org 2.3
[13/10/2007|20:08] C:\Program Files\Outlook Express
[11/04/2008|14:43] C:\Program Files\Outsim
[18/06/2007|12:04] C:\Program Files\Philips
[16/04/2008|04:27] C:\Program Files\Picasa2
[10/06/2008|14:59] C:\Program Files\PKR
[25/10/2004|17:23] C:\Program Files\PLUS!
[23/09/2007|22:44] C:\Program Files\PopUp Killer
[23/12/2007|18:39] C:\Program Files\Project64 1.6
[20/01/2008|04:40] C:\Program Files\QuickTime
[12/08/2007|12:19] C:\Program Files\RALINK
[10/08/2004|14:26] C:\Program Files\Real
[04/01/2008|21:41] C:\Program Files\Realtek AC97
[18/02/2008|00:30] C:\Program Files\Reference Assemblies
[12/01/2008|04:08] C:\Program Files\RomuSoft
[27/12/2007|02:08] C:\Program Files\Samsung
[12/09/2007|19:05] C:\Program Files\SaveNow
[27/05/2007|19:33] C:\Program Files\SEGA
[30/09/2002|13:00] C:\Program Files\Services en ligne
[05/09/2007|18:09] C:\Program Files\SetupDriver
[08/06/2008|16:53] C:\Program Files\SIW
[25/07/2008|01:10] C:\Program Files\Skype
[02/02/2008|02:11] C:\Program Files\Smart Projects
[21/08/2007|20:54] C:\Program Files\SmartSound Software
[30/12/2006|19:18] C:\Program Files\Snakin'
[10/08/2004|14:36] C:\Program Files\Sonic
[18/02/2008|00:44] C:\Program Files\Sony
[18/02/2008|00:27] C:\Program Files\Sony Setup
[11/11/2007|15:22] C:\Program Files\SopCast
[09/06/2008|02:43] C:\Program Files\SpeedFan
[20/08/2008|09:07] C:\Program Files\Spybot - Search & Destroy
[07/06/2008|12:36] C:\Program Files\StuffPlug3
[10/09/2007|15:15] C:\Program Files\Symantec
[23/09/2007|22:13] C:\Program Files\SymNetDrv
[27/01/2007|02:13] C:\Program Files\TClockEx
[14/09/2004|13:14] C:\Program Files\The Learning Company
[20/08/2008|09:02] C:\Program Files\Trend Micro
[08/08/2007|22:40] C:\Program Files\TRUST LIVE
[17/02/2008|13:48] C:\Program Files\Ulead Systems
[29/10/2007|16:37] C:\Program Files\UltraDefrag
[30/09/2002|13:09] C:\Program Files\Uninstall Information
[04/01/2008|21:44] C:\Program Files\VIA
[16/11/2007|12:59] C:\Program Files\VideoLAN
[29/10/2007|00:56] C:\Program Files\Vista Start Menu
[11/04/2008|14:48] C:\Program Files\VstPlugins
[22/12/2004|16:53] C:\Program Files\Wanadoo edition
[23/09/2007|21:54] C:\Program Files\Winamp
[17/11/2004|19:28] C:\Program Files\WinASPI
[27/01/2007|02:10] C:\Program Files\WinCustomize
[16/11/2007|04:28] C:\Program Files\Windows Live
[19/11/2007|12:57] C:\Program Files\Windows Live Toolbar
[12/11/2007|03:51] C:\Program Files\Windows Media Components
[11/08/2008|21:53] C:\Program Files\Windows Media Connect 2
[11/08/2008|22:10] C:\Program Files\Windows Media Player
[08/10/2007|02:32] C:\Program Files\Windows NT
[03/08/2007|20:04] C:\Program Files\WindowsUpdate
[10/09/2007|13:31] C:\Program Files\Wormux 0.7
[30/09/2002|13:05] C:\Program Files\xerox
[01/12/2007|15:11] C:\Program Files\Xi
[24/09/2007|12:13] C:\Program Files\Yahoo!
[30/12/2006|19:00] C:\Program Files\Zero
[13/10/2007|19:34] C:\Program Files\ZimTV

