Antivir XP 2008 : Help !

nardon -  
verni29 Messages postés 6805 Statut Contributeur sécurité -
Bonjour,

J'ai Avira Antivir en Antivirus et AVG anti spyware. Seulement,hier, Antivir XP 2008 s'est installé tout seul ! Et impossible de le supprimer par Ajouter/supprimer des programmes.

J'ai fait ctrl+alt+suppr et l'ai supprimé du processus, mais il est toujours là ...

Que faire ?

PS: Ceci a entrainé quelques bug du fait de deux antivirus je pense. Merci.
Configuration: Windows XP
Firefox 3.0.1

29 réponses

  • 1
  • 2
  1. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Antivir XP 2008 n'est pas un antivirus, c'est un rogue, un VIRUS.

    Télécharge et installe HijackThis .
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Choisir « Download Hijackthis Installer »
    Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer ( si sous Vista --> Click droit et executer en tant qu’administrateur )

    Choisir l'option Do a system scan and save a logfile.
    Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

    A+
    0
  2. nardon
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:24, on 28/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Controle Parental\bin\optproxy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\pphcvowj0ec4t.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\PROGRA~1\SONNER~1\toolbar_.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PhilipsRemote] C:\PROGRA~1\MUSICM~1\MUSICM~1\PHILIP~1.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lphcvowj0ec4t] C:\WINDOWS\system32\lphcvowj0ec4t.exe
    O4 - HKLM\..\Run: [SMrhcrowj0ec4t] C:\Program Files\rhcrowj0ec4t\rhcrowj0ec4t.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
    0
  3. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    1) Lance Hijackthis et tu choisis " Do a system scan only ".
    Tu sélectionnes les lignes suivantes :

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search

    O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

    Tu choisis l'option " Fixchecked" en bas de la page.

    2) tu télécharge smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu double clique sur smitfraudfix.cmd et tu choisi l' option 1 .
    Un rapport sera crée.
    Copie/colle le rapport dans ton prochain message.

    A+
    0
  4. nardon
     
    SmitFraudFix v2.341

    Rapport fait à 11:26:46,95, 28/08/2008
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Controle Parental\bin\optproxy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\pphcvowj0ec4t.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\drivers\svchost.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008 PRESENT !
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008.lnk PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GUILLA~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    [!] Rogue.Win32.AntivirusXP2008.c
    O4 - HKLM\..\Run: [SMrhcrowj0ec4t] C:\Program Files\rhcrowj0ec4t\rhcrowj0ec4t.exe

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    1) Redémarre en mode sans échec ( tapote la touche F8 à l’allumage du pc )
    Une fenêtre va s’ouvrir. Choisis démarrer en mode sans échec puis tape entrée.
    Choisis ton compte.

    Relance le programme Smitfraud,
    Cette fois choisis l’option 2, répond oui a tous ;

    Sauvegarde le rapport, Redémarre en mode normal,
    copie/colle le rapport sauvegardé sur le forum.

    2) Poste moi également un rapport d'Hijackthis.

    A+
    0
  7. nardon
     
    SmitFraudFix v2.341

    Rapport fait à 11:43:51,90, 28/08/2008
    Executé à partir de C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\drivers\svchost.exe supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008 supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Antivirus XP 2008.lnk supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    [!] Rogue.Win32.AntivirusXP2008.c
    O4 - HKLM\..\Run: [SMrhcrowj0ec4t] C:\Program Files\rhcrowj0ec4t\rhcrowj0ec4t.exe
    Deleting C:\Program Files\rhcrowj0ec4t\rhcrowj0ec4t.exe
    rhcrowj0ec4t.exe Deleted
    Deleting C:\Program Files\rhcrowj0ec4t\
    C:\Program Files\rhcrowj0ec4t\ removed

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D50555B4-BB8E-4CA1-B247-78CAB3E8017E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{EF62B4DE-2778-46CD-BCAB-064F699CDD46}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    111111111111111111111111111111111111111111111111111111111111

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:33, on 28/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\PROGRA~1\SONNER~1\toolbar_.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PhilipsRemote] C:\PROGRA~1\MUSICM~1\MUSICM~1\PHILIP~1.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lphcvowj0ec4t] C:\WINDOWS\system32\lphcvowj0ec4t.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
    0
  8. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec.
    Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau.

