gors probleme apparement crypt xpack.gen

Question

bonjour a tous et merci d avance de votre aide 

voila j ai eut un gros probleme en voulant telecharger msn skinner (seulement apres j ai vu que ce truc etait une grosse m....) 
depuis plein de pub intempestives, esuite j ai reussi a suprimer ces pubs mais ca n a pas suffit, j ai ete pirater et un joli debit de 2300 euros environ sur ma cb car numero pirater egalement 

je demande donc genereusement votre aide afin d eradiquer definitvement ce trc 
j ai du coup telecharger deux ou trois anti malware dont spyware terminator qui me mets en page d acceuil que j ai crypt xpack.gen pirate informatique lointain qui est dans mon ordi (mais pas moyen de le trouver ) et egalement piratage de numero de cb 
j ai egalement spybt searchand destroy, ccleaner, bitdefender total security2008, et malware antibittware 

j ai fais d avance un rapport hijackthis que je vous mets ci dessous 

j ai windows xp serv pack3, voila si vou avez besoin d autre infos y a qu a demander 


merci d avance j ai trop de truc dans l ordi et pas envie encor de reformater et tout perdre 

heu encor un truc bizar j ai dumal a ce que toute les lettres soient ecrite meme si je les tapent ... 

voic le rapport 

Logfile of HijackThis v1.99.1 
Scan saved at 00:40:47, on 27/09/2008 
Platform: Windows XP SP3 (WinNT 5.01.2600) 
MSIE: Internet Explorer v7.00 (7.00.6000.16705) 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\system32\acs.exe 
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
C:\Program Files\Bonjour\mDNSResponder.exe 
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 
C:\Program Files\MioNet\MioNetManager.exe 
C:\WINDOWS\system32	cpsvcs.exe 
C:\Program Files\Spyware Terminator\sp_rsser.exe 
C:\Program Files\MioNet\jvm\bin\MioNet.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe 
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe 
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe 
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
C:\WINDOWS\RTHDCPL.EXE 
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
C:\Program Files\ltmoh\Ltmoh.exe 
C:\WINDOWS\AGRSMMSG.exe 
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe 
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe 
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe 
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe 
C:\WINDOWS\System32\DLA\DLACTRLW.EXE 
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe 
C:\WINDOWS\VM_STI.exe 
C:\Program Files\iTunes\iTunesHelper.exe 
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe 
C:\Program Files\Shareaza\Shareaza.exe 
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe 
C:\Program Files\Microsoft ActiveSync\wcescomm.exe 
C:\Program Files\Picasa2\PicasaMediaDetector.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
C:\PROGRA~1\MICROS~4apimgr.exe 
C:\WINDOWS\system32\TPSBattM.exe 
C:\Program Files\iPod\bin\iPodService.exe 
C:\WINDOWS\system32\wuauclt.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\PROGRA~1\Crawler\CToolbar.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe 
C:\Program Files\QuickZip4\QuickZip.exe 
C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\QZTEMP\HijackThis.exe 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/disp [...] tbid=60446 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=60446 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=60446 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL 
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll 
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll 
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll 
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll 
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll 
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll 
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe 
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe 
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe 
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe 
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe 
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe 
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe 
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE 
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" 
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" 
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.exe Philips SPC 200NC PC Camera 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe 
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray 
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S2D2.tmp" /EF "HKCU" 
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" 
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" 
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background 
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html 
O8 - Extra context menu item: Crawler Search - tbr:iemenu 
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html 
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html 
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll 
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll 
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll 
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll 
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html 
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html 
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html 
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html 
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html 
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll 
O11 - Options group: [INTERNATIONAL] International* 
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html [...] wflash.cab 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL 
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll 
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll 
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) 
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll 
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing) 
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing) 
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe 
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe 
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing) 
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

InfernO.vir · Answer

bonjour,

Plusieurs infections visibles:

-Telecharge Malwaresbytes anti-malware--> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

-Suis ce tuto--> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

-Execute un scan complet en mode sans echec

-Supprime tout ce qu'il te trouve (liste en rouge!)

-Poste le rapport generé.

******************************

-Telecharge combofix--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-Suis a la lettre ce tuto--> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

-Ferme tous tes programmes et deconnecte-toi

-Lance combofix

-Ne touche a rien pendant qu'il travaille

-Poste le rapport

sandra aubert · Answer

ok merci je fais ca de suite je poste le rapport directement apres merci beaucoup

InfernO.vir · Answer

Heu ce n'est pas a toi que j'ai dit de faire ca (pas le meme pseudo) !

nenesse1401 · Answer

si c est moi sauf j ai mis mon nom au lieu de mon pseudo c est pas grave c est pareil 
j ai lance antimalware machin truc il analyse 
j ai installer combofix sur le bureau puis le fichier instalation comme marque dans le tuto mais le gliseer sur combofix ca bloque comment je fais merci

nenesse1401 · Answer

oups j ai pas vu de faire le scan en mode sans echec bon ben je reviens de suite merci desolee mais ca me perturbe tout ca j suis degoutee

InfernO.vir · Answer

Pour l'instant ne touche pas a Combofix !

poste moi deja le rapport de malwarebytes anti-malware apres on verra!

Combofix peut-etre dangereux si on ne sait pas ce que l'on fait avec!!

nenesse1401 · Answer

ok me revoila en mode sans echec 
j ai juste installe combofix et le fichier de "recup" "instal" 
j ai refais malware 
des que c est fini je poste rapport en esperant qu il ne soit pas trop long et que tu seras encore la ca fais une semaine que je lutte a cause de ce trojan mais pas possible de le trouver il n y a que hier que spyware terminator m a dit qu il etait la j avais deja malware en mode normal il n a rien vu de ca 

en tout cas grand merci a toi pour ton aide

InfernO.vir · Answer

Ok j'attends !

nenesse1401 · Answer

quelles sont les menaces dans le rapport hjt que tu vois ???

InfernO.vir · Answer

Des toolbars infectées exemples--< C:\PROGRA~1\Crawler\CToolbar.exe

nenesse1401 · Answer

est ce que l espion qui a pirate ma cb est toujours sur mon ordi alors? je sais pas ou on peut voir ca mais spyware terminator me dis qu il est toujours la et a le controle complet de mon ordi?

InfernO.vir · Answer

Pour savoir j'attends le rapport

nenesse1401 · Answer

ok  vu l etat de progresson ca ne devrait plus etre long

InfernO.vir · Answer

Rien de detecté pour l'instant


PS: tu es sous un autre ordi a l'instant tu le fait bien en mode sans echec ?

nenesse1401 · Answer

pour le moment il n a rien trouve je suis sur  mon ordi (ca pose probleme???) et oui bien en mode sans echec

InfernO.vir · Answer

tu me parle depuis le pc infecté?

nenesse1401 · Answer

heu oui

InfernO.vir · Answer

alors que tu es en mode sans echec

nenesse1401 · Answer

en mode sans echec avec prise en charge reseau

nenesse1401 · Answer

voila le rapport malware 

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1211
Windows 5.1.2600 Service Pack 3

27/09/2008 10:49:37
mbam-log-2008-09-27 (10-49-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 110697
Temps écoulé: 32 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

nenesse1401 · Answer

manque un morceau le voila la fin

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

InfernO.vir · Answer

c'etait preferable de prendre le mode sans echec sans prise en charge reseau mais bon !

Si MBAM ne trouve rien alors tu fera combofix

-Ferme tous tes programmes et deconnecte-toi 

-Lance combofix 

-Ne touche a rien pendant qu'il travaille 

-Poste le rapport

nenesse1401 · Answer

ok je fais 
a tout de suite et encor merci

nenesse1401 · Answer

voila le rapport combofix

ComboFix 08-09-26.01 - sandra aubert 2008-09-27 10:53:49.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1165 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\sandra aubert\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\sandra aubert\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.