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/05/2008|22:03] C:\Program Files\Fichiers communs\Adobe
[23/09/2007|21:42] C:\Program Files\Fichiers communs\Adobe Systems Shared
[10/08/2004|14:26] C:\Program Files\Fichiers communs\AOL
[10/08/2004|14:26] C:\Program Files\Fichiers communs\aolshare
[25/12/2007|14:14] C:\Program Files\Fichiers communs\Apple
[04/01/2008|03:02] C:\Program Files\Fichiers communs\BOONTY Shared
[10/08/2004|14:33] C:\Program Files\Fichiers communs\Designer
[12/11/2007|03:36] C:\Program Files\Fichiers communs\DVDVIDEOSOFT
[10/08/2004|14:30] C:\Program Files\Fichiers communs\InstallShield
[17/02/2008|13:58] C:\Program Files\Fichiers communs\InterVideo
[10/08/2004|14:16] C:\Program Files\Fichiers communs\Java
[05/09/2007|18:23] C:\Program Files\Fichiers communs\Look310S
[02/03/2008|16:41] C:\Program Files\Fichiers communs\Macrovision Shared
[17/02/2008|13:39] C:\Program Files\Fichiers communs\Microsoft Shared
[30/09/2002|13:02] C:\Program Files\Fichiers communs\MSSoap
[10/08/2004|14:26] C:\Program Files\Fichiers communs\Nullsoft
[30/09/2002|12:55] C:\Program Files\Fichiers communs\ODBC
[26/11/2005|16:54] C:\Program Files\Fichiers communs\PhilipsMM
[10/08/2004|14:31] C:\Program Files\Fichiers communs\Real
[30/09/2002|13:02] C:\Program Files\Fichiers communs\Services
[25/07/2008|01:10] C:\Program Files\Fichiers communs\Skype
[10/08/2004|14:36] C:\Program Files\Fichiers communs\Sonic Shared
[30/09/2002|12:55] C:\Program Files\Fichiers communs\SpeechEngines
[27/01/2007|02:11] C:\Program Files\Fichiers communs\Stardock
[10/08/2004|14:32] C:\Program Files\Fichiers communs\SureThing Shared
[13/08/2008|22:26] C:\Program Files\Fichiers communs\Symantec Shared
[13/10/2007|20:08] C:\Program Files\Fichiers communs\System
[10/08/2004|14:30] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
[17/02/2008|13:52] C:\Program Files\Fichiers communs\Ulead Systems
[29/12/2007|23:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[07/10/2007|15:22] C:\Program Files\Fichiers communs\Wise Installation Wizard
[10/08/2004|14:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 69 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 13:09:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 679

--------------------\\ Recherche d'autres infections

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bpimcuiyi"="c:\\documents and settings\\damade\\local settings\\application data\\bpimcuiyi.exe bpimcuiyi"

[b]==> EGDACCESS <==/b

[F:6][D:2]-> C:\DOCUME~1\damade\LOCALS~1\Temp
[F:32][D:0]-> C:\DOCUME~1\damade\Cookies
[F:49][D:4]-> C:\DOCUME~1\damade\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 13:13:50
0
Réponse 11 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
telecharge combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\\documents and settings\\damade\\local settings\\application data\\bpimcuiyi.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bpimcuiyi"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 12 / 20
yoap Messages postés 16 Statut Membre
 