    Tu télécharges MalwareBytes.
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l'installes. Choisis les options par défaut.
    A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
    Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

    Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
    Tu choisis ton compte utilisateur.

    Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

    Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
    Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
    Clique sur lancer l’examen.

    A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
    Choisis alors Supprimer la selection pour nettoyer les infections.
    Tu postes le rapport dans ton prochain message.
    Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
    Clique dessus et choisir ouvrir.

    Le scan dure environ 50 mn.

    A+
    0
  9. nardon
     
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1090
    Windows 5.1.2600 Service Pack 2

    16:05:03 28/08/2008
    mbam-log-08-28-2008 (16-05-03).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 171769
    Temps écoulé: 1 hour(s), 54 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Guillaume\Application Data\rhcrowj0ec4t\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{2B03F88A-F0BE-4648-AD9E-1A3C77D03E35}\RP263\A0080675.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2B03F88A-F0BE-4648-AD9E-1A3C77D03E35}\RP264\A0080958.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
  10. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Tu vas télécharger ComBoFix.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    déconnecte-toi d'internet et désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )

    Lance Combofix.exe et suis les invites.
    Une fois le scan fini, un rapport va apparaitre.
    Copie/colle ce rapport dans ta prochaine réponse.
    Si tu ne le trouves pas, il est à C:\ComboFix.txt.

    N'oublie de réactiver tes protections.

    A+
    0
  11. nardon
     
    ComboFix 08-08-27.06 - Guillaume 2008-08-28 16:21:41.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.363 [GMT 2:00]
    Endroit: C:\Documents and Settings\Guillaume\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-28 12:22 . 2008-08-28 12:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-28 12:22 . 2008-08-28 12:22 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Malwarebytes
    2008-08-28 12:22 . 2008-08-28 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-28 12:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-28 12:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-27 20:58 . 2008-08-27 23:01 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-27 16:36 . 2002-08-30 14:00 634,880 --a------ C:\WINDOWS\system32\getuname.dll
    2008-08-27 10:34 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-27 10:34 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
    2008-08-26 14:27 . 2008-08-26 14:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-26 14:26 . 2008-08-26 14:26 <REP> d-------- C:\Program Files\iTunes
    2008-08-26 14:26 . 2008-08-26 14:26 <REP> d-------- C:\Program Files\iPod
    2008-07-29 14:34 . 2008-07-29 14:34 <REP> d-------- C:\Program Files\Safari

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-28 14:07 --------- d-----w C:\Program Files\Wanadoo
    2008-08-28 09:44 2,722 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-27 13:17 87,040 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-27 11:50 --------- d-----w C:\Program Files\DivX
    2008-08-26 18:19 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-08-26 12:31 --------- d-----w C:\Program Files\eMule
    2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-08-14 19:52 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-07-31 08:59 --------- d-----w C:\Program Files\Java
    2008-07-29 12:42 --------- d-----w C:\Program Files\QuickTime
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:37 --------- d-----w C:\Program Files\Avanquest update
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-02 08:38 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2004-01-31 21:48 7,982,694 ----a-w C:\Program Files\The Fly - Final Release v1.1.zip
    2004-01-31 20:49 5,679,927 ----a-w C:\Program Files\aac.zip
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 17:56 1957888]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-25 18:48 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
    "PhilipsRemote"="C:\PROGRA~1\MUSICM~1\MUSICM~1\PHILIP~1.EXE" [2006-01-17 14:12 745472]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 10:55 266497]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 10:42 23040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\Guillaume\Menu D‚marrer\Programmes\D‚marrage\
    reminder-Enregistrement du produit ScanSoft.lnk - C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE [2004-06-10 17:29:50 67584]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2003-10-07 19:08:06 98304]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.IV41"= ir41_32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
    "C:\\Program Files\\Controle Parental\\bin\\optproxy.exe"=
    "C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
    "C:\\Program Files\\Maple 10\\jre\\bin\\java.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-03-02 17:10]
    S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
    S3 iatmunin;iatmunin;C:\DOCUME~1\Nathalie\LOCALS~1\Temp\iatmunin.sys []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys []
    S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11]
    S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 16:11]
    S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 16:11]
    S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 16:11]
    S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 16:11]
    S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-08-23 00:07]

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Guillaume\Application Data\Mozilla\Firefox\Profiles\1yr3iynr.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-28 16:26:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-28 16:30:16
    ComboFix-quarantined-files.txt 2008-08-28 14:29:13

    Pre-Run: 15,062,290,432 octets libres
    Post-Run: 15,600,078,848 octets libres

    154 --- E O F --- 2008-08-27 21:01:28
    0
  12. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    1) poste moi un rapport hijackthis.