2008-09-27 00:16 . 2008-09-27 00:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-09-27 00:15 . 2008-09-27 00:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-27 00:14 . 2008-08-20 18:39 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-27 00:14 . 2008-08-20 12:27 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-27 00:14 . 2005-12-09 08:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-27 00:14 . 2008-08-20 18:39 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-27 00:14 . 2008-08-20 18:39 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-27 00:14 . 2008-08-20 18:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-27 00:14 . 2008-08-20 18:39 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-27 00:14 . 2008-09-27 00:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-27 00:14 . 2008-08-20 18:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-09-27 00:14 . 2005-12-09 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-27 00:14 . 2008-08-20 18:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-09-27 00:14 . 2008-09-27 00:14 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-27 00:06 . 2008-09-27 10:20 <REP> d-------- C:\Program Files\Crawler
2008-09-26 23:54 . 2008-09-27 00:38 <REP> d-------- C:\Program Files\Navilog1
2008-09-26 23:43 . 2008-09-26 23:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-26 23:42 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\sollab
2008-09-26 23:42 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\Lavasoft
2008-09-26 23:42 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\CCleaner
2008-09-26 23:42 . 2008-09-26 23:42 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\InterVideo
2008-09-26 23:42 . 2008-09-26 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-26 23:41 . 2008-09-26 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-26 22:38 . 2008-09-26 22:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-26 22:36 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-09-26 22:34 . 2008-09-26 23:43 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-26 22:29 . 2008-09-26 23:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 22:29 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-26 22:29 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-26 20:16 . 2008-09-26 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-26 20:08 . 2008-09-27 10:59 <REP> d-------- C:\Program Files\WinClamAVShield
2008-09-26 19:51 . 2008-09-26 23:42 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\Spyware Terminator
2008-09-26 19:51 . 2008-09-26 19:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-26 19:50 . 2008-09-26 23:43 <REP> d-------- C:\Program Files\Spyware Terminator
2008-09-25 19:09 . 2002-08-14 00:08 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe
2008-09-25 19:08 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-09-25 18:54 . 2008-09-26 23:42 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-20 11:47 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-20 11:47 . 2008-09-26 23:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 10:05 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\BarreConfCMCIC
2008-09-18 11:26 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\QuickZip4
2008-09-16 12:22 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-16 12:19 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\iTunes
2008-09-16 12:19 . 2008-09-26 23:42 <REP> d-------- C:\Program Files\iPod
2008-09-16 12:16 . 2008-09-26 23:41 <REP> d-------- C:\Program Files\QuickTime
2008-09-16 12:08 . 2008-09-26 23:41 <REP> d-------- C:\Program Files\Bonjour
2008-09-15 19:30 . 2008-09-15 19:30 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\Malwarebytes
2008-09-15 19:30 . 2008-09-15 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 17:58 . 1997-01-22 15:34 312,320 --a------ C:\WINDOWS\IsUninst.exe
2008-09-15 17:58 . 2008-09-25 19:44 491 --a------ C:\WINDOWS\SStylerProDemo.ini
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-05 20:45 . 2008-09-05 20:45 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-05 20:45 . 2008-09-05 20:45 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-05 20:45 . 2008-09-05 20:45 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-05 20:39 . 2008-09-05 20:45 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-05 20:23 . 2008-09-05 20:23 <REP> d-------- C:\WINDOWS\EHome
2008-09-04 19:08 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-04 19:08 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-04 19:08 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-04 19:08 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-09-04 19:08 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-09-04 17:53 . 2008-09-04 17:53 268 --ah----- C:\sqmdata02.sqm
2008-09-04 17:53 . 2008-09-04 17:53 244 --ah----- C:\sqmnoopt02.sqm
2008-09-03 23:00 . 2008-09-03 23:00 268 --ah----- C:\sqmdata01.sqm
2008-09-03 23:00 . 2008-09-03 23:00 244 --ah----- C:\sqmnoopt01.sqm
2008-09-03 10:41 . 2008-09-03 10:41 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-09-03 10:24 . 2008-09-03 10:24 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-09-03 10:24 . 2008-09-03 10:33 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-02 10:34 . 2007-11-30 08:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-09-01 12:25 . 2008-09-01 12:25 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\ArcSoft
2008-08-30 18:34 . 2008-08-30 18:34 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\Anuman Interactive
2008-08-30 18:13 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-08-30 17:12 . 2008-09-08 19:38 <REP> d-------- C:\Program Files\Fichiers communs\PC SOFT
2008-08-30 17:12 . 2008-08-30 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\magasin
2008-08-30 09:43 . 2008-08-30 10:29 <REP> d-------- C:\Documents and Settings\sandra aubert\Application Data\EBP
2008-08-30 09:16 . 2006-05-10 14:18 1,929,216 --a------ C:\WINDOWS\system32\cdintf250.dll
2008-08-30 09:13 . 2008-08-30 17:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EBP
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 09:00 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-26 21:42 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\muvee Technologies
2008-09-25 15:07 316 ----a-w C:\Documents and Settings\sandra aubert\Application Data\wklnhst.dat
2008-09-18 16:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 10:16 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-10 18:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-05 20:42 --------- d-----w C:\Program Files\MioNet
2008-09-03 10:35 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\DivX
2008-09-02 08:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 08:34 --------- d-----w C:\Program Files\Google
2008-08-26 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-26 17:58 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\AdobeUM
2008-08-21 20:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-21 05:53 --------- d-----w C:\Program Files\Picasa2
2008-08-20 17:25 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Apple Computer
2008-08-20 17:10 --------- d-----w C:\Program Files\Services en ligne
2008-08-20 17:09 --------- d-----w C:\Program Files\Realtek
2008-08-20 17:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-20 17:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-20 17:07 --------- d-----w C:\Program Files\ltmoh
2008-08-20 17:00 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-20 16:59 --------- d-----w C:\Program Files\ATI Technologies
2008-08-20 16:46 --------- d-----w C:\Program Files\DivX
2008-08-20 16:39 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\toshiba
2008-08-20 16:39 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Sonic
2008-08-20 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-08-20 16:09 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-08-20 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-20 15:43 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Yahoo!
2008-08-20 15:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 14:17 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-20 13:59 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Template
2008-08-20 12:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-20 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-08-20 12:22 --------- d-----w C:\Program Files\epson
2008-08-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-08-20 11:59 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-08-20 11:59 --------- d-----w C:\Program Files\Ahead
2008-08-20 11:54 --------- d-----w C:\Program Files\Philips
2008-08-20 11:52 --------- d-----w C:\Program Files\muvee Technologies
2008-08-20 11:52 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-08-20 11:51 --------- d-----w C:\Program Files\ArcSoft
2008-08-20 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-08-20 11:48 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\InstallShield
2008-08-20 11:15 --------- d-----w C:\Program Files\Shareaza
2008-08-20 11:15 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Shareaza
2008-08-20 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-20 10:40 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\BitDefender
2008-08-20 10:39 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-08-20 10:39 --------- d-----w C:\Program Files\BitDefender
2008-08-20 10:38 --------- d-----w C:\Program Files\Windows Live
2008-08-20 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-20 10:27 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_03601-FR_PSAA2E-01700.MRK
2008-08-20 10:25 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-20 10:25 --------- d-----w C:\Program Files\Atheros
2008-08-20 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-20 09:52 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-20 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-08-20 09:38 --------- d-----w C:\Program Files\Siber Systems
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 4739072]
"EPSON Stylus DX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" [2006-09-22 139264]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-20 160592]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-26 1783808]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 C:\WINDOWS\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-26 141312]
R2 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [2005-07-15 139264]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: Crawler Search - tbr:iemenu
O8 -: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 -: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll

O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.1.1.0/ImageUploader5.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 10:59:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 11:07:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-27 09:07:31

Avant-CF: 60ÿ612ÿ009ÿ984 octets libres
Après-CF: 59,043,483,648 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

314 --- E O F --- 2008-09-10 18:19:35

InfernO.vir · Answer

Des soucis particuliers ?

je regarde quelques trucs sur ton rapport!

nenesse1401 · Answer

ben le soucis de savoir si le truc espion est toujours la surtout et si il a toujours le controle de mon ordi...