Voici les deux rapports:
Combofix:
ComboFix 08-08-19.02 - damade 2008-08-20 20:37:20.1 - NTFSx86
Endroit: C:\DOCUME~1\damade\Bureau\ComboFix.exe
Command switches used :: C:\DOCUME~1\damade\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
c:\\documents and settings\\damade\\local settings\\application data\\bpimcuiyi.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\uninstall.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 11:19 . 2008-08-20 13:13 <REP> d-------- C:\Lop SD
2008-08-20 10:48 . 2008-08-20 12:57 <REP> d-------- C:\Program Files\Navilog1
2008-08-20 09:02 . 2008-08-20 09:02 <REP> d-------- C:\Program Files\Trend Micro
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\DOCUME~1\damade\Application Data\Malwarebytes
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\DOCUME~1\damade\Application Data\Malwarebytes
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
2008-08-19 22:39 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 22:39 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 21:46 . 2008-08-19 21:46 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-14 11:56 . 2008-08-14 11:56 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-13 23:51 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 00:13 . 2008-08-12 00:28 <REP> d-------- C:\Program Files\MSNFix
2008-08-11 21:55 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-11 21:55 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-11 21:55 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-11 21:53 . 2008-08-11 21:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-11 21:48 . 2008-08-11 21:48 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-11 21:48 . 2008-08-11 21:51 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-11 21:48 . 2008-08-14 11:20 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-02 21:20 . 2008-08-02 21:20 <REP> d-------- C:\Documents and Settings\GILOU\Application Data\Grisoft
2008-08-02 12:35 . 2008-08-02 12:35 <REP> d-------- C:\DOCUME~1\damade\Application Data\Grisoft
2008-08-02 12:35 . 2008-08-02 12:35 <REP> d-------- C:\DOCUME~1\damade\Application Data\Grisoft
2008-08-02 12:35 . 2008-08-02 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2008-08-02 12:35 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-02 12:04 . 2008-08-20 09:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 12:04 . 2008-08-20 08:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2008-07-25 01:32 . 2008-08-20 16:02 <REP> d-------- C:\DOCUME~1\damade\Application Data\skypePM
2008-07-25 01:32 . 2008-08-20 16:02 <REP> d-------- C:\DOCUME~1\damade\Application Data\skypePM
2008-07-25 01:32 . 2008-07-25 01:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-25 01:29 . 2008-08-20 20:20 <REP> d-------- C:\DOCUME~1\damade\Application Data\Skype
2008-07-25 01:29 . 2008-08-20 20:20 <REP> d-------- C:\DOCUME~1\damade\Application Data\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\Program Files\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2008-07-24 15:53 . 2008-07-24 15:53 230,424 --a------ C:\img1-002.raw
2008-07-22 23:02 . 2008-07-22 23:02 <REP> d-------- C:\Program Files\Avira
2008-07-22 23:02 . 2008-07-22 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 18:20 --------- d-----w C:\DOCUME~1\damade\Application Data\OpenOffice.org2
2008-08-20 18:20 --------- d-----w C:\DOCUME~1\damade\Application Data\OpenOffice.org2
2008-08-20 17:25 --------- d-----w C:\Program Files\Crawler
2008-08-20 13:08 --------- d-----w C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2008-08-20 11:38 --------- d-----w C:\Documents and Settings\GILOU\Application Data\OpenOffice.org2
2008-08-19 11:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-13 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 18:07 --------- d-----w C:\DOCUME~1\damade\Application Data\Vista Start Menu
2008-08-10 18:07 --------- d-----w C:\DOCUME~1\damade\Application Data\Vista Start Menu
2008-08-02 09:55 --------- d---a-w C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2008-07-20 11:43 --------- d-----w C:\Program Files\Java
2008-07-14 15:07 --------- d-----w C:\Program Files\Free Music Zilla
2008-07-14 15:05 --------- d-----w C:\DOCUME~1\damade\Application Data\FMZilla
2008-07-14 15:05 --------- d-----w C:\DOCUME~1\damade\Application Data\FMZilla
2008-07-13 18:08 --------- d-----w C:\DOCUME~1\damade\Application Data\LimeWire
2008-07-13 18:08 --------- d-----w C:\DOCUME~1\damade\Application Data\LimeWire
2008-07-06 14:46 --------- d-----w C:\Program Files\adslTV
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-31 23:05 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-31 23:05 290,816 ------w C:\WINDOWS\Setup1.exe
2008-05-19 16:24 78,816 ----a-w C:\DOCUME~1\damade\Application Data\GDIPFONTCACHEV1.DAT
2008-05-19 16:24 78,816 ----a-w C:\DOCUME~1\damade\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
[code]<pre>
----a-w 255,488 1998-05-14 19:03:26 C:\Program Files\Astra\Bzzz\Bzzz! 2 .exe
</pre>/code