    2) Tu as installé le sponsor de MSN. Ce logiciel t'onstalle une infection par pubs CID.
    Télécharge LopS&D.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Installe le logiciel.
    Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel
    Tu choisis la langue et l'option 1 pour effectuer la recherche.

    A la fin de la recherche, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt.
    Tu posteras ce rapport dans le prochain message.

    A+
    0
  13. wistitititi Messages postés 12 Statut Membre
     
    Bonjour,

    J'ai Avast winsos. Seulement, aujourd'hui, Antivir XP 2008 s'est installé tout seul ! Et impossible de le supprimer par Ajouter/supprimer des programmes.

    J'ai fait ctrl+alt+suppr et l'ai supprimé du processus, mais il est toujours là ...

    PS: Ceci a entrainé quelques bug du fait de deux antivirus je pense

    Voici le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:51:54, on 28/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\cssrss.exe
    C:\WINDOWS\system32\lphct0mj0ep7j.exe
    C:\Program Files\rhcp0mj0ep7j\rhcp0mj0ep7j.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\UltimateZip\uzqkst.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Winsos\Winsos.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rls=GFRC,GFRC:2007-02,GFRC:fr&gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cleanup] c:\program files\mcafee.com\shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
    O4 - Global Startup: Assistance.lnk = C:\Program Files\Agfa\ScanWise 1_50\Support.wri
    O4 - Global Startup: Enregistrer ScanWise.lnk = C:\Program Files\Agfa\ScanWise 1_50\REGISTER\scanwise.htm
    O4 - Global Startup: Guide ScanWise.lnk = C:\Program Files\Agfa\ScanWise 1_50\ScanWise.pdf
    O4 - Global Startup: Guide Utilisateur - SnapScan e20.lnk = C:\Program Files\Agfa\ScanWise 1_50\SnapScan e20.pdf
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LisezMoi.lnk = C:\Program Files\Agfa\ScanWise 1_50\LISEZMOI.WRI
    O4 - Global Startup: ScanWise.lnk = C:\Program Files\Agfa\ScanWise 1_50\scanwise.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096474081000
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/candy/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    0
  14. nardon
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:55:31, on 28/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Controle Parental\bin\optproxy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\reg.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\PROGRA~1\SONNER~1\toolbar_.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [PhilipsRemote] C:\PROGRA~1\MUSICM~1\MUSICM~1\PHILIP~1.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
    0
  15. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Bonjour, wistitititi

    On ne pose pas saquestion dans une discussion en cours.
    crée ton propre sujet ( en haut de la fenêtre : posez votre question )
    Quelqu'un du forum se chargera de toi avec plaisir.

    Merci.
    0
  16. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Relance le logiciel LopS&D.
    Choisis l'option 3 pour supprimer l'infection .
    A la fin du nettoyage, un rapport LopR.txt apparait. Il se trouve en C:\LopR.txt. Tu posteras ce rapport dans le prochain message.

    Désinstalle LopS&D par la panneau de configuration et Ajout/Suppression de programmes.
    Puis redémarre l'ordinateur.

    Comment se comporte le PC ?
    As-tu encore des traces de antivirus XP 2008 ?
    0
  17. nardon
     
    --------------------\\ Lop S&D 4.2.3-6 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.53GHz )
    BIOS : Default System BIOS
    USER : Guillaume ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)

    "C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
    Option : [3] ( 28/08/2008|17:08 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.ics