InfernO.vir · Answer

-telecharge otmoveit--> http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

-Enregistre le fichier sur le Bureau. 

-Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil. 
 Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée. 

-Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move. 

C:\Program Files\Crawler

-Clique sur MoveIt! pour lancer la suppression. 
 Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit. 

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. 

-Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

nenesse1401 · Answer

toujours la???

nenesse1401 · Answer

voila le rapport 

C:\Program Files\Crawler\WSGData\domains moved successfully.
C:\Program Files\Crawler\WSGData moved successfully.
C:\Program Files\Crawler\Update moved successfully.
C:\Program Files\Crawler\TBR5LanguageAct moved successfully.
C:\Program Files\Crawler\STWSGLanguageAct moved successfully.
C:\Program Files\Crawler\Languages moved successfully.
C:\Program Files\Crawler\Download moved successfully.
C:\Program Files\Crawler\Cache\STWSG moved successfully.
C:\Program Files\Crawler\Cache\COMMON moved successfully.
C:\Program Files\Crawler\Cache moved successfully.
Folder move failed. C:\Program Files\Crawler scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09272008_112745

Files moved on Reboot...
C:\Program Files\Crawler moved successfully.

InfernO.vir · Answer

Attends je cherche par rapport a combofix

nenesse1401 · Answer

pas de prob la moindre des choses est d attendre si en plus tu prends le temps de m aider je patiente

InfernO.vir · Answer

-Demarrer-->executer--> ecris "regedit" sans les guillemets appuis sur entrée,

-Navigue ensuite jusqu'a ces clés: (si tu les trouves)

HKEY_CLASSES_ROOT\Microsoft Internet Mail Messages
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Iprip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Iprip

nenesse1401 · Answer

alors j ai pas le premier 
ni le deuxieme
ni le troisieme aucun des trois

InfernO.vir · Answer

3? aucune de ces lignes ?

nenesse1401 · Answer

et pas les deux derniere des cinq au total rien du tout

nenesse1401 · Answer

je beug j crois j vois pas le dernier message

nenesse1401 · Answer

t toujours la?

nenesse1401 · Answer

bon en definitive j ai aucune des cle que tu as marque j attend que tu revienne a tte et merci

InfernO.vir · Answer

Reposte moi un log hijackthis stp

nenesse1401 · Answer

ok

nenesse1401 · Answer

voila le nouveau rapport hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:47, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\sandra aubert\Local Settings\Temporary Internet Files\Content.IE5\ASFYPWPL\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.exe Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S2D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

nenesse1401 · Answer

bon je reviens d ici une heure environ a tte merci

nenesse1401 · Answer

me revoila tu es encore la???

nenesse1401 · Answer

ben je veux bien continuer ici mais il y a personne qui repond... et celui qui m aidait j crois qu il est parti

geoffrey5 · Answer

Salut !!

J ai bien recu ton MP..

&#x25B6; Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

(c est le numéro 6 en bas de la page) :  
 

&#x25B6; Lance l'installation du programme en exécutant le fichier téléchargé. 
&#x25B6; Double-clique maintenant sur le raccourci de Toolbar-S&D. 
&#x25B6; Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
&#x25B6; Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
&#x25B6; Poste le rapport généré. (C:\TB.txt)

NENESSE1401 · Answer

ok merci je mets le rapport direct apres

NENESSE1401 · Answer

voici le rapport


   -----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor         1.50GHz )
   BIOS : BIOS Version 1.50
   USER : sandra aubert ( Administrator )
   BOOT : Normal boot
   Antivirus : Bitdefender Antivirus 8.0 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Activated)
   C:\ (Local Disk) - NTFS - Total : 74 Go Free : 55 Go
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [1] ( 27/09/2008|17:18 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
   C:\DOCUME~1\SANDRA~1\Cookies\sandra_aubert@dnl.crawler[1].txt

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.orange.fr/portail"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://fr.yahoo.com/"
   "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60446"
   "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 27/09/2008|17:19 - Option : [1]

   -----------\  Fin du rapport a 17:19:58,18

InfernO.vir · Answer

Re, Slt geoffrey5

Tu sais je ne suis pas obligé de faire ca moi aussi j'ai une vie a coté de CCM je ne suis pas un nolife !

Irrespect total, je pars quelques heures et tu te dirige vers une autre personne ca a la don de m'enerver ce genre de reaction!

Sur ce bonne demerdouille

NENESSE1401 · Answer

deolee mais voyant que personne ne me repondait et que apparement tu n etais plus la j ai laissé beaucoup de message avant de demander de l aide a quelqu un d autre

desolee si ca t as vexé mais je ne sais pas ou j en suis avec ce virus et ca me fout la trouille 

si tu ne veux plus m aider alors tanpis mais je te remercie quand meme de l aide donne avant 

comprend que au vue du piratage de cb j ai pas envie de me faire pirater d autre choses perso 

sorry

geoffrey5 · Answer

Re,

dsl mais je faisais autre chose sur le pc...

&#x25B6; Relance Toolbar-S&D en double-cliquant sur le raccourci.
&#x25B6; Tape sur "2" puis valide en appuyant sur "Entrée". 
 /!\ Ne ferme pas la fenêtre lors de la suppression ! 
&#x25B6; Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide. 

ensuite refais un nouveau rapport hijackthis pour vérifier stp


je repasserai tout à l heure pour vérifier tes rapports  ;-)

sandra aubert · Answer

rapport toolbar


   -----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor         1.50GHz )
   BIOS : BIOS Version 1.50
   USER : sandra aubert ( Administrator )
   BOOT : Normal boot
   Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
   Firewall  : Bitdefender Firewall 8.0 (Not Activated)
   C:\ (Local Disk) - NTFS - Total : 74 Go Free : 55 Go
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [2] ( 27/09/2008|18:22 )

   -----------\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.orange.fr/portail"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"
   "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60446"
   "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 27/09/2008|17:19 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 27/09/2008|18:25 - Option : [2]

   -----------\  Fin du rapport a 18:25:40,48

sandra aubert · Answer

nouveau rapport hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:32, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\VM_STI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4apimgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.exe Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S2D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

NENESSE1401 · Answer

heu c encor moi sandra aubert et nenesse c pareil merci

geoffrey5 · Answer

est ce que tu as encore des problemes ??

InfernO.vir · Answer

Re geoffrey5

elle vien de me mp avec le rapport de kasper en ligne et il trouve ceci--> Hoax.Win32.Agent.fu logé ds la restauration systeme du C:\ je lui fait faire la desactivation et la reactivation de la resto systeme !

NENESSE1401 · Answer

voila j ai donc fait reactiver resto systeme apres l avoir desactive
ensuite j ai lance otmovelt dont voila la finalite 

File/Folder avenger.zip not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.exe not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
C:\WINDOWS\subs folder deleted successfully.
Service not present: catchme.
Service not present: gmer.
File delete failed. C:\Documents and Settings\sandra aubert\Local Settings\Temporary Internet Files\Content.IE5\CFAUI5KY\OTMoveIt2[1].exe scheduled to be deleted on reboot.

geoffrey5 · Answer

qu est ce que c est que ca ??!!^^

C est inferno qui t as demandé de faire ca ??