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 89088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 15:13 68856]
"Aimclock"="C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe" [N/A]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-08-23 13:37 1602560]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [N/A]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]
"Sonic RecordNow!"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-09-09 16:22 70800]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 16:20 81920]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]
"DOWNLOAD MANAGER"="C:\APPS\OD2\OD2DLEngine.exe" [2004-06-07 17:03 606208]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-10 14:31 151597]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" [N/A]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2001-10-08 13:59 45632]
"FastUser"="C:\WINDOWS\System32\fast.exe" [2001-10-08 13:59 49216]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 19:06 1838592]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [N/A]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-23 22:13 104128]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 15:12 341488]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"EoNet"="" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MPEG"= JPEGCODE.DLL
"vidc.dvsd"= pdvcodec.dll
"vidc.ir32"= C:\WINDOWS\System32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\damade\\Bureau\\jeux\\Pro Evolution Soccer 2008\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"\\\\LOIC\\PRO EVOLUTION SOCCER 2008\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Games\\Paintball2\\paintball2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7216:TCP"= 7216:TCP:BitComet 7216 TCP
"7216:UDP"= 7216:UDP:BitComet 7216 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 10:17]
R3 DDPlayCam;DDPlay Virtual Camera;C:\WINDOWS\system32\DRIVERS\DDPlayCam.sys [2005-10-27 08:01]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 03:23]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-06-25 16:06]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 11:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49b4b320-3957-11dd-bc7e-00038a000015}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-15 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{5a1f70ef-9aa4-487f-d13c-d500b02de68c} - C:\WINDOWS\system32\nss24D.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 21:19:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\APPS\OD2\OD2State.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 21:42:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 19:42:08

Pre-Run: 27,294,871,552 octets libres
Post-Run: 28,894,482,432 octets libres

254 --- E O F --- 2008-08-16 19:59:01


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:39, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aimclock] C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 13 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si tu as norton et antivir vire un des deux antivirus

__________________

vire AD AWARE qui est dépassé et garde malwarebyte a la place (si tu tiens vraiment a garder ad aware alors mets la version 2008)

_
__________________

relance hijackhtis fais DO A SYSTEM SCAN ONLY et selectionnne ces lignes et fais FIX CHEKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aimclock] C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE

__________________

fais le menage dans tes barres de recherche et n'en garde que deux ou trois maxi: NETXFER, google,yahoo, crawler...

________________

mets a jour adobe reader avec la version 9

________________

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe
C:\Program Files\EoRezo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aimclock"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis actuels

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 14 / 20
yoap Messages postés 16 Statut Membre
 
Rapport Combofix:

,ComboFix 08-08-19.02 - damade 2008-08-21 12:24:42.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.294 [GMT 2:00]
Endroit: C:\Documents and Settings\damade\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\damade\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\DOCUME~1\damade\APPLIC~1\TRUSTL~1\wave flaw memo.exe
C:\Program Files\EoRezo
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\damade\Application Data\urlredir.cfg