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\Viewpoint

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [26/09/2007|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [16/09/2003|12:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [28/08/2008|12:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
    [16/09/2003|12:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [24/02/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [28/05/2007|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [26/12/2006|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
    [31/10/2005|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [10/04/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [10/04/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [24/02/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [23/08/2005|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [01/02/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [26/09/2007|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [05/09/2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/02/2008|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [28/04/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [28/08/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [01/11/2005|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [11/02/2006|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [24/04/2005|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    [07/10/2003|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [16/01/2005|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
    [27/01/2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [05/01/2005|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [16/09/2003|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [22/06/2008|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [01/02/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [25/01/2008|23:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [11/03/2006|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
    [19/08/2005|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [07/03/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [26/09/2007|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [16/09/2003|12:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [14/01/2008|21:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [22/06/2008|19:03] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe
    [31/10/2006|23:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeDLM.log
    [08/06/2007|18:41] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM
    [16/02/2006|22:37] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ahead
    [05/01/2005|13:53] C:\DOCUME~1\GUILLA~1\APPLIC~1\Apple Computer
    [28/04/2005|15:39] C:\DOCUME~1\GUILLA~1\APPLIC~1\Copernic
    [16/09/2003|13:11] C:\DOCUME~1\GUILLA~1\APPLIC~1\desktop.ini
    [24/03/2007|13:50] C:\DOCUME~1\GUILLA~1\APPLIC~1\DivX
    [31/10/2006|23:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\dm.ini
    [01/09/2006|22:04] C:\DOCUME~1\GUILLA~1\APPLIC~1\Eltima Software
    [05/11/2003|11:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\FileMaker
    [07/09/2006|17:34] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google
    [16/02/2008|18:10] C:\DOCUME~1\GUILLA~1\APPLIC~1\Grisoft
    [07/03/2005|22:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Help
    [28/01/2004|19:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities
    [30/12/2004|12:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterTrust
    [13/10/2003|09:11] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterVideo
    [19/02/2004|21:48] C:\DOCUME~1\GUILLA~1\APPLIC~1\Leadertech
    [17/01/2006|18:52] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia
    [28/08/2008|12:22] C:\DOCUME~1\GUILLA~1\APPLIC~1\Malwarebytes
    [11/03/2006|00:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft
    [28/08/2008|09:45] C:\DOCUME~1\GUILLA~1\APPLIC~1\Mozilla
    [17/02/2006|16:26] C:\DOCUME~1\GUILLA~1\APPLIC~1\MSN6
    [21/10/2005|17:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Musicmatch
    [22/06/2008|19:00] C:\DOCUME~1\GUILLA~1\APPLIC~1\Panasonic
    [01/06/2004|18:10] C:\DOCUME~1\GUILLA~1\APPLIC~1\Phoenix
    [27/01/2006|20:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\PlayFirst
    [02/01/2005|13:26] C:\DOCUME~1\GUILLA~1\APPLIC~1\Real
    [16/06/2007|21:07] C:\DOCUME~1\GUILLA~1\APPLIC~1\SecondLife
    [16/02/2008|18:08] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sony Ericsson
    [24/04/2005|18:12] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun
    [15/10/2003|17:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\Template

    [02/04/2004|18:23] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

    [16/09/2003|13:11] C:\DOCUME~1\INVIT~1.NGU\APPLIC~1\desktop.ini
    [16/09/2003|12:20] C:\DOCUME~1\INVIT~1.NGU\APPLIC~1\Identities
    [16/09/2003|12:34] C:\DOCUME~1\INVIT~1.NGU\APPLIC~1\Microsoft