InfernO.vir · Answer

Lol non

jlui ai demander juste la resto systeme pour le deloger mais cest elle qui a fait otmoveit parcequ'elle a vu que cetait utile de la faire mais meme moi jai pa compris prk elle a fait ca

geoffrey5 · Answer

on ne fait pas un OtmoveIT pour supprimer des outils/fix  lol

nenesse : est ce que tu as encore des problèmes ??

vas aussi faire une analyse en ligne avec bitdefender à cette adresse stp :

http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

InfernO.vir · Answer

c'est a elle de dire pourquoi elle a fait ceci !

elle a deja fait kaspersky online tu veux le rapport ? il y a une seule infection detectée !

geoffrey5 · Answer

oui envois le rapport stp

InfernO.vir · Answer

------------------------------------------------------------­------------------- 
KASPERSKY ON-LINE SCANNER REPORT 
Saturday, September 27, 2008 9:40:56 PM 
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) 
Kaspersky On-line Scanner version : 5.0.84.2 
Dernière mise à jour de la base antivirus Kaspersky : 27/09/2008 
Enregistrements dans la base antivirus Kaspersky : 1131382 
------------------------------------------------------------­------------------- 

Paramètres d'analyse: 
Analyser avec la base antivirus suivante: standard 
Analyser les archives: vrai 
Analyser les bases de messagerie: vrai 

Cible de l'analyse - Poste de travail: 
C:\ 
D:\ 

Statistiques de l'analyse: 
Total d'objets analysés: 71952 
Nombre de virus trouvés: 1 
Nombre d'objets infectés: 1 / 0 
Nombre d'objets suspects: 0 
Durée de l'analyse: 03:01:09 

Nom de l'objet infecté / Nom du virus / Dernière action 
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings	emp\Cookies\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings	emp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings	emp\History\History.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré 
C:\Documents and Settings\LocalService
tuser.dat.LOG L'objet est verrouillé ignoré 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré 
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré 
C:\Documents and Settings\NetworkService
tuser.dat.LOG L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Application Data\BitDefender\Desktop\Profiles\asdict.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Application Data\Shareaza\Data\TigerTree.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Cookies\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Historique\History.IE5\MSHist012008092720080928\ind­ex.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings	emp\WCESLog.log L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings	emp\~DF3AEC.tmp L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings	emp\~DF3B06.tmp L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat ­L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert\NTUSER.DAT L'objet est verrouillé ignoré 
C:\Documents and Settings\sandra aubert
tuser.dat.LOG L'objet est verrouillé ignoré 
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_14621\aspdict.dat L'objet est verrouillé ignoré 
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db L'objet est verrouillé ignoré 
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal L'objet est verrouillé ignoré 
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\R­P75\A0007701.sys Infecté : Hoax.Win32.Agent.fu ignoré 
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\R­P93\change.log L'objet est verrouillé ignoré 
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré 
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré 
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré 
C:\WINDOWS\system32\CatRoot2	mp.edb L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré 
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré 
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré 
C:\WINDOWS\Temp\hsperfdata_SYSTEM\728 L'objet est verrouillé ignoré 
C:\WINDOWS\Temp	mp00003b31	mp00000000 L'objet est verrouillé ignoré 
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré 
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré 
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré 

Analyse terminée.

Elle a fait la restauration systeme donc celui-ci devrait etre exterminé !