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 11:19 . 2008-08-20 13:13 <REP> d-------- C:\Lop SD
2008-08-20 10:48 . 2008-08-20 12:57 <REP> d-------- C:\Program Files\Navilog1
2008-08-20 09:02 . 2008-08-20 09:02 <REP> d-------- C:\Program Files\Trend Micro
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\DOCUME~1\damade\Application Data\Malwarebytes
2008-08-19 22:39 . 2008-08-19 22:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
2008-08-19 22:39 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 22:39 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 21:46 . 2008-08-19 21:46 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-14 11:56 . 2008-08-14 11:56 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-13 23:51 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 00:13 . 2008-08-12 00:28 <REP> d-------- C:\Program Files\MSNFix
2008-08-11 21:55 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-11 21:55 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-11 21:55 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-11 21:53 . 2008-08-11 21:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-11 21:48 . 2008-08-11 21:48 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-11 21:48 . 2008-08-11 21:51 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-11 21:48 . 2008-08-14 11:20 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-02 21:20 . 2008-08-02 21:20 <REP> d-------- C:\Documents and Settings\GILOU\Application Data\Grisoft
2008-08-02 12:35 . 2008-08-02 12:35 <REP> d-------- C:\DOCUME~1\damade\Application Data\Grisoft
2008-08-02 12:35 . 2008-08-02 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2008-08-02 12:35 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-02 12:04 . 2008-08-20 09:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 12:04 . 2008-08-20 08:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2008-07-25 01:32 . 2008-08-20 16:02 <REP> d-------- C:\DOCUME~1\damade\Application Data\skypePM
2008-07-25 01:32 . 2008-07-25 01:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-25 01:29 . 2008-08-20 21:28 <REP> d-------- C:\DOCUME~1\damade\Application Data\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\Program Files\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2008-07-24 15:53 . 2008-07-24 15:53 230,424 --a------ C:\img1-002.raw
2008-07-22 23:02 . 2008-07-22 23:02 <REP> d-------- C:\Program Files\Avira
2008-07-22 23:02 . 2008-07-22 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 10:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-21 10:09 --------- d-----w C:\Program Files\Yahoo!
2008-08-21 10:07 --------- d-----w C:\Program Files\Google
2008-08-20 20:38 --------- d-----w C:\DOCUME~1\damade\Application Data\OpenOffice.org2
2008-08-20 13:08 --------- d-----w C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2008-08-20 11:38 --------- d-----w C:\Documents and Settings\GILOU\Application Data\OpenOffice.org2
2008-08-19 11:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-13 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-10 18:07 --------- d-----w C:\DOCUME~1\damade\Application Data\Vista Start Menu
2008-08-02 09:55 --------- d---a-w C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2008-07-22 23:29 --------- d-----w C:\DOCUME~1\damade\Application Data\Azureus
2008-07-20 11:43 --------- d-----w C:\Program Files\Java
2008-07-14 15:07 --------- d-----w C:\Program Files\Free Music Zilla
2008-07-14 15:05 --------- d-----w C:\DOCUME~1\damade\Application Data\FMZilla
2008-07-13 18:08 --------- d-----w C:\DOCUME~1\damade\Application Data\LimeWire
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 14:46 --------- d-----w C:\Program Files\adslTV
2008-06-27 20:33 --------- d-----w C:\Program Files\TubeMaster
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 23:05 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-31 23:05 290,816 ------w C:\WINDOWS\Setup1.exe
2008-05-19 16:24 78,816 ----a-w C:\DOCUME~1\damade\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
[code]<pre>
----a-w 255,488 1998-05-14 19:03:26 C:\Program Files\Astra\Bzzz\Bzzz! 2 .exe
</pre>/code

((((((((((((((((((((((((((((( snapshot@2008-08-20_21.41.19.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 02:15 89088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 15:13 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-08-23 13:37 1602560]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [N/A]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]
"Sonic RecordNow!"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-09-09 16:22 70800]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 16:20 81920]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]
"DOWNLOAD MANAGER"="C:\APPS\OD2\OD2DLEngine.exe" [2004-06-07 17:03 606208]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-10 14:31 151597]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" [N/A]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2001-10-08 13:59 45632]
"FastUser"="C:\WINDOWS\System32\fast.exe" [2001-10-08 13:59 49216]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 18:27 181488]
"PinnacleDriverCheck"="C:\WINDOWS\System32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 19:06 1838592]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-23 22:13 104128]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 15:12 341488]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"EoNet"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\DOCUME~1\damade\Menu D‚marrer\Programmes\D‚marrage\
DesktopEarth AutoStart.lnk - C:\DOCUME~1\damade\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-04-10 21:41:57 29926]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