    [06/09/2006|13:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [25/07/2005|19:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [22/03/2007|18:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [16/09/2003|12:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [16/09/2003|12:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [26/08/2008 14:27][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [28/08/2008 16:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [06/10/2003|21:57] C:\Program Files\%ALLUSERSPROFILE%
    [14/01/2005|22:12] C:\Program Files\_ArcadeDownloadFolder
    [02/12/2003|20:01] C:\Program Files\a
    [06/04/2004|23:05] C:\Program Files\aac
    [31/01/2004|22:49] C:\Program Files\aac.zip
    [23/08/2005|17:42] C:\Program Files\Activision
    [24/03/2008|21:13] C:\Program Files\Adobe
    [29/06/2006|17:26] C:\Program Files\Ahead
    [16/01/2008|20:21] C:\Program Files\Alwil Software
    [26/08/2008|14:27] C:\Program Files\Apple Software Update
    [19/01/2007|19:42] C:\Program Files\Attax 2000
    [07/07/2008|22:37] C:\Program Files\Avanquest update
    [24/02/2008|12:29] C:\Program Files\Avira
    [02/02/2008|22:50] C:\Program Files\BitDefender
    [10/04/2008|12:55] C:\Program Files\Bonjour
    [13/01/2007|15:10] C:\Program Files\Boonty
    [13/01/2007|15:10] C:\Program Files\BoontyGames
    [02/12/2003|20:01] C:\Program Files\c
    [18/01/2004|21:10] C:\Program Files\Canon
    [02/02/2008|16:56] C:\Program Files\CCleaner
    [14/11/2007|18:13] C:\Program Files\click-pool
    [27/09/2007|09:31] C:\Program Files\C-Media 3D Audio
    [29/06/2006|17:26] C:\Program Files\Common Files
    [26/09/2007|17:12] C:\Program Files\ComPlus Applications
    [16/09/2003|12:25] C:\Program Files\CONEXANT
    [29/06/2006|17:45] C:\Program Files\Controle Parental
    [28/04/2005|15:39] C:\Program Files\Copernic Agent
    [21/05/2007|19:39] C:\Program Files\Creative
    [24/02/2007|19:16] C:\Program Files\directx
    [27/08/2008|13:50] C:\Program Files\DivX
    [01/12/2003|18:06] C:\Program Files\EHMINSTALL
    [03/02/2008|15:46] C:\Program Files\ElastoMania111
    [01/09/2006|22:04] C:\Program Files\Eltima Software
    [26/08/2008|14:31] C:\Program Files\eMule
    [03/12/2003|11:36] C:\Program Files\engine
    [19/01/2007|19:54] C:\Program Files\Falls Classic
    [28/08/2008|16:24] C:\Program Files\Fichiers communs
    [27/10/2003|15:10] C:\Program Files\Foreignword
    [29/08/2006|16:17] C:\Program Files\FOSTER
    [05/02/2008|21:53] C:\Program Files\Free Audio Pack
    [02/12/2003|20:03] C:\Program Files\g
    [04/02/2008|19:06] C:\Program Files\GameSpy Arcade
    [26/06/2007|13:48] C:\Program Files\Google
    [22/02/2008|23:21] C:\Program Files\Grisoft
    [16/12/2003|23:48] C:\Program Files\Hasbro Interactive
    [21/10/2005|18:10] C:\Program Files\HighMAT CD Writing Wizard
    [08/10/2003|12:25] C:\Program Files\Ihsv
    [01/06/2006|07:24] C:\Program Files\IncrediMail
    [25/06/2008|15:17] C:\Program Files\InstallShield Installation Information
    [27/09/2007|09:13] C:\Program Files\Intel
    [07/10/2003|18:57] C:\Program Files\InterActual
    [17/08/2008|20:54] C:\Program Files\Internet Explorer
    [07/10/2003|19:08] C:\Program Files\InterVideo
    [26/08/2008|14:26] C:\Program Files\iPod
    [01/09/2006|20:15] C:\Program Files\IrfanView
    [26/08/2008|14:26] C:\Program Files\iTunes
    [31/07/2008|10:59] C:\Program Files\Java
    [08/10/2003|10:34] C:\Program Files\JeffProd
    [02/09/2006|12:12] C:\Program Files\johlee
    [27/09/2007|10:03] C:\Program Files\Kazaa
    [14/09/2005|14:46] C:\Program Files\Kikoo
    [08/11/2006|22:05] C:\Program Files\Konvertor
    [27/12/2006|13:19] C:\Program Files\LeTarot
    [30/03/2008|18:54] C:\Program Files\Liquid Crystals Puzzle
    [15/05/2007|16:59] C:\Program Files\LucasArts
    [13/03/2005|12:06] C:\Program Files\lycos
    [02/12/2003|20:02] C:\Program Files\m
    [28/08/2008|12:22] C:\Program Files\Malwarebytes' Anti-Malware
    [20/10/2006|16:53] C:\Program Files\Maple 10
    [30/12/2005|21:42] C:\Program Files\Maxis
    [10/06/2004|17:37] C:\Program Files\Medion
    [17/08/2008|20:57] C:\Program Files\Messenger
    [05/01/2005|21:55] C:\Program Files\Messenger Plus! 2
    [02/07/2008|10:38] C:\Program Files\Messenger Plus! Live
    [25/02/2008|18:49] C:\Program Files\MessengerPlus! 3
    [29/03/2004|15:47] C:\Program Files\Micro Application
    [12/10/2003|21:53] C:\Program Files\Microids
    [23/05/2007|19:33] C:\Program Files\Microprose
    [16/09/2003|12:17] C:\Program Files\microsoft frontpage
    [11/04/2008|14:36] C:\Program Files\Microsoft Games
    [10/01/2004|15:46] C:\Program Files\Microsoft Hardware
    [27/10/2003|15:50] C:\Program Files\Microsoft Money
    [24/11/2005|18:14] C:\Program Files\Microsoft Office
    [27/11/2003|19:31] C:\Program Files\Microsoft R‚f‚rence
    [13/01/2008|21:02] C:\Program Files\Microsoft SQL Server Compact Edition
    [16/10/2003|20:29] C:\Program Files\Microsoft Works
    [02/11/2004|21:18] C:\Program Files\Movie Maker
    [28/08/2008|16:36] C:\Program Files\Mozilla Firefox
    [27/08/2008|20:52] C:\Program Files\msn gaming zone
    [18/11/2006|21:01] C:\Program Files\MSXML 4.0
    [30/12/2004|11:57] C:\Program Files\MUSICMATCH
    [30/12/2004|12:12] C:\Program Files\Netcom
    [22/09/2006|18:18] C:\Program Files\NetMeeting
    [27/10/2003|16:21] C:\Program Files\NetSolitaire
    [07/10/2003|20:28] C:\Program Files\Nullsoft
    [16/01/2005|21:53] C:\Program Files\OLYMPUS
    [01/06/2008|18:28] C:\Program Files\OpenOffice.org 2.4
    [30/03/2004|21:51] C:\Program Files\OpiStat
    [22/07/2006|21:23] C:\Program Files\orange
    [27/09/2007|11:03] C:\Program Files\Outlook Express
    [25/06/2008|15:17] C:\Program Files\Panasonic
    [30/12/2004|11:43] C:\Program Files\Paradox Entertainment
    [02/08/2007|14:58] C:\Program Files\PCFriendly
    [02/09/2006|13:11] C:\Program Files\Ping
    [29/07/2008|14:42] C:\Program Files\QuickTime
    [12/01/2005|18:52] C:\Program Files\Radio@Netscape
    [14/01/2005|22:15] C:\Program Files\Real
    [25/02/2008|18:56] C:\Program Files\RegCleaner
    [29/07/2008|14:34] C:\Program Files\Safari
    [01/12/2007|14:08] C:\Program Files\SAGEM
    [29/06/2006|18:13] C:\Program Files\Securitoo
    [16/09/2003|12:15] C:\Program Files\Services en ligne
    [22/01/2007|10:59] C:\Program Files\Sierra On-Line
    [22/06/2008|22:01] C:\Program Files\Skype
    [20/01/2007|09:35] C:\Program Files\Solsoft
    [03/02/2008|15:44] C:\Program Files\Sonnerie Toolbar
    [01/02/2008|22:15] C:\Program Files\Sony
    [01/02/2008|21:52] C:\Program Files\Sony Ericsson
    [01/02/2008|22:03] C:\Program Files\Sony Setup
    [13/05/2006|19:01] C:\Program Files\SourceTec
    [24/04/2005|18:13] C:\Program Files\Talkway
    [31/01/2004|22:27] C:\Program Files\telinternet
    [16/02/2008|18:12] C:\Program Files\TextBridge Pro 8.0
    [31/01/2004|23:48] C:\Program Files\The Fly - Final Release v1.1.zip
    [27/09/2007|10:08] C:\Program Files\ToniArts
    [03/02/2008|15:44] C:\Program Files\TrackManiaDemoInternet
    [08/03/2008|19:23] C:\Program Files\Trend Micro
    [20/01/2007|12:48] C:\Program Files\Twilight
    [02/04/2004|18:23] C:\Program Files\Uninstall Information
    [02/12/2004|22:20] C:\Program Files\USB Driver-Express
    [15/04/2008|15:47] C:\Program Files\VDCodecPack0.8
    [31/01/2004|15:02] C:\Program Files\VideoLAN
    [02/12/2003|20:32] C:\Program Files\Virgin Interactive Entertainment
    [28/08/2008|16:07] C:\Program Files\Wanadoo
    [02/12/2007|18:31] C:\Program Files\Wanadoo Messager
    [17/01/2008|21:05] C:\Program Files\WinAce
    [27/02/2008|21:00] C:\Program Files\Windows Live
    [14/05/2008|20:33] C:\Program Files\Windows Media Connect 2
    [14/05/2008|20:33] C:\Program Files\Windows Media Player
    [27/08/2008|16:37] C:\Program Files\Windows NT
    [12/08/2004|19:23] C:\Program Files\WindowsUpdate
    [27/04/2005|12:54] C:\Program Files\WinMX
    [29/08/2005|21:06] C:\Program Files\WinZip
    [16/09/2003|12:17] C:\Program Files\xerox
    [20/10/2006|17:05] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [24/03/2008|21:14] C:\Program Files\Fichiers communs\Adobe
    [31/10/2005|19:00] C:\Program Files\Fichiers communs\Ahead
    [07/10/2003|20:34] C:\Program Files\Fichiers communs\AOL
    [07/10/2003|20:29] C:\Program Files\Fichiers communs\aolback
    [10/04/2008|12:52] C:\Program Files\Fichiers communs\Apple
    [02/02/2008|22:50] C:\Program Files\Fichiers communs\BitDefender
    [23/08/2005|00:07] C:\Program Files\Fichiers communs\BOONTY Shared
    [28/04/2005|15:39] C:\Program Files\Fichiers communs\Copernic
    [29/03/2004|15:46] C:\Program Files\Fichiers communs\InstallShield
    [25/02/2008|18:28] C:\Program Files\Fichiers communs\Java
    [28/04/2005|18:31] C:\Program Files\Fichiers communs\Macrovision Shared
    [01/02/2008|22:14] C:\Program Files\Fichiers communs\Microsoft Shared
    [16/09/2003|12:15] C:\Program Files\Fichiers communs\MSSoap
    [31/10/2005|19:05] C:\Program Files\Fichiers communs\Nero
    [26/09/2007|17:01] C:\Program Files\Fichiers communs\ODBC
    [25/02/2008|18:42] C:\Program Files\Fichiers communs\Real
    [16/09/2003|12:15] C:\Program Files\Fichiers communs\Services
    [22/06/2008|22:01] C:\Program Files\Fichiers communs\Skype
    [25/01/2008|23:06] C:\Program Files\Fichiers communs\Sony Ericsson Shared
    [13/05/2006|19:01] C:\Program Files\Fichiers communs\SourceTec
    [16/09/2003|13:11] C:\Program Files\Fichiers communs\SpeechEngines
    [27/09/2007|11:03] C:\Program Files\Fichiers communs\System
    [24/04/2005|18:13] C:\Program Files\Fichiers communs\Talkway
    [25/01/2008|23:06] C:\Program Files\Fichiers communs\Teleca Shared
    [13/01/2008|20:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [10/06/2004|17:29] C:\Program Files\Fichiers communs\Xerox Shared

    --------------------\\ Process

    ( 41 Processus )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-28 17:09:54
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 13

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROOTKIT !!

    [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs !
    [HKLM\..\ControlSet001\Services\tdssserv] -- ROOTKIT Tibs !
    [HKLM\..\ControlSet001\Enum\Root\tdssserv] -- ROOTKIT Tibs !

    [F:2][D:1]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp
    [F:44][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies
    [F:2][D:0]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------\\ Fin du rapport a 17:11:28

    Le programme n'est pas dan sla liste de suppression =/ J'fais comment :) ?

    Plus de traces d'Antivir 2008 en effet.
    Y'a d'autres "merdes" à enlever à part ca ?
    0
  18. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Oui, il y a un rootkit à supprimer ( et un scan en ligne à faire après )

    Télécharge gmer
    http://www2.gmer.net/gmer.zip

    dézippe-le (clic droit et extraire sur le bureau )

    Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
    * Clique sur l'onglet "rootkit", puis clique sur scan.
    * A la fin du scan, clique sur le bouton save.
    cela devrait te sauvegarder un fichier .log
    Enregistre-le sur le bureau.
    * Edite ce rapport dans ta prochaine réponse.

    A+
    0
  19. nardon
     
    1/ La version de WinZip est expirée et il veu tpas m'ouvrir le programme.

    2/ ( A la fin de tout ça, est-ce que je pourrais supprimer tous les prog avec Tools Cleener ou un truc du genre ou je peux les garder ? )
    0
  20. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    pour les outils que tu utilises, on les supprimera avec toolscleaner ( à part malwarebytes que tu garderas ).
    ComBofix par exemple n'est pas à utiliser à la légère.

    pour remplacer Winzip, je te propose 7-zip, c'est gratuit et cela fait la même chose :
    http://www.commentcamarche.net/telecharger/telecharger 91 7zip

    A+
    0
  • 1
  • 2