NENESSE1401 · Answer

inferno m a dis de faire un combofix voila le rapport ComboFix 08-09-27.01 - sandra aubert 2008-09-27 22:16:57.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.960 [GMT 2:00] Lancé depuis: C:\Documents and Settings\sandra aubert\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 )))))))))))))))))))))))))))))))))))) . 2008-09-27 18:06 . 2008-09-27 18:06 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-27 17:19 . 2008-09-27 17:19 d-------- C:\Program Files\Trend Micro 2008-09-27 17:18 . 2008-09-27 18:25 d-------- C:\ToolBar SD 2008-09-27 17:18 . 2008-09-27 18:23 3,642 --a------ C:\Documents and Settings\Orph.egd 2008-09-27 00:16 . 2008-09-27 00:17 d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator 2008-09-27 00:15 . 2008-09-27 00:15 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-27 00:14 . 2008-08-20 18:39 d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-09-27 00:14 . 2008-08-20 12:27 d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-09-27 00:14 . 2005-12-09 08:55 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-09-27 00:14 . 2008-08-20 18:39 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-09-27 00:14 . 2008-08-20 18:39 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-09-27 00:14 . 2008-08-20 18:39 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-09-27 00:14 . 2008-08-20 18:39 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-09-27 00:14 . 2008-09-27 00:25 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-09-27 00:14 . 2008-08-20 18:39 d-------- C:\Documents and Settings\Administrateur\Application Data oshiba 2008-09-27 00:14 . 2005-12-09 12:22 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-09-27 00:14 . 2008-08-20 18:39 d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic 2008-09-27 00:14 . 2008-09-27 00:14 d-------- C:\Documents and Settings\Administrateur 2008-09-26 23:54 . 2008-09-27 12:47 d-------- C:\Program Files\Navilog1 2008-09-26 23:43 . 2008-09-26 23:43 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-09-26 23:42 . 2008-09-26 23:42 d-------- C:\Program Files\sollab 2008-09-26 23:42 . 2008-09-26 23:42 d-------- C:\Program Files\Lavasoft 2008-09-26 23:42 . 2008-09-26 23:42 d-------- C:\Program Files\CCleaner 2008-09-26 23:42 . 2008-09-26 23:42 d-------- C:\Documents and Settings\sandra aubert\Application Data\InterVideo 2008-09-26 23:42 . 2008-09-26 23:42 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-09-26 23:41 . 2008-09-26 23:42 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-26 22:38 . 2008-09-26 22:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-09-26 22:36 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-09-26 22:34 . 2008-09-26 23:43 d-------- C:\WINDOWS\Internet Logs 2008-09-26 22:29 . 2008-09-26 23:43 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-26 22:29 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-26 22:29 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-26 20:16 . 2008-09-26 23:42 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-26 20:08 . 2008-09-27 11:21 d-------- C:\Program Files\WinClamAVShield 2008-09-26 19:51 . 2008-09-27 17:36 d-------- C:\Documents and Settings\sandra aubert\Application Data\Spyware Terminator 2008-09-26 19:51 . 2008-09-26 19:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-09-26 19:50 . 2008-09-26 23:43 d-------- C:\Program Files\Spyware Terminator 2008-09-25 19:09 . 2002-08-14 00:08 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe 2008-09-25 19:08 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe 2008-09-25 18:54 . 2008-09-26 23:42 d-------- C:\WINDOWS\system32\Adobe 2008-09-20 11:47 . 2008-09-26 23:42 d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-20 11:47 . 2008-09-27 17:35 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 10:05 . 2008-09-26 23:42 d-------- C:\Program Files\BarreConfCMCIC 2008-09-18 11:26 . 2008-09-26 23:42 d-------- C:\Program Files\QuickZip4 2008-09-16 12:22 . 2008-09-26 23:42 d-------- C:\Program Files\Apple Software Update 2008-09-16 12:19 . 2008-09-26 23:42 d-------- C:\Program Files\iTunes 2008-09-16 12:19 . 2008-09-26 23:42 d-------- C:\Program Files\iPod 2008-09-16 12:16 . 2008-09-26 23:41 d-------- C:\Program Files\QuickTime 2008-09-16 12:08 . 2008-09-26 23:41 d-------- C:\Program Files\Bonjour 2008-09-15 19:30 . 2008-09-15 19:30 d-------- C:\Documents and Settings\sandra aubert\Application Data\Malwarebytes 2008-09-15 19:30 . 2008-09-15 19:30 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-15 17:58 . 1997-01-22 15:34 312,320 --a------ C:\WINDOWS\IsUninst.exe 2008-09-15 17:58 . 2008-09-25 19:44 491 --a------ C:\WINDOWS\SStylerProDemo.ini 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-05 20:45 . 2008-09-05 20:45 d-------- C:\WINDOWS\system32\fr 2008-09-05 20:45 . 2008-09-05 20:45 d-------- C:\WINDOWS\system32\bits 2008-09-05 20:45 . 2008-09-05 20:45 d-------- C:\WINDOWS\l2schemas 2008-09-05 20:39 . 2008-09-05 20:45 d-------- C:\WINDOWS\ServicePackFiles 2008-09-05 20:23 . 2008-09-05 20:23 d-------- C:\WINDOWS\EHome 2008-09-04 19:08 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-09-04 19:08 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-09-04 19:08 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-09-04 19:08 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-09-04 19:08 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-09-04 17:53 . 2008-09-04 17:53 268 --ah----- C:\sqmdata02.sqm 2008-09-04 17:53 . 2008-09-04 17:53 244 --ah----- C:\sqmnoopt02.sqm 2008-09-03 23:00 . 2008-09-03 23:00 268 --ah----- C:\sqmdata01.sqm 2008-09-03 23:00 . 2008-09-03 23:00 244 --ah----- C:\sqmnoopt01.sqm 2008-09-03 10:41 . 2008-09-03 10:41 d-------- C:\Program Files\Windows Media Connect 2 2008-09-03 10:24 . 2008-09-03 10:24 d-------- C:\WINDOWS\system32\LogFiles 2008-09-03 10:24 . 2008-09-03 10:33 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-09-02 10:34 . 2007-11-30 08:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-09-01 12:25 . 2008-09-01 12:25 d-------- C:\Documents and Settings\sandra aubert\Application Data\ArcSoft 2008-08-30 18:34 . 2008-08-30 18:34 d-------- C:\Documents and Settings\sandra aubert\Application Data\Anuman Interactive 2008-08-30 18:13 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-08-30 17:12 . 2008-09-08 19:38 d-------- C:\Program Files\Fichiers communs\PC SOFT 2008-08-30 17:12 . 2008-08-30 17:12 d-------- C:\Documents and Settings\All Users\Application Data\magasin 2008-08-30 09:43 . 2008-08-30 10:29 d-------- C:\Documents and Settings\sandra aubert\Application Data\EBP 2008-08-30 09:16 . 2006-05-10 14:18 1,929,216 --a------ C:\WINDOWS\system32\cdintf250.dll 2008-08-30 09:13 . 2008-08-30 17:46 d-------- C:\Documents and Settings\All Users\Application Data\EBP 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 20:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-09-26 21:42 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\muvee Technologies 2008-09-25 15:07 316 ----a-w C:\Documents and Settings\sandra aubert\Application Data\wklnhst.dat 2008-09-18 16:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-16 10:16 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-09-10 18:15 --------- d-----w C:\Program Files\Microsoft Works 2008-09-05 20:42 --------- d-----w C:\Program Files\MioNet 2008-09-03 10:35 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\DivX 2008-09-02 08:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-02 08:34 --------- d-----w C:\Program Files\Google 2008-08-26 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-26 17:58 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\AdobeUM 2008-08-21 20:37 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-21 05:53 --------- d-----w C:\Program Files\Picasa2 2008-08-20 17:25 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Apple Computer 2008-08-20 17:10 --------- d-----w C:\Program Files\Services en ligne 2008-08-20 17:09 --------- d-----w C:\Program Files\Realtek 2008-08-20 17:07 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-20 17:07 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-20 17:07 --------- d-----w C:\Program Files\ltmoh 2008-08-20 17:00 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-08-20 16:59 --------- d-----w C:\Program Files\ATI Technologies 2008-08-20 16:46 --------- d-----w C:\Program Files\DivX 2008-08-20 16:39 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data oshiba 2008-08-20 16:39 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Sonic 2008-08-20 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-08-20 16:09 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint 2008-08-20 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-20 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-08-20 15:43 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Yahoo! 2008-08-20 15:28 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-08-20 14:17 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-20 13:59 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Template 2008-08-20 12:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-20 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2008-08-20 12:22 --------- d-----w C:\Program Files\epson 2008-08-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON 2008-08-20 11:59 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-08-20 11:59 --------- d-----w C:\Program Files\Ahead 2008-08-20 11:54 --------- d-----w C:\Program Files\Philips 2008-08-20 11:52 --------- d-----w C:\Program Files\muvee Technologies 2008-08-20 11:52 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2008-08-20 11:51 --------- d-----w C:\Program Files\ArcSoft 2008-08-20 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies 2008-08-20 11:48 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\InstallShield 2008-08-20 11:15 --------- d-----w C:\Program Files\Shareaza 2008-08-20 11:15 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\Shareaza 2008-08-20 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2008-08-20 10:40 --------- d-----w C:\Documents and Settings\sandra aubert\Application Data\BitDefender 2008-08-20 10:39 --------- d-----w C:\Program Files\Fichiers communs\BitDefender 2008-08-20 10:39 --------- d-----w C:\Program Files\BitDefender 2008-08-20 10:38 --------- d-----w C:\Program Files\Windows Live 2008-08-20 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-20 10:27 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_03601-FR_PSAA2E-01700.MRK 2008-08-20 10:25 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-08-20 10:25 --------- d-----w C:\Program Files\Atheros 2008-08-20 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-20 09:52 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-08-20 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm 2008-08-20 09:38 --------- d-----w C:\Program Files\Siber Systems 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe" [2005-04-11 65536] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 4739072] "EPSON Stylus DX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" [2006-09-22 139264] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-20 160592] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-19 188416] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet hotkey.exe" [2005-12-08 352256] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077328] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 40960] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-26 1783808] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 C:\WINDOWS\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\iTunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-26 141312] R2 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [2005-07-15 139264] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKLM-Main,Window Title = R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 -: Crawler Search - tbr:iemenu O8 -: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 -: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 -: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.1.1.0/ImageUploader5.cab C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 22:20:54 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-27 22:23:33 ComboFix-quarantined-files.txt 2008-09-27 20:23:24 Avant-CF: 62ÿ780ÿ473ÿ344 octets libres Après-CF: 62,777,561,088 octets libres 278 --- E O F --- 2008-09-10 18:19:35

geoffrey5 · Answer

ok...

télécharge trojan remover à cette adresse, un tuto sera à ta disposition pour savoir l utiliser :

https://www.androidworld.fr/


ensuite :


&#x25B6; Télécharge a-squared free 3.5

&#x25B6; Un tutoriel est à ta disposition pour bien l utiliser.

&#x25B6; fais la mise à jour et une analyse complète.

&#x25B6; poste le rapport stp

NENESSE1401 · Answer

ok j fais quand meme le bitdefender on line? il telecharge els mise a jour pour le moment

geoffrey5 · Answer

y avait pas besoin de refaire un combofix  :s

et on ne demande pas une désinfection par MP^^


fais ce que je t ai demandé stp nenesse

@+

geoffrey5 · Answer

oui fais tout et postes les rapports stp

NENESSE1401 · Answer

ok et si inferno pouvait venir aussi sur ce post comme ca vous pouvais voir tout les deux enfin si c est possible j veux pas abuser des gens non plus

InfernO.vir · Answer

Si! jveux verifier un truc redonne moi le rapport de combo mais a mon adresse email--> nucky-las@voila.fr

C:\Documents and Settings\sandra aubert\Application Data\wklnhst.dat  <--navipromo n'est-ce pas ?

NENESSE1401 · Answer

bon le bitdefender on line n a pas pu mettre a jour tout mais ma demande de lancer lescan ce que j ai fais j attend la fin et je post rapport merci

NENESSE1401 · Answer

scan bitle scna bitdefender me dis impossible d analyser l ordi je reessaye d installer les mises a jour et de relancer le scan

NENESSE1401 · Answer

deuxieme essai meme probleme bitdefender ne peut pas installer mise a jour et pas scanner 

j laisse tomber ou ???

NENESSE1401 · Answer

bon pour le moment a squared a detecte 65 truc mais il n a pas encor fini et trojan truc reste à 97% depuis un moment et pour bitdefender on line pas possible a chaque fois il plante

NENESSE1401 · Answer

bon voila le rapport de trojan machin 

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 22:38:13 27 sept. 2008
Using Database v7143
Operating System:  Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\sandra aubert\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  C:\Documents and Settings\sandra aubert\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
22:38:13: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
22:38:13: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
22:38:13: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
22:38:17: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ATIPTA
Value Data: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
344064 bytes
Created:  09/12/2005
Modified: 05/08/2005
Company:  ATI Technologies, Inc.
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
15473664 bytes
Created:  09/12/2005
Modified: 10/11/2005
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
98394 bytes
Created:  09/12/2005
Modified: 15/10/2004
Company:  Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
688218 bytes
Created:  09/12/2005
Modified: 15/10/2004
Company:  Synaptics, Inc.
--------------------
Value Name: LtMoh
Value Data: C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\ltmoh\Ltmoh.exe
188416 bytes
Created:  09/12/2005
Modified: 19/05/2005
Company:  Agere Systems
--------------------
Value Name: AGRSMMSG
Value Data: AGRSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
88203 bytes
Created:  09/12/2005
Modified: 15/10/2005
Company:  Agere Systems
--------------------
Value Name: THotkey
Value Data: C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
352256 bytes
Created:  09/12/2005
Modified: 08/12/2005
Company:  TOSHIBA
--------------------
Value Name: Tvs
Value Data: C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
73728 bytes
Created:  09/12/2005
Modified: 30/11/2005
Company:  TOSHIBA Corporation
--------------------
Value Name: TPSMain
Value Data: TPSMain.exe
C:\WINDOWS\system32\TPSMain.exe
266240 bytes
Created:  09/12/2005
Modified: 03/08/2005
Company:  TOSHIBA Corporation
--------------------
Value Name: SmoothView
Value Data: C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
118784 bytes
Created:  09/12/2005
Modified: 17/05/2005
Company:  TOSHIBA Corporation
--------------------
Value Name: PadTouch
Value Data: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
1077328 bytes
Created:  09/12/2005
Modified: 30/08/2005
Company:  TOSHIBA
--------------------
Value Name: DLA
Value Data: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
122940 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
--------------------
Value Name: BitDefender Antiphishing Helper
Value Data: "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe
61440 bytes
Created:  09/10/2007
Modified: 09/10/2007
Company:  BitDefender
--------------------
Value Name: BDAgent
Value Data: "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
368640 bytes
Created:  23/05/2008
Modified: 16/09/2008
Company:  BitDefender S.R.L.
--------------------
Value Name: BigDogPath
Value Data: C:\WINDOWS\VM_STI.exe Philips SPC 200NC PC Camera
C:\WINDOWS\VM_STI.exe
40960 bytes
Created:  20/08/2008
Modified: 09/06/2004
Company:  BIGDOG
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
413696 bytes
Created:  06/09/2008
Modified: 06/09/2008
Company:  Apple Inc.
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
111936 bytes
Created:  03/09/2008
Modified: 03/09/2008
Company:  Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
289576 bytes
Created:  10/09/2008
Modified: 10/09/2008
Company:  Apple Inc.
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1783808 bytes
Created:  26/09/2008
Modified: 26/09/2008
Company:  Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created:  27/09/2008
Modified: 20/09/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
--------------------
Value Name: TOSCDSPD
Value Data: C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
65536 bytes
Created:  09/12/2005
Modified: 11/04/2005
Company:  TOSHIBA
--------------------
Value Name: Shareaza
Value Data: "C:\Program Files\Shareaza\Shareaza.exe" -tray
C:\Program Files\Shareaza\Shareaza.exe
4739072 bytes
Created:  20/08/2008
Modified: 01/01/2008
Company:  Shareaza Development Team
--------------------
Value Name: EPSON Stylus DX6000 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S2D2.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
139264 bytes
Created:  20/08/2008
Modified: 22/09/2006
Company:  SEIKO EPSON CORPORATION
--------------------
Value Name: RoboForm
Value Data: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
160592 bytes
Created:  20/08/2008
Modified: 20/08/2008
Company:  Siber Systems
--------------------
Value Name: H/PC Connection Agent
Value Data: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
1289000 bytes
Created:  13/11/2006
Modified: 13/11/2006
Company:  Microsoft Corporation
--------------------
Value Name: Picasa Media Detector
Value Data: C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
443968 bytes
Created:  15/08/2008
Modified: 15/08/2008
Company:  Google Inc.
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created:  13/09/2008
Modified: 13/09/2008
Company:  Google Inc.
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
22:38:33: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------

************************************************************
22:38:33: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
22:38:33: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
22:38:33: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  
----------

************************************************************
22:38:34: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
--------------------
Key:  p2pgasvc
Path: %SystemRoot%\system32\p2pgasvc.dll
C:\WINDOWS\system32\p2pgasvc.dll
105472 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
--------------------
Key:  scan
Path: C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll
151552 bytes
Created:  25/04/2008
Modified: 10/09/2008
Company:  S.C. BitDefender S.R.L
--------------------

************************************************************
22:38:37: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       ACS
ImagePath: C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\acs.exe
36864 bytes
Created:  20/08/2008
Modified: 08/07/2005
Company:  
----------
Key:       AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
17801 bytes
Created:  20/08/2008
Modified: 20/08/2008
Company:  Meetinghouse Data Communications
----------
Key:       Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
116040 bytes
Created:  10/09/2008
Modified: 10/09/2008
Company:  Apple Inc.
----------
Key:       AR5211
ImagePath: system32\DRIVERS\ar5211.sys
C:\WINDOWS\system32\DRIVERS\ar5211.sys
468736 bytes
Created:  09/12/2005
Modified: 12/09/2005
Company:  Atheros Communications, Inc.
----------
Key:       aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created:  15/07/2004
Modified: 15/07/2004
Company:  Microsoft Corporation
----------
Key:       Bdfndisf
ImagePath: system32\DRIVERS\bdfndisf.sys
C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
86792 bytes
Created:  02/06/2008
Modified: 02/06/2008
Company:  BitDefender SRL
----------
Key:       bdfsfltr
ImagePath: system32\drivers\bdfsfltr.sys
C:\WINDOWS\system32\drivers\bdfsfltr.sys
196368 bytes
Created:  07/01/2008
Modified: 07/01/2008
Company:  BitDefender S.R.L. Bucharest, ROMANIA
----------
Key:       bdftdif
ImagePath: \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys
C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys
156688 bytes
Created:  25/01/2008
Modified: 25/01/2008
Company:  BitDefender SRL
----------
Key:       BDSelfPr
ImagePath: \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
8320 bytes
Created:  16/01/2008
Modified: 16/01/2008
Company:  BitDefender S.R.L.
----------
Key:       Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created:  29/08/2008
Modified: 29/08/2008
Company:  Apple Inc.
----------
Key:       CFSvcs
ImagePath: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
40960 bytes
Created:  09/12/2005
Modified: 18/01/2005
Company:  TOSHIBA CORPORATION
----------
Key:       DLABOIOM
ImagePath: System32\DLA\DLABOIOM.SYS
C:\WINDOWS\System32\DLA\DLABOIOM.SYS
25628 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLACDBHM
ImagePath: System32\Drivers\DLACDBHM.SYS
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
5628 bytes
Created:  09/12/2005
Modified: 07/07/2005
Company:  Sonic Solutions
----------
Key:       DLADResN
ImagePath: System32\DLA\DLADResN.SYS
C:\WINDOWS\System32\DLA\DLADResN.SYS
2496 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLAIFS_M
ImagePath: System32\DLA\DLAIFS_M.SYS
C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
86524 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLAOPIOM
ImagePath: System32\DLA\DLAOPIOM.SYS
C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
14684 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLAPoolM
ImagePath: System32\DLA\DLAPoolM.SYS
C:\WINDOWS\System32\DLA\DLAPoolM.SYS
6364 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLARTL_N
ImagePath: System32\Drivers\DLARTL_N.SYS
C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
22684 bytes
Created:  09/12/2005
Modified: 07/07/2005
Company:  Sonic Solutions
----------
Key:       DLAUDFAM
ImagePath: System32\DLA\DLAUDFAM.SYS
C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
92700 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DLAUDF_M
ImagePath: System32\DLA\DLAUDF_M.SYS
C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
87004 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key:       DRVMCDB
ImagePath: System32\Drivers\DRVMCDB.SYS
C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
88704 bytes
Created:  09/12/2005
Modified: 28/07/2005
Company:  Sonic Solutions
----------
Key:       DRVNDDM
ImagePath: System32\Drivers\DRVNDDM.SYS
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
40544 bytes
Created:  09/12/2005
Modified: 07/07/2005
Company:  Sonic Solutions
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created:  21/08/2008
Modified: 21/08/2008
Company:  Google
----------
Key:       HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created:  07/01/2005
Modified: 13/04/2008
Company:  Windows (R) Server 2003 DDK provider
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
Key:       IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
4064256 bytes
Created:  09/12/2005
Modified: 11/11/2005
Company:  Realtek Semiconductor Corp.
----------
Key:       Iviaspi
ImagePath: system32\drivers\iviaspi.sys
C:\WINDOWS\system32\drivers\iviaspi.sys
21060 bytes
Created:  09/12/2005
Modified: 11/09/2003
Company:  InterVideo, Inc.
----------
Key:       LIVESRV
ImagePath: "C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
1155072 bytes
Created:  30/04/2008
Modified: 30/04/2008
Company:  BitDefender SRL
----------
Key:       MioNet
ImagePath: "C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"
C:\Program Files\MioNet\MioNetManager.exe
-R- 139264 bytes
Created:  15/07/2005
Modified: 15/07/2005
Company:  
----------
Key:       Netdevio
ImagePath: system32\DRIVERS
etdevio.sys
C:\WINDOWS\system32\DRIVERS
etdevio.sys
12032 bytes
Created:  09/12/2005
Modified: 29/01/2003
Company:  TOSHIBA Corporation.
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created:  28/07/2003
Modified: 28/07/2003
Company:  Microsoft Corporation
----------
Key:       Pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  09/12/2005
Modified: 19/09/2003
Company:  Padus, Inc.
----------
Key:       Profos
ImagePath: \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
12800 bytes
Created:  12/07/2007
Modified: 12/07/2007
Company:  
----------
Key:       RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
74496 bytes
Created:  09/12/2005
Modified: 04/03/2005
Company:  Realtek Semiconductor Corporation                           
----------
Key:       sp_rsdrv2
ImagePath: \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created:  26/09/2008
Modified: 26/09/2008
Company:  
----------
Key:       sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created:  26/09/2008
Modified: 26/09/2008
Company:  Crawler.com
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0EB74963-BA23-477D-B8F5-8947340A9836}
C:\WINDOWS\system32\dllhost.exe 
5120 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
185728 bytes
Created:  09/12/2005
Modified: 15/10/2004
Company:  Synaptics, Inc.
----------
Key:       TAPPSRV
ImagePath: "C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe"
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
35328 bytes
Created:  09/12/2005
Modified: 10/08/2005
Company:  TOSHIBA Corp.
----------
Key:       Tcpip6
ImagePath: system32\DRIVERS	cpip6.sys
C:\WINDOWS\system32\DRIVERS	cpip6.sys
225856 bytes
Created:  09/12/2005
Modified: 20/06/2008
Company:  Microsoft Corporation
----------
Key:       Trufos
ImagePath: \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner	rufos.sys
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner	rufos.sys
36736 bytes
Created:  10/07/2007
Modified: 10/07/2007
Company:  
----------
Key:       TVALD
ImagePath: system32\DRIVERS\NBSMI.sys
C:\WINDOWS\system32\DRIVERS\NBSMI.sys
6144 bytes
Created:  09/12/2005
Modified: 20/10/2005
Company:  Toshiba Corporation
----------
Key:       Tvs
ImagePath: system32\DRIVERS\Tvs.sys
C:\WINDOWS\system32\DRIVERS\Tvs.sys
43392 bytes
Created:  09/12/2005
Modified: 30/11/2005
Company:  TOSHIBA Corporation
----------
Key:       usb_rndisx
ImagePath: system32\DRIVERS\usb8023x.sys
C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12800 bytes
Created:  20/08/2008
Modified: 21/10/2005
Company:  Microsoft Corporation
----------
Key:       usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created:  18/10/2007
Modified: 18/10/2007
Company:  Microsoft Corporation
----------
Key:       VSSERV
ImagePath: "C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
1261568 bytes
Created:  25/04/2008
Modified: 15/09/2008
Company:  BitDefender S.R.L.
----------
Key:       WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created:  25/10/2007
Modified: 25/10/2007
Company:  Microsoft Corporation
----------
Key:       XCOMM
ImagePath: "C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
86016 bytes
Created:  27/11/2007
Modified: 27/11/2007
Company:  BitDefender
----------

************************************************************
22:39:06: Scanning -----VXD ENTRIES-----

************************************************************
22:39:06: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
22:39:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   EPPShellEx
CLSID: {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
Path:  C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
69632 bytes
Created:  20/08/2008
Modified: 13/04/2006
Company:  SEIKO EPSON CORPORATION
----------
Key:   ShellExtension
CLSID: [empty]
----------
Key:   SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path:  C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created:  26/09/2008
Modified: 26/09/2008
Company:  Crawler.com
----------
Key:   {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Path:  C:\Program Files\BitDefender\BitDefender 2008\bdshelxt.dll
C:\Program Files\BitDefender\BitDefender 2008\bdshelxt.dll
155648 bytes
Created:  14/12/2007
Modified: 14/12/2007
Company:  BitDefender S.R.L
----------

************************************************************
22:39:08: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
22:39:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
59032 bytes
Created:  18/12/2006
Modified: 18/12/2006
Company:  Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created:  20/09/2008
Modified: 07/07/2008
Company:  Safer Networking Limited
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\System32\DLA\DLASHX_W.DLL
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
110652 bytes
Created:  09/12/2005
Modified: 01/08/2005
Company:  Sonic Solutions
----------
Key: {724d43a9-0d85-11d4-9908-00400523e39a}
BHO: C:\Program Files\Siber Systems\AI RoboFormoboform.dll
C:\Program Files\Siber Systems\AI RoboFormoboform.dll
5751624 bytes
Created:  20/08/2008
Modified: 20/08/2008
Company:  Siber Systems Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Microsoft Corporation
----------
Key: {988B07F5-7392-455A-8A1F-64935CB8B6ED}
BHO: C:\Program Files\BarreConfCMCIC\TAPBar.dll
C:\Program Files\BarreConfCMCIC\TAPBar.dll
225280 bytes
Created:  14/09/2007
Modified: 14/09/2007
Company:  Euro-Information
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2436160 bytes
Created:  21/08/2008
Modified: 19/01/2007
Company:  Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
737776 bytes
Created:  13/09/2008
Modified: 13/09/2008
Company:  Google Inc.
----------
Key: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
BHO: C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
368640 bytes
Created:  20/08/2008
Modified: 21/02/2005
Company:  SEIKO EPSON CORPORATION
----------

************************************************************
22:39:10: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
Key:   UPnPMonitor
CLSID: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Path:  C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\system32\upnpui.dll
240128 bytes
Created:  09/12/2005
Modified: 14/04/2008
Company:  Microsoft Corporation
----------
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created:  18/10/2006
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

************************************************************
22:39:11: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
22:39:11: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
22:39:11: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
22:39:11: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
22:39:12: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  09/12/2005
Modified: 09/12/2005
Company:  
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
22:39:12: Scanning ----- SCHEDULED TASKS -----
Taskname:      AppleSoftwareUpdate.job
File:          C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created:  30/07/2008
Modified: 30/07/2008
Company:  Apple Inc.
Parameters:    -task
Next Run Time: 29/09/2008 12:36:00
Status:        La tâche est prête à s'exécuter à l'heure prévue
Creator:       SYSTEM
Comments:      [blank]
----------
Taskname:      Symantec NetDetect.job
File:          C:\Program Files\Symantec\LiveUpdate\NDetect.exe
Parameters:    [blank]
Next Run Time: 27/09/2008 22:44:00
Status:        La tâche n'a pas encore été exécutée
Creator:       SYSTEM
Comments:      Symantec NetDetect
C:\Program Files\Symantec\LiveUpdate\NDetect.exe [file not found to scan]
----------

************************************************************
22:39:12: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
22:39:12: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\sandra aubert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\sandra aubert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
13102134 bytes
Created:  20/08/2008
Modified: 23/09/2008
Company:  
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\sandra aubert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
13102134 bytes
Created:  20/08/2008
Modified: 23/09/2008
Company:  
----------
Additional checks completed

************************************************************
22:39:18: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\acs.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - file already scanned
--------------------
C:\Program Files\MioNet\MioNetManager.exe - file already scanned
--------------------
C:\WINDOWS\system32	cpsvcs.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe - file already scanned
--------------------
C:\Program Files\MioNet\jvm\bin\MioNet.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe - file already scanned
--------------------
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\Program Files\ltmoh\Ltmoh.exe - file already scanned
--------------------
C:\WINDOWS\AGRSMMSG.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe - file already scanned
--------------------
C:\WINDOWS\System32\DLA\DLACTRLW.EXE - file already scanned
--------------------
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe - file already scanned
--------------------
C:\WINDOWS\VM_STI.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe - file already scanned
--------------------
C:\Program Files\Shareaza\Shareaza.exe - file already scanned
--------------------
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe - file already scanned
--------------------
C:\Program Files\Microsoft ActiveSync\wcescomm.exe - file already scanned
--------------------
C:\Program Files\Picasa2\PicasaMediaDetector.exe - file already scanned
--------------------
C:\WINDOWS\system32\TPSBattM.exe
--------------------
C:\PROGRA~1\MICROS~4apimgr.exe
--------------------
C:\Program Files\iPod\bin\iPodService.exe
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------------
C:\Program Files\internet explorer\iexplore.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Documents and Settings\sandra aubert\Application Data\Simply Super Software\Trojan Remover\cos57.exe
FileSize:          2552384
[This is a Trojan Remover component]
--------------------
--------------------
C:\Documents and Settings\sandra aubert\Bureau\a2FreeSetup.exe
--------------------

************************************************************
23:13:40: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
23:13:40: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
23:13:40: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.orange.fr/portail
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 23:13:41 27 sept. 2008
Total Scan time: 00:35:27
************************************************************

NENESSE1401 · Answer

je vous remercie deja et vous souhaite une bonne nuit je reviendrai demain un petit peu pour voir si vous avez repondu sinon je serai encor la dans la semaine des lundi matin 

bon dimanche au cas ou j attend la fin de a suqared et je poste le rapport apres ca je vais me coucher donc a demain ou lundi

NENESSE1401 · Answer

voila le rapport a squared 

Version - a-squared Free 3.5
Dernière mise à jour : 27/09/2008 22:42:48

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balayage ADS : Marche

Lancement du balayage :	27/09/2008 22:44:47

Key: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\software\kazaa 	détectés : Trace.Registry.KaZaA
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\software\microsoft\windows\currentversionun --> shareaza 	détectés : Trace.Registry.Shareaza
c:\documents and settings\sandra aubert\application data\shareaza 	détectés : Trace.Directory.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza\collections 	détectés : Trace.Directory.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza\data 	détectés : Trace.Directory.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza	orrents 	détectés : Trace.Directory.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza\data\library1.dat 	détectés : Trace.File.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza\data	igertree.dat 	détectés : Trace.File.Shareaza Lite
c:\documents and settings\sandra aubert\application data\shareaza\data\uploadqueues.dat 	détectés : Trace.File.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_CLASSES_ROOT\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Downloads --> CollectionPath 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Downloads --> CompletePath 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Downloads --> IncompletePath 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Downloads --> TorrentPath 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Plugins --> {2EE9D739-7726-41cf-8F18-4B1B8763BC63} 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Plugins --> {9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646} 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> FirstRun 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> GUIMode 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> Language 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> RatesInBytes 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> Running 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Settings --> VerboseMode 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Skins --> ShareazaOS\ShareazaOS.xml 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\VersionCheck --> NextCheck 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Windows --> CMainWnd.ShowCmd 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza\Windows --> CRemoteWnd.ShowCmd 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza --> Path 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_USERS\S-1-5-21-1227561026-1180597129-1481750350-1006\Software\Shareaza\Shareaza --> UserPath 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}\InprocServer32 --> ThreadingModel 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\AudioVis --> Mike`s Simple Scopes 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\AudioVis --> Sonique Wrapper 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\AudioVis --> WMP Wrapper 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\DownloadPreview --> .avi 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\DownloadPreview --> .div 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\DownloadPreview --> .mp3 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\DownloadPreview --> .mpeg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\DownloadPreview --> .mpg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\General --> Shareaza Image Viewer 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .avi 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .jpeg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .jpg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .mpeg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .mpg 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\ImageService --> .png 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\LibraryBuilder --> .sks 	détectés : Trace.Registry.Shareaza Lite
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Shareaza\Shareaza\Plugins\MediaPlayer --> Default 	détectés : Trace.Registry.Shareaza Lite
C:\Documents and Settings\sandra aubert\Cookies\sandra_aubert@commentcamarche[1].txt 	détectés : Trace.TrackingCookie
C:\Documents and Settings\sandra aubert\Cookies\sandra_aubert@smartadserver[1].txt 	détectés : Trace.TrackingCookie
C:\Documents and Settings\sandra aubert\Cookies\sandra_aubert@specificclick[2].txt 	détectés : Trace.TrackingCookie
C:\Program Files\Navilog1\Process.exe 	détectés : Riskware.RiskTool.Win32.Processor.20

Analysé

Fichiers : 	72192
Traces : 	437248
Cookies : 	47
Processus : 	61

Trouvé

Fichiers : 	1
Traces : 	62
Cookies : 	3
Processus : 	0
Clés de Registre : 	0

Fin du balayage :	28/09/2008 00:35:12
Durée du balayage :	1:50:25



 a tte

NENESSE1401 · Answer

je suis la ...

NENESSE1401 · Answer

je ne sais pas ou j en suis vous etes toujours la???

j ai lance un trendsecure scan gratuit et il a commence le scan il a deja vu un spyware, mon ordi marche encor au ralenti egalement

NENESSE1401 · Answer

resolu!!!!

Gors probleme apparement crypt xpack.gen

79 réponses

Votre réponse

Discussions similaires

Newsletters