C:\Documents and Settings\GILOU\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-23 21:41:54 113664]
Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - C:\Program Files\Larousse\Encyclop‚die Universelle Larousse\bin\hyperappel.exe [2004-09-04 21:26:01 53248]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-04 15:13:38 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MPEG"= JPEGCODE.DLL
"vidc.dvsd"= pdvcodec.dll
"vidc.ir32"= C:\WINDOWS\System32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\damade\\Bureau\\jeux\\Pro Evolution Soccer 2008\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Games\\Paintball2\\paintball2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7216:TCP"= 7216:TCP:BitComet 7216 TCP
"7216:UDP"= 7216:UDP:BitComet 7216 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 10:17]
R3 DDPlayCam;DDPlay Virtual Camera;C:\WINDOWS\system32\DRIVERS\DDPlayCam.sys [2005-10-27 08:01]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 03:23]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-06-25 16:06]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-01-04 03:02]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-10-08 11:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49b4b320-3957-11dd-bc7e-00038a000015}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-15 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe []

2008-08-21 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 12:31:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-08-21 12:45:19
ComboFix-quarantined-files.txt 2008-08-21 10:44:52
ComboFix2.txt 2008-08-20 19:42:29

Pre-Run: 28,518,514,688 octets libres
Post-Run: 28,504,989,696 octets libres

228 --- E O F --- 2008-08-16 19:59:01

Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:00, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\Fast.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 15 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

mets a jour internet explorer avec la version 7

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_____________

pour virer norton:

https://www.pcparadise.fr

_____________

pour protéger gratos ton ordi

securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions:

MALWAREBYTE'S ANTIMALWARE + SPYBOT avec le tea timer comme cela tu auras une protection en temps réel gratos ou si tu n'aime pas spybot tu peux mettre Windows defender mais moins efficace
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
celui de Windows ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 16 / 20
yoap Messages postés 16 Statut Membre
 
Bonjour, j'ai bien suivi vos posts à la lettre et mis en pratique les scans, installation ou mise à jour.
J'ai effectué cette nuit une analyse avec Antivir pour voir ou cela en été de ce trojan est malheureusement il s'y trouve encore, sauf que là on en apprend plus, il n'est plus simplement dans un vague system 32.

Je vous poste son emplacement :

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP753\A0211011.dll
[DETECTION] Is the TR/BHO.czo Trojan
[NOTE] The file was moved to '48e063b4.qua'!

Dit moi stp si tu voie encore des possibilités de s'en débarrasser avec cette nouvelle information sinon ce n'est pas grave, merci pour tout.
0
Réponse 17 / 20
yoap Messages postés 16 Statut Membre
 
J'ai l'impression que ce trojan se déplace, dans mon premier post il était dans system 32 est maintenant dans système volume information.
0
Réponse 18 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok cela va etre rapide:

désactive ta restauration system puis redemarre ton ordi
puis réactive ta restauration et voilà!!!!

http://www.libellules.ch/desactiver_restauration.php
0
Réponse 19 / 20
yoap Messages postés 16 Statut Membre
 
Merci beaucoup pour ta patience et le sérieux avec lequel tu as réglé mon problème, j'ai une dernière question au cas ou tu connaitrais la réponse, sais tu quel configuration il faut faire dans Sunbelt pour qu'il me connecter à Msn ?
0
Réponse 20 / 20
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as le manuel ici

https://www.malekal.com/tutorial-et-guide-counterspy/
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses