Mon pc est infecté de A a Z a l'aide svp

anonyme -  
 anonyme -
Bonjour,
Je crois que vous pouvez m'aider a regler quelque problem avec mon PC jai fait un SCAN avec Ad-Aware SE et j'en ai le scan log que je vais poster ici meme, je crois que jai environ 4 Backdoor en plus des VIrtumonde et un tonne d'autre choses.... Svp aidez moi voila mon SCAN LOG

Ad-Aware SE Build 1.06r1
Logfile Created on:6 novembre 2008 17:46:20
Using definitions file:SE1R304 05.11.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16(TAC index:8):4 total references
MRU List(TAC index:0):25 total references
MyWebSearch(TAC index:3):1 total references
Tracking Cookie(TAC index:3):57 total references
Virtumonde(TAC index:10):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

2008-11-06 17:46:20 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Client\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1343024091-507921405-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 636
ThreadCreationTime : 2008-11-06 20:08:57
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 2008-11-06 20:09:05
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 2008-11-06 20:09:07
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 2008-11-06 20:09:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 2008-11-06 20:09:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 2008-11-06 20:09:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 2008-11-06 20:09:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 2008-11-06 20:09:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 2008-11-06 20:09:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 2008-11-06 20:09:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 2008-11-06 20:09:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1396
ThreadCreationTime : 2008-11-06 20:09:09
BasePriority : Normal
FileVersion : 4, 8, 1227, 0
ProductVersion : 4, 8, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! Antivirus updating service
InternalName : aswUpdSv.exe
LegalCopyright : Copyright (c) 2008 ALWIL Software
OriginalFilename : aswUpdSv.exe

#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1452
ThreadCreationTime : 2008-11-06 20:09:09
BasePriority : High
FileVersion : 4, 8, 1227, 0
ProductVersion : 4, 8, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2008 ALWIL Software
OriginalFilename : aswServ.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1840
ThreadCreationTime : 2008-11-06 20:09:12
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 2008-11-06 20:09:19
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2040
ThreadCreationTime : 2008-11-06 20:09:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [mdm.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\
ProcessID : 168
ThreadCreationTime : 2008-11-06 20:09:19
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:18 [ntuneservice.exe]
FilePath : C:\Program Files\NVIDIA Corporation\nTune\
ProcessID : 268
ThreadCreationTime : 2008-11-06 20:09:22
BasePriority : Normal
FileVersion : 5.05.54
ProductVersion : 5.05.54
ProductName : NVIDIA nTune
CompanyName : NVIDIA
FileDescription : NVIDIA Access Manager
InternalName : nTuneService.exe
LegalCopyright : (c) NVIDIA Corp. All rights reserved.
OriginalFilename : nTuneService.exe

#:19 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 276
ThreadCreationTime : 2008-11-06 20:09:22
BasePriority : Normal
FileVersion : 6.14.11.7813
ProductVersion : 6.14.11.7813
ProductName : NVIDIA Driver Helper Service, Version 178.13
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 178.13
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:20 [pnkbstra.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 308
ThreadCreationTime : 2008-11-06 20:09:22
BasePriority : Normal

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 2008-11-06 20:09:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [uaservice7.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 2008-11-06 20:09:23
BasePriority : Normal
FileVersion : 1,1,0,0
CompanyName : Sony DADC Austria AG.
FileDescription : SecuROM User Access Service (V7).
LegalCopyright : Copyright (C) 2004/05 Sony DADC Austria AG
OriginalFilename : UAService7.exe
Comments : SecuROM User Access Service (V7).

#:23 [viewpointservice.exe]
FilePath : C:\Program Files\Viewpoint\Common\
ProcessID : 604
ThreadCreationTime : 2008-11-06 20:09:23
BasePriority : Normal
FileVersion : 2, 0, 0, 54
ProductVersion : 2, 0, 0, 54
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:24 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 672
ThreadCreationTime : 2008-11-06 20:09:23
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft (R) DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:25 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 900
ThreadCreationTime : 2008-11-06 20:09:23
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Service Partage réseau du Lecteur Windows Media
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : WMPNetwk.exe

#:26 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1236
ThreadCreationTime : 2008-11-06 20:09:24
BasePriority : Normal

#:27 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1256
ThreadCreationTime : 2008-11-06 20:09:24
BasePriority : Normal

#:28 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2768
ThreadCreationTime : 2008-11-06 20:09:59
BasePriority : Normal
FileVersion : 1.7.0018.7
ProductVersion : 1.7.0018.7
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Notifications Windows Genuine Advantage
InternalName : WgaNotify
LegalCopyright : © 1995-2007 Microsoft Corporation
OriginalFilename : WgaTray.exe

#:29 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2808
ThreadCreationTime : 2008-11-06 20:09:59
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:30 [logi_mwx.exe]
FilePath : C:\WINDOWS\
ProcessID : 3040
ThreadCreationTime : 2008-11-06 20:10:02
BasePriority : Normal
FileVersion : 9.79.024
ProductVersion : 9.79.024
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : (C) 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:31 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 3136
ThreadCreationTime : 2008-11-06 20:10:04
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager

#:32 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 3172
ThreadCreationTime : 2008-11-06 20:10:05
BasePriority : Normal
FileVersion : 60.0.155.000
ProductVersion : 060.000.155.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright (C) Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:33 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 3212
ThreadCreationTime : 2008-11-06 20:10:06
BasePriority : Normal
FileVersion : 4, 8, 1227, 0
ProductVersion : 4, 8, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2008 ALWIL Software
OriginalFilename : aswDisp.exe

#:34 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3228
ThreadCreationTime : 2008-11-06 20:10:08
BasePriority : Normal
FileVersion : 7.5.5 (990.7)
ProductVersion : QuickTime 7.5.5 (990.7)
ProductName : QuickTime
CompanyName : Apple Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Inc. 1989-2008
OriginalFilename : QTTask.exe

#:35 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3252
ThreadCreationTime : 2008-11-06 20:10:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

#:36 [msnmsgr.exe]
FilePath : C:\Program Files\Windows Live\Messenger\
ProcessID : 3344
ThreadCreationTime : 2008-11-06 20:10:10
BasePriority : Normal
FileVersion : 8.5.1302.1018
ProductVersion : 8.5.1302
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Live Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3364
ThreadCreationTime : 2008-11-06 20:10:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:38 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ProcessID : 3396
ThreadCreationTime : 2008-11-06 20:10:10
BasePriority : Normal
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2007
OriginalFilename : GoogleToolbarNotifier.exe

#:39 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2052
ThreadCreationTime : 2008-11-06 20:10:16
BasePriority : Normal
FileVersion : 60.0.155.000
ProductVersion : 060.000.155.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:40 [ymetray.exe]
FilePath : C:\Program Files\Yahoo!\Yahoo! Music Engine\
ProcessID : 2084
ThreadCreationTime : 2008-11-06 20:10:19
BasePriority : Normal
FileVersion : 2.2.2.058 (Build 058)
ProductVersion : 2.2.2.058 (Build 058)
ProductName : Yahoo! Music Jukebox
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Music Jukebox Tray Application
InternalName : YMP
LegalCopyright : Copyright © Yahoo! 2058-2007
LegalTrademarks :
OriginalFilename : trayapp.exe

#:41 [spuvolumewatcher.exe]
FilePath : C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\
ProcessID : 2156
ThreadCreationTime : 2008-11-06 20:10:20
BasePriority : Normal

#:42 [webshotstray.exe]
FilePath : C:\Program Files\Webshots\
ProcessID : 2180
ThreadCreationTime : 2008-11-06 20:10:20
BasePriority : Normal
FileVersion : 1.3.0.3597
ProductVersion : 1.3.0.3597
ProductName : Webshots Tray Application
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
LegalCopyright : Copyright (C) 1998
OriginalFilename : WEBSHOTSTRAY.EXE

#:43 [xfire.exe]
FilePath : C:\Program Files\Xfire\
ProcessID : 2192
ThreadCreationTime : 2008-11-06 20:10:23
BasePriority : Normal
FileVersion : 13133
ProductVersion : 13133
ProductName : Xfire
CompanyName : Xfire Inc.
FileDescription : Xfire
InternalName : xfire
LegalCopyright : Copyright 2004 Xfire Inc.
OriginalFilename : xfire.exe
Comments : Xfire

#:44 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2216
ThreadCreationTime : 2008-11-06 20:10:34
BasePriority : Normal

#:45 [hpqimzone.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2496
ThreadCreationTime : 2008-11-06 20:10:52
BasePriority : Normal

#:46 [ashsimpl.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2004
ThreadCreationTime : 2008-11-06 22:24:44
BasePriority : Normal
FileVersion : 4, 8, 1227, 0
ProductVersion : 4, 8, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : Virus scanner
InternalName : aswSimpl.exe
LegalCopyright : Copyright (c) 2008 ALWIL Software
OriginalFilename : aswSimpl.exe

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 2124
ThreadCreationTime : 2008-11-06 22:40:57
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:48 [steam.exe]
FilePath : C:\Program Files\Valve\Steam\
ProcessID : 3532
ThreadCreationTime : 2008-11-06 22:43:00
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-507921405-839522115-1003\software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}

Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "DirectX For Microsoft® Windows"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : DirectX For Microsoft® Windows

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "stubpath"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}
Value : stubpath

Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\shellexecutehooks
Value : {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\system32\fservice.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\system32\fservice.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 33

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:client@247realmedia.com/
Expires : 2020-12-31 19:00:00
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@kontera[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:client@kontera.com/
Expires : 2009-10-22 14:16:46
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@tacoda[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:79
Value : Cookie:client@tacoda.net/
Expires : 2009-10-25 19:42:22
LastSync : Hits:79
UseCount : 0
Hits : 79

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@adopt.euroclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:321
Value : Cookie:client@adopt.euroclick.com/
Expires : 2018-10-30 09:54:56
LastSync : Hits:321
UseCount : 0
Hits : 321

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:40
Value : Cookie:client@ads.pointroll.com/
Expires : 2009-12-31 19:00:00
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@himedia.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:client@himedia.112.2o7.net/
Expires : 2013-09-28 14:21:34
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@cgm.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:client@cgm.adbureau.net/
Expires : 2012-02-29 19:00:00
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:121
Value : Cookie:client@2o7.net/
Expires : 2013-11-03 17:20:34
LastSync : Hits:121
UseCount : 0
Hits : 121

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ehg-bestbuy.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:client@ehg-bestbuy.hitbox.com/
Expires : 2009-10-21 15:47:18
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:client@statcounter.com/
Expires : 2013-11-05 15:53:38
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:37
Value : Cookie:client@realmedia.com/
Expires : 2020-12-31 19:00:00
LastSync : Hits:37
UseCount : 0
Hits : 37

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:client@bluestreak.com/
Expires : 2018-10-27 14:02:38
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@bvmaxads.valuead[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:54
Value : Cookie:client@bvmaxads.valuead.com/
Expires : 2020-12-31 19:00:00
LastSync : Hits:54
UseCount : 0
Hits : 54

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ctv.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@ctv.122.2o7.net/
Expires : 2013-10-09 13:37:52
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:232
Value : Cookie:client@revsci.net/
Expires : 2040-10-22 19:43:06
LastSync : Hits:232
UseCount : 0
Hits : 232

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ivwbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:client@ivwbox.de/
Expires : 2009-09-29 14:26:30
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:231
Value : Cookie:client@adtech.de/
Expires : 2010-09-29 14:21:24
LastSync : Hits:231
UseCount : 0
Hits : 231

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1878
Value : Cookie:client@advertising.com/
Expires : 2010-11-04 14:57:38
LastSync : Hits:1878
UseCount : 0
Hits : 1878

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:client@questionmarket.com/
Expires : 2009-12-24 13:17:08
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:480
Value : Cookie:client@smartadserver.com/
Expires : 2028-10-30 17:12:50
LastSync : Hits:480
UseCount : 0
Hits : 480

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@viacom.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:104
Value : Cookie:client@viacom.adbureau.net/
Expires : 2012-02-29 19:00:00
LastSync : Hits:104
UseCount : 0
Hits : 104

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:client@overture.com/
Expires : 2037-06-02 15:00:00
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@livenation.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@livenation.122.2o7.net/
Expires : 2013-10-09 12:25:54
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@com[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@com.com/
Expires : 2018-10-09 10:59:40
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@eb.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:client@eb.adbureau.net/
Expires : 2012-02-29 19:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ticketsnow.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@ticketsnow.112.2o7.net/
Expires : 2013-10-09 12:40:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:client@msnportal.112.2o7.net/
Expires : 2013-10-05 13:42:30
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ehg-theviptour.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@ehg-theviptour.hitbox.com/
Expires : 2009-10-10 12:41:32
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:client@mediaplex.com/
Expires : 2011-10-02 23:20:10
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@about[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:client@about.com/
Expires : 1899-12-30
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@adultfriendfinder[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:client@adultfriendfinder.com/
Expires : 2010-10-11 11:52:30
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@aimfar.solution.weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@aimfar.solution.weborama.fr/
Expires : 2008-12-25 12:40:40
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@server.iad.liveperson.net/
Expires : 2009-10-31 12:49:40
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@freepay[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:client@freepay.com/
Expires : 2010-10-03 15:11:52
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@tradedoubler.com/
Expires : 2028-10-31 22:17:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@gametracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@gametracker.com/
Expires : 2009-10-13 21:04:28
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@www.burstnet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@www.burstnet.com/
Expires : 2008-10-21 17:59:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@game-advertising-online[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@game-advertising-online.com/
Expires : 2038-01-17 19:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@adserver.aol[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@adserver.aol.fr/
Expires : 2010-10-06 13:51:28
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@eaeacom.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@eaeacom.112.2o7.net/
Expires : 2013-10-15 11:02:56
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@myticketmarket.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@myticketmarket.112.2o7.net/
Expires : 2013-10-09 12:36:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@audi.solution.weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:client@audi.solution.weborama.fr/
Expires : 2008-12-12 22:07:40
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@roiservice[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@roiservice.com/
Expires : 2028-10-10 12:40:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ero-advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@ero-advertising.com/
Expires : 2008-10-12 11:52:28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:client@ehg-foxsports.hitbox.com/
Expires : 2009-11-04 17:08:26
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@videoegg.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@videoegg.adbureau.net/
Expires : 2012-02-29 19:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@searchportal.information[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:client@searchportal.information.com/
Expires : 2010-10-18 15:57:34
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : client@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:client@estat.com/
Expires : 2018-10-11 20:25:16
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache En

9 réponses

  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonsoir,

    Ne perds pas de temps avec Ad-Aware, c'est un logiciel inefficace et inutile...

    Télécharge hijackthis (logiciel de diagnostique) sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

    Installe le, lance le et clique sur "Do a system scan and save a logfile".
    Fais un copier-coller du rapport entier sur le forum

    0
  2. anonyme
     
    Et voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:53:51, on 2008-11-06
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {40DC1EBD-23F5-49C7-94CD-0C889C23E1AA} - C:\WINDOWS\system32\ssttt.dll (file missing)
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvuvtrs.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
    O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
    O4 - HKCU\..\Run: [AntiMalwareProMFCT] C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://youyourselfandyours.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: geedb - C:\WINDOWS\
    O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll (file missing)
    O20 - Winlogon Notify: wvuvtrs - wvuvtrs.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    En effet, il y a plusieurs infections sur ton ordinateur... Il va falloir utiliser plusieurs programmes pour désinfecter, merci de revenir régulièrement jusqu'au bout (je te confirmerai quand on aura terminé)

    Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse stp.

    Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php

    0
    1. anonyme
       
      Merci de m'aidez, cela est tres appreciez, voici le rapport

      SmitFraudFix v2.373

      Rapport fait à 22:08:12,15, 2008-11-06
      Executé à partir de C:\Documents and Settings\Client\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\Logi_MwX.Exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\Webshots\WebshotsTray.exe
      C:\Program Files\Xfire\Xfire.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Valve\Steam\Steam.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Client


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Client\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Client\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Client\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "LoadAppInit_DLLs"=dword:00000001


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.0.1

      Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 24.200.241.37
      DNS Server Search Order: 24.201.245.77
      DNS Server Search Order: 24.200.243.189

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{092CE926-7672-4514-A1B9-10CB8C7165F3}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCB9BC26-DA60-4648-BFD0-FB5D01EB1A36}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{092CE926-7672-4514-A1B9-10CB8C7165F3}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCB9BC26-DA60-4648-BFD0-FB5D01EB1A36}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{092CE926-7672-4514-A1B9-10CB8C7165F3}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCB9BC26-DA60-4648-BFD0-FB5D01EB1A36}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  4. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.

    • Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur une touche pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt : copie le sur le forum

    Ensuite, télécharge et installe Malwarebytes' Anti-Malware
    - A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    - Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    - Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    - Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    - A la fin du scan, clique sur Afficher les résultats
    - Coche tous les éléments détectés puis clique sur Supprimer la sélection
    - Enregistre le rapport
    - S'il t'est demandé de redémarrer, clique sur Yes

    Poste le rapport de scan après la suppression ici

    Enfin, poste un nouveau rapport hijackthis stp

    0
    1. anonyme
       
      Bon, Encore merci de m'aidez, VOICE LE RAPPORT SDFIX






      [b]SDFix: Version 1.240 [/b]
      Run by Client on 2008-11-07 at 15:43

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Default Security Values
      Restoring Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      Trojan Files Found:

      C:\Documents and Settings\Client\Local Settings\Temp\ubi80.tmp.exe - Deleted
      C:\DOCUME~1\Client\LOCALS~1\Temp\GLF3B8.tmp.dll - Deleted
      C:\DOCUME~1\Client\LOCALS~1\Temp\removalfile.bat - Deleted
      C:\WINDOWS\ktd32.atm - Deleted
      C:\WINDOWS\pskt.ini - Deleted





      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-07 16:25:54
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
      "TracesProcessed"=dword:0000016a

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:




      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
      "C:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe"="C:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe:*:Enabled:Jointops"
      "C:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\UPDATE.EXE:*:Enabled:UPDATE"
      "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:pandora"
      "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\online\\System\\shadowstrike_static_retail.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\online\\System\\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
      "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
      "C:\\Program Files\\JVTorrent\\btdownloadgui.exe"="C:\\Program Files\\JVTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
      "C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"="C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe:*:Enabled:GhostRecon"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source dedicated server\\srcds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source dedicated server\\srcds.exe:*:Enabled:srcds"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\dedicated server\\hlds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
      "C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
      "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
      "C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
      "C:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
      "C:\\Program Files\\Red Storm Entertainment\\Black Thorn\\BlackThorn.exe"="C:\\Program Files\\Red Storm Entertainment\\Black Thorn\\BlackThorn.exe:*:Enabled:BlackThorn"
      "C:\\Program Files\\Warcraft III Demo\\War3Demo.exe"="C:\\Program Files\\Warcraft III Demo\\War3Demo.exe:*:Enabled:Warcraft III Demo"
      "C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4f.exe"="C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4f.exe:*:Enabled:Heroes of Might and Magic© IV"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\valve test app 1003\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\valve test app 1003\\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag_Doll_Kung_Fu_Steam"
      "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
      "C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
      "C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\D‚mo Rainbow Six Lockdown\\Lockdown.exe"="C:\\Program Files\\Ubisoft\\Red Storm Entertainment\\D‚mo Rainbow Six Lockdown\\Lockdown.exe:*:Enabled:Lockdown"
      "C:\\Program Files\\id Software\\Quake 4 Demo\\Quake4.exe"="C:\\Program Files\\id Software\\Quake 4 Demo\\Quake4.exe:*:Enabled:Quake 4"
      "C:\\Program Files\\VUGames\\Tribes Vengeance Demo\\Program\\Bin\\tribesv_spdemo_en.exe"="C:\\Program Files\\VUGames\\Tribes Vengeance Demo\\Program\\Bin\\tribesv_spdemo_en.exe:*:Enabled:tribesv_spdemo_en"
      "C:\\Program Files\\Kylotonn Entertainment\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Program Files\\Kylotonn Entertainment\\Bet on Soldier Single Player Demo\\BoS.exe:*:Enabled:BoS"
      "C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Enabled:ubi.com Game Service"
      "C:\\Program Files\\Doom 3\\DOOM3.exe"="C:\\Program Files\\Doom 3\\DOOM3.exe:*:Enabled:DOOM 3"
      "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
      "C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
      "C:\\Program Files\\Midway Home Entertainment\\Rise and Fall Demo\\Bin\\RiseAndFallDemo.exe"="C:\\Program Files\\Midway Home Entertainment\\Rise and Fall Demo\\Bin\\RiseAndFallDemo.exe:*:Enabled:Application"
      "C:\\Program Files\\Destineer\\First to Fight\\CCF2F.exe"="C:\\Program Files\\Destineer\\First to Fight\\CCF2F.exe:*:Enabled:Close Combat: First To Fight"
      "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"="C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
      "C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"="C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
      "C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
      "C:\\Program Files\\Stormregion\\Rush for Berlin MultiPlayer Demo\\RushForBerlin.exe"="C:\\Program Files\\Stormregion\\Rush for Berlin MultiPlayer Demo\\RushForBerlin.exe:*:Enabled:Rush for Berlin"
      "C:\\SIERRA\\SWAT3\\Swat.icd"="C:\\SIERRA\\SWAT3\\Swat.icd:*:Enabled:Swat 3 : Close Quarters Battle"
      "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
      "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe:*:Enabled:RedOrchestra"
      "C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe:*:Enabled:Rise of Nations"
      "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
      "C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\heroes of annihilated empires demo\\Data\\engine.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\heroes of annihilated empires demo\\Data\\engine.exe:*:Enabled:Heroes of Annihilated Empires"
      "C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe:*:Enabled:fpupdate"
      "C:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe"="C:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe:*:Enabled:Brothers In Arms: Road to Hill 30"
      "C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
      "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
      "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe:*:Enabled:CoDUOMP"
      "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
      "C:\\Program Files\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA"
      "C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\race\\Race_Steam.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\race\\Race_Steam.exe:*:Enabled:Race"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\the ship\\ship.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\the ship\\ship.exe:*:Enabled:ship"
      "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
      "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
      "C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
      "C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"="C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat:*:Enabled:game"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\heroes of annihilated empires multiplayer demo\\engine.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\heroes of annihilated empires multiplayer demo\\engine.exe:*:Enabled:Heroes of Annihilated Empires"
      "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
      "C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"
      "C:\\WINDOWS\\system32\\nmbsieab.exe"="C:\\WINDOWS\\system32\\nmb"
      "C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\enemy territory quake wars demo\\etqw.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\enemy territory quake wars demo\\etqw.exe:*:Enabled:Enemy Territory: QUAKE Wars"
      "C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2\\hl2.exe:*:Enabled:hl2.exe"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\counter-strike source\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war demo\\W40k.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war demo\\W40k.exe:*:Enabled:W40K"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war winter assault demo\\WinterAssault.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war winter assault demo\\WinterAssault.exe:*:Enabled:WinterAssault"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life deathmatch source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life deathmatch source\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\day of defeat source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\day of defeat source\\hl2.exe:*:Enabled:hl2"
      "C:\\SIERRA\\Half-Life\\hlds.exe"="C:\\SIERRA\\Half-Life\\hlds.exe:*:Enabled:hlds"
      "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
      "C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
      "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
      "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base 2007\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base 2007\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
      "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
      "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:BF2"
      "C:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe:*:Enabled:PnkBstrB.exe"
      "C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
      "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
      "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
      "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
      "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
      "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

      [b]Remaining Files [/b]:


      File Backups: - C:\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
      Thu 16 Aug 2007 6,486 ..SH. --- "C:\WINDOWS\system32\bdeeg.bak1"
      Sun 23 Sep 2007 7,626 ..SH. --- "C:\WINDOWS\system32\bdeeg.bak2"
      Mon 24 Sep 2007 6,486 ..SH. --- "C:\WINDOWS\system32\tttss.bak1"
      Tue 11 Mar 2008 175,542 ..SH. --- "C:\WINDOWS\system32\tttss.bak2"
      Mon 10 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Sat 11 Oct 2008 3,046 ...HR --- "C:\Documents and Settings\Client\Application Data\SecuROM\UserData\securom_v7_01.bak"

      [b]Finished![/b]


      Maintenant J'installe l'autre programme en suivant tes instruction
      0
      1. anonyme > anonyme
         
        Bon, maintenant c'est mon raport Malwarebytes Anti-Malware (Encore merci)




        Malwarebytes' Anti-Malware 1.30
        Version de la base de données: 1373
        Windows 5.1.2600 Service Pack 2

        2008-11-07 16:52:46
        mbam-log-2008-11-07 (16-52-46).txt

        Type de recherche: Examen rapide
        Eléments examinés: 72005
        Temps écoulé: 14 minute(s), 23 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 33
        Valeur(s) du Registre infectée(s): 3
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 16

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{511f9316-771b-4953-a268-1c36da667fe9} (Dialer) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f6581d5-aa53-4b73-a6f9-41420c6b61f1} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{938a8a03-a938-4019-b764-03ff8d167d79} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC SpeedScan Pro (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\PC SpeedScan Pro (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\PC SpeedScan Pro\SSRes.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\PC SpeedScan Pro\WatchList.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\Performance Center\APCLang.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\Performance Center\GUID (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\Program Files\Ascentive\Performance Center\SOUND.WAV (Rogue.Multiple) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\BM5fa11ac7.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\BM5fa11ac7.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcimqiw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcimqiw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
        0
      2. anonyme > anonyme
         
        Et maintenant, Le rapport Hijackthis , le dernier que tu m'a demander

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 16:55:53, on 2008-11-07
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16735)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\CTsvcCDA.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\UAService7.exe
        C:\Program Files\Viewpoint\Common\ViewpointService.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
        C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
        C:\Program Files\Webshots\WebshotsTray.exe
        C:\Program Files\Xfire\Xfire.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Valve\Steam\Steam.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
        O4 - HKCU\..\Run: [AntiMalwareProMFCT] C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
        O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
        O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
        O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
        O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
        O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://youyourselfandyours.spaces.live.com/PhotoUpload/MsnPUpld.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
        O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
        O20 - Winlogon Notify: geedb - C:\WINDOWS\
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
        O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!

    Dans ton cas, il s'agit d'Avast (fais un clic droit sur l'icone près de l'horloge et clique sur "arrêter la protection résidente)

    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :
    double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
    1. anonyme
       
      Est-ce-que je fais ce qui marque dans la tuto ??? (Il dise de telecharger des chose si je n'ai pas les CD, je ne l'ai est pas, Devrai-je fair ce qu'il dise ???)
      0
      1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > anonyme
         
        C'est pour installer la Console de récupération, ce n'est pas obligatoire ;)

        0
      2. anonyme > anthony5151 Messages postés 10927 Statut Contributeur sécurité
         
        Et voila, le rapport de combofix,


        ComboFix 08-11-07.01 - Client 2008-11-07 17:38:28.1 - NTFSx86
        Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.551 [GMT -5:00]
        Lancé depuis: c:\documents and settings\Client\Bureau\ComboFix.exe
        Commutateurs utilisés :: c:\documents and settings\Client\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
        * Un nouveau point de restauration a été créé
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\program files\Need2Find
        c:\windows\IE4 Error Log.txt
        c:\windows\install.exe
        c:\windows\KB8888239.log
        c:\windows\system32\aeolstlj.ini
        c:\windows\system32\areefofo.ini
        c:\windows\system32\awbvgegj.ini
        c:\windows\system32\bdeeg.bak1
        c:\windows\system32\bdeeg.bak2
        c:\windows\system32\bdeeg.ini
        c:\windows\system32\beotsskw.ini
        c:\windows\system32\bwkfpxtl.ini
        c:\windows\system32\cjbcudyc.ini
        c:\windows\system32\csijyduk.ini
        c:\windows\system32\dcbucbvh.ini
        c:\windows\system32\dcjoofwo.ini
        c:\windows\system32\dedguehj.ini
        c:\windows\system32\dhdrogik.ini
        c:\windows\system32\dpomsymn.ini
        c:\windows\system32\dryhsvil.ini
        c:\windows\system32\dtcbnmtb.ini
        c:\windows\system32\ehwlbxrt.ini
        c:\windows\system32\eudrocxf.ini
        c:\windows\system32\faduvrhx.ini
        c:\windows\system32\fvuhvbbu.ini
        c:\windows\system32\fyleobjb.ini
        c:\windows\system32\ggdatksq.ini
        c:\windows\system32\gmbwsvmc.ini
        c:\windows\system32\gnfdhpon.ini
        c:\windows\system32\iebvoupl.ini
        c:\windows\system32\ikibfksh.ini
        c:\windows\system32\impovyqv.ini
        c:\windows\system32\ingtprqg.ini
        c:\windows\system32\ipuofuju.ini
        c:\windows\system32\ipuyqoyp.ini
        c:\windows\system32\jgwojuxc.ini
        c:\windows\system32\jjipplqn.ini
        c:\windows\system32\jtyfptgw.ini
        c:\windows\system32\kapdfwyu.ini
        c:\windows\system32\keobgoug.ini
        c:\windows\system32\kjxhofdd.ini
        c:\windows\system32\kqjjgxeu.ini
        c:\windows\system32\kudmayyy.ini
        c:\windows\system32\lhoglftn.ini
        c:\windows\system32\lpnvydmg.ini
        c:\windows\system32\mcimqiw.dat
        c:\windows\system32\mcimqiw_navfx.dat
        c:\windows\system32\mftmfoao.ini
        c:\windows\system32\mmhflhvn.ini
        c:\windows\system32\MSINET.oca
        c:\windows\system32\mvqqemhl.ini
        c:\windows\system32\ncrmswmt.ini
        c:\windows\system32\neoksjry.ini
        c:\windows\system32\nkjxuera.ini
        c:\windows\system32\nyxjmggb.ini
        c:\windows\system32\onvptnip.ini
        c:\windows\system32\opmpsodt.ini
        c:\windows\system32\oqxsjbwl.ini
        c:\windows\system32\pipykrwh.ini
        c:\windows\system32\pkfrexuh.ini
        c:\windows\system32\pmrbhlwv.ini
        c:\windows\system32\qvdrpabj.ini
        c:\windows\system32\rhbvktbc.ini
        c:\windows\system32\rihlfnxa.ini
        c:\windows\system32\rljwrtqi.ini
        c:\windows\system32\sisrsnqo.ini
        c:\windows\system32\titoqham.ini
        c:\windows\system32\tplmyvqx.ini
        c:\windows\system32\tttss.bak1
        c:\windows\system32\tttss.bak2
        c:\windows\system32\tttss.ini
        c:\windows\system32\umicrcgi.ini
        c:\windows\system32\upjydhip.ini
        c:\windows\system32\utiproai.ini
        c:\windows\system32\vlpdgcmg.ini
        c:\windows\system32\vtblrxee.ini
        c:\windows\system32\vygvtobm.ini
        c:\windows\system32\wcdyfrck.ini
        c:\windows\system32\wcooibqi.ini
        c:\windows\system32\wiygfolo.ini
        c:\windows\system32\wnyqvuga.ini
        c:\windows\system32\wodykoky.ini
        c:\windows\system32\wptglgrt.ini
        c:\windows\system32\xagppyje.ini
        c:\windows\system32\xisfoudh.ini
        c:\windows\system32\xjlgxyfd.ini
        c:\windows\system32\xjsmlcnf.ini
        c:\windows\system32\xnlfhhcq.ini
        c:\windows\system32\ygkislph.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Legacy_DOMAINSERVICE


        ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-07 au 2008-11-07 ))))))))))))))))))))))))))))))))))))
        .

        2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
        2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\documents and settings\Client\Application Data\Malwarebytes
        2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
        2008-11-07 16:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
        2008-11-07 16:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
        2008-11-07 15:33 . 2008-11-07 15:33 <REP> d-------- c:\windows\ERUNT
        2008-11-07 15:21 . 2008-11-07 16:30 <REP> d-------- C:\SDFix
        2008-11-06 22:08 . 2008-11-06 22:08 2,432 --a------ c:\windows\system32\tmp.reg
        2008-11-06 22:07 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
        2008-11-06 22:07 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
        2008-11-06 22:07 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
        2008-11-06 22:07 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
        2008-11-06 22:07 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
        2008-11-06 22:07 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
        2008-11-06 22:07 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
        2008-11-06 22:07 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
        2008-11-06 22:07 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
        2008-11-06 22:07 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
        2008-11-06 21:49 . 2008-11-06 21:49 <REP> d-------- c:\program files\Trend Micro
        2008-11-06 20:14 . 2008-11-06 20:14 <REP> d-------- c:\program files\AntiMalware Pro
        2008-11-06 20:13 . 2008-11-06 20:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Ascentive
        2008-11-06 20:06 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
        2008-11-06 20:06 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
        2008-11-06 20:06 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
        2008-11-04 21:30 . 2008-11-04 21:30 <REP> d-------- C:\Activision
        2008-11-04 21:10 . 2008-11-04 21:10 682,280 --a------ c:\windows\system32\pbsvc.exe
        2008-11-04 21:10 . 2008-11-04 21:10 22,328 --a------ c:\documents and settings\Client\Application Data\PnkBstrK.sys
        2008-10-31 11:27 . 2008-10-31 11:27 36,104 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
        2008-10-31 11:27 . 2008-10-31 11:26 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
        2008-10-29 20:24 . 2008-10-29 20:24 42,320 --a------ c:\windows\system32\xfcodec.dll
        2008-10-08 20:20 . 2008-10-08 20:20 <REP> d-------- c:\program files\Sierra Entertainment
        2008-10-08 20:18 . 2008-10-08 20:18 <REP> d-------- c:\documents and settings\Client\Application Data\InstallShield

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-11-07 22:15 --------- d-----w c:\documents and settings\Client\Application Data\Xfire
        2008-11-07 01:37 --------- d-----w c:\program files\MSN Messenger
        2008-11-07 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
        2008-11-06 16:18 139,344 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
        2008-11-06 01:56 --------- d-s---w c:\program files\Xfire
        2008-11-05 23:00 --------- d-----w c:\program files\Norton Security Scan
        2008-11-05 02:08 --------- d-----w c:\program files\Activision
        2008-11-02 20:32 --------- d-----w c:\program files\Fichiers communs\Apple
        2008-10-08 22:02 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
        2008-10-01 16:34 --------- d-----w c:\program files\EA GAMES
        2008-09-28 23:25 --------- d-----w c:\program files\Puran Defrag
        2008-09-28 21:50 --------- d-----w c:\program files\Electronic Arts
        2008-09-28 21:34 --------- d-----w c:\program files\Fichiers communs\AOL
        2008-09-28 18:48 --------- d-----w c:\documents and settings\Client\Application Data\XRay Engine
        2008-09-27 23:58 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
        2008-09-27 23:58 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
        2008-09-27 23:21 --------- d-----w c:\program files\Deep Silver
        2008-09-23 23:29 --------- d-----w c:\program files\America's Army
        2008-09-23 22:44 --------- d-----w c:\program files\America's Army Server Manager
        2008-09-22 21:22 720,896 ----a-w c:\windows\iun6002.exe
        2008-09-22 02:07 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
        2008-09-19 20:23 --------- d-----w c:\program files\Fichiers communs\Adobe
        2008-09-17 13:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
        2008-09-13 01:46 --------- d-----w c:\documents and settings\Client\Application Data\Apple Computer
        2008-09-13 01:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
        2008-09-13 01:44 --------- d-----w c:\program files\QuickTime
        2008-09-13 01:38 --------- d-----w c:\program files\Apple Software Update
        2007-02-02 13:42 1 ----a-w c:\documents and settings\Client\SI.bin
        2000-05-12 12:52 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
        .

        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 68856]
        "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-07 1410296]
        "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
        "AntiMalwareProMFCT"="c:\program files\AntiMalware Pro\AntiMalwarePro.exe" [2008-10-17 13434880]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
        "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
        "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
        "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
        "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
        "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
        "SoundMan"="SOUNDMAN.EXE" [2004-09-23 c:\windows\SOUNDMAN.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

        c:\documents and settings\Client\Menu D‚marrer\Programmes\D‚marrage\
        Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-17 344064]
        Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2005-02-05 196608]
        Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-10-29 3104080]

        c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
        HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
        ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-02-05 54512]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "VIDC.XFR1"= xfcodec.dll

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
        backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
        backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Manager.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Manager.lnk
        backup=c:\windows\pss\RAID Manager.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
        path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
        backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
        path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
        backup=c:\windows\pss\Xfire.lnkStartup
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
        c:\windows\system32\dumprep 0 -k [X]
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
        --a------ 2002-12-31 07:00 15360 c:\windows\system32\ctfmon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
        --a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
        --a------ 2008-09-17 08:55 86016 c:\windows\system32\nvmctray.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
        --a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]
        --a------ 2005-02-05 12:49 90112 c:\program files\Fichiers communs\Roxio Shared\Upgrade\roxassist.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
        --a------ 2005-02-05 12:50 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
        --a------ 2005-02-05 12:50 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
        --a------ 2005-02-05 12:49 65536 c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        --a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
        --a------ 2004-09-23 16:44 57344 c:\windows\ALCMTR.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
        --a------ 2004-09-24 13:06 2559488 c:\windows\ALCWZRD.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
        --a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
        "c:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"=
        "c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
        "c:\\Program Files\\Xfire\\Xfire.exe"=
        "c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
        "c:\\WINDOWS\\system32\\dpvsetup.exe"=
        "c:\\StubInstaller.exe"=
        "c:\\Program Files\\LimeWire\\LimeWire.exe"=
        "c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
        "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
        "c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
        "c:\\Program Files\\MAIET\\Gunz\\Gunz.exe"=
        "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
        "c:\\Program Files\\Valve\\Steam\\Steam.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2\\hl2.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\counter-strike source\\hl2.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base\\hl2.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2 deathmatch\\hl2.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\day of defeat source\\hl2.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
        "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
        "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
        "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base 2007\\hl2.exe"=
        "c:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

        R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
        R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
        S3 naecd;naecd;c:\docume~1\Client\LOCALS~1\Temp\naecd.sys [ ]
        S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
        .
        Contenu du dossier 'Tâches planifiées'

        2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
        - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

        2008-11-05 c:\windows\Tasks\Norton Security Scan.job
        - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]

        2008-11-07 c:\windows\Tasks\Symantec NetDetect.job
        - c:\program files\Symantec\LiveUpdate\NDetect.exe []
        .
        - - - - ORPHELINS SUPPRIMES - - - -

        Notify-geedb - (no file)
        MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
        MSConfigStartUp-AltnetPointsManager - c:\program files\Altnet\Points Manager\Points Manager.exe
        MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
        MSConfigStartUp-P2P Networking - c:\windows\system32\P2P Networking\P2P Networking.exe
        MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
        MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


        .
        ------- Examen supplémentaire -------
        .
        FireFox -: Profile - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\78efkw7t.default\
        FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
        FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sympatico.msn.ca/?mkt=fr-CA
        .

        **************************************************************************

        catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-11-07 17:44:22
        Windows 5.1.2600 Service Pack 2 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...


        c:\windows\system32\MSVolume.dll 0 bytes

        Scan terminé avec succès
        Fichiers cachés: 1

        **************************************************************************
        .
        --------------------- DLLs chargées dans les processus actifs ---------------------

        PROCESSUS: c:\windows\system32\lsass.exe
        -> c:\windows\system32\xfire_lsp.dll
        .
        ------------------------ Autres processus actifs ------------------------
        .
        c:\program files\Alwil Software\Avast4\aswUpdSv.exe
        c:\program files\Alwil Software\Avast4\ashServ.exe
        c:\windows\system32\CTSVCCDA.EXE
        c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
        c:\windows\system32\nvsvc32.exe
        c:\windows\system32\PnkBstrA.exe
        c:\windows\system32\UAService7.exe
        c:\windows\system32\MsPMSPSv.exe
        c:\program files\Windows Media Player\wmpnetwk.exe
        c:\program files\Alwil Software\Avast4\ashMaiSv.exe
        c:\program files\Alwil Software\Avast4\ashWebSv.exe
        c:\windows\system32\WgaTray.exe
        c:\windows\system32\wscntfy.exe
        c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
        c:\windows\system32\imapi.exe
        .
        **************************************************************************
        .
        Heure de fin: 2008-11-07 17:54:38 - La machine a redémarré
        ComboFix-quarantined-files.txt 2008-11-07 22:54:25

        Avant-CF: 63 557 341 184 octets libres
        Après-CF: 67,880,972,288 octets libres

        WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
        [boot loader]
        timeout=2
        default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
        [operating systems]
        c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
        multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

        366 --- E O F --- 2008-10-26 02:14:54
        0
      3. anonyme > anonyme
         
        ALors voila...... J'attends ta prochaine Instruction, Anthony
        0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Toujours avec toutes les protections désactivées, fais ceci :

    Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    c:\program files\AntiMalware Pro\AntiMalwarePro.exe
    c:\docume~1\Client\LOCALS~1\Temp\naecd.sys
    c:\windows\system32\tmp.reg

    Folder::
    c:\program files\AntiMalware Pro

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AntiMalwareProMFCT"=-
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]

    Driver::
    naecd

    ------------------------------------------------------------------

    - Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
    - Quitte le Bloc Notes

    · Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    0
    1. anonyme
       
      D'accord, ici le rapport que tu m'a demander , merci encore.


      ComboFix 08-11-07.01 - Client 2008-11-07 18:26:32.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.548 [GMT -5:00]
      Lancé depuis: c:\documents and settings\Client\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\Client\Bureau\CFScript.txt
      * Un nouveau point de restauration a été créé

      FILE ::
      c:\docume~1\Client\LOCALS~1\Temp\naecd.sys
      c:\program files\AntiMalware Pro\AntiMalwarePro.exe
      c:\windows\system32\tmp.reg
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\AntiMalware Pro
      c:\program files\AntiMalware Pro\AntiMalware Pro.url
      c:\program files\AntiMalware Pro\AntiMalwarePro.exe
      c:\program files\AntiMalware Pro\engine.dat
      c:\program files\AntiMalware Pro\SchedulePlan.txt
      c:\program files\AntiMalware Pro\SSEngine.dll
      c:\program files\AntiMalware Pro\uninst.exe
      c:\windows\system32\MSVolume.dll
      c:\windows\system32\tmp.reg

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NAECD
      -------\Service_naecd


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-07 au 2008-11-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\documents and settings\Client\Application Data\Malwarebytes
      2008-11-07 16:35 . 2008-11-07 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-11-07 16:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2008-11-07 16:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2008-11-07 15:33 . 2008-11-07 15:33 <REP> d-------- c:\windows\ERUNT
      2008-11-07 15:21 . 2008-11-07 16:30 <REP> d-------- C:\SDFix
      2008-11-06 22:07 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
      2008-11-06 22:07 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
      2008-11-06 22:07 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
      2008-11-06 22:07 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
      2008-11-06 22:07 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
      2008-11-06 22:07 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
      2008-11-06 22:07 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
      2008-11-06 22:07 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
      2008-11-06 22:07 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
      2008-11-06 22:07 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
      2008-11-06 21:49 . 2008-11-06 21:49 <REP> d-------- c:\program files\Trend Micro
      2008-11-06 20:13 . 2008-11-06 20:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Ascentive
      2008-11-06 20:06 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
      2008-11-06 20:06 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
      2008-11-06 20:06 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
      2008-11-04 21:30 . 2008-11-04 21:30 <REP> d-------- C:\Activision
      2008-11-04 21:10 . 2008-11-04 21:10 682,280 --a------ c:\windows\system32\pbsvc.exe
      2008-11-04 21:10 . 2008-11-04 21:10 22,328 --a------ c:\documents and settings\Client\Application Data\PnkBstrK.sys
      2008-10-31 11:27 . 2008-10-31 11:27 36,104 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
      2008-10-31 11:27 . 2008-10-31 11:26 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
      2008-10-29 20:24 . 2008-10-29 20:24 42,320 --a------ c:\windows\system32\xfcodec.dll
      2008-10-08 20:20 . 2008-10-08 20:20 <REP> d-------- c:\program files\Sierra Entertainment
      2008-10-08 20:18 . 2008-10-08 20:18 <REP> d-------- c:\documents and settings\Client\Application Data\InstallShield

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-11-07 23:00 --------- d-----w c:\program files\Norton Security Scan
      2008-11-07 22:15 --------- d-----w c:\documents and settings\Client\Application Data\Xfire
      2008-11-07 01:37 --------- d-----w c:\program files\MSN Messenger
      2008-11-07 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-06 16:18 139,344 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
      2008-11-06 01:56 --------- d-s---w c:\program files\Xfire
      2008-11-05 02:08 --------- d-----w c:\program files\Activision
      2008-11-02 20:32 --------- d-----w c:\program files\Fichiers communs\Apple
      2008-10-08 22:02 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
      2008-10-01 16:34 --------- d-----w c:\program files\EA GAMES
      2008-09-28 23:25 --------- d-----w c:\program files\Puran Defrag
      2008-09-28 21:50 --------- d-----w c:\program files\Electronic Arts
      2008-09-28 21:34 --------- d-----w c:\program files\Fichiers communs\AOL
      2008-09-28 18:48 --------- d-----w c:\documents and settings\Client\Application Data\XRay Engine
      2008-09-27 23:58 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
      2008-09-27 23:58 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
      2008-09-27 23:21 --------- d-----w c:\program files\Deep Silver
      2008-09-23 23:29 --------- d-----w c:\program files\America's Army
      2008-09-23 22:44 --------- d-----w c:\program files\America's Army Server Manager
      2008-09-22 21:22 720,896 ----a-w c:\windows\iun6002.exe
      2008-09-22 02:07 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
      2008-09-19 20:23 --------- d-----w c:\program files\Fichiers communs\Adobe
      2008-09-17 13:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
      2008-09-13 01:46 --------- d-----w c:\documents and settings\Client\Application Data\Apple Computer
      2008-09-13 01:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
      2008-09-13 01:44 --------- d-----w c:\program files\QuickTime
      2008-09-13 01:38 --------- d-----w c:\program files\Apple Software Update
      2007-02-02 13:42 1 ----a-w c:\documents and settings\Client\SI.bin
      2000-05-12 12:52 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-11-07_17.53.14.25 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-11-07 23:31:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_11c.dat
      + 2008-11-07 23:30:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5ec.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 68856]
      "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-07 1410296]
      "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
      "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
      "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2004-09-23 c:\windows\SOUNDMAN.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

      c:\documents and settings\Client\Menu D‚marrer\Programmes\D‚marrage\
      Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-17 344064]
      Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2005-02-05 196608]
      Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-10-29 3104080]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
      ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-02-05 54512]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.XFR1"= xfcodec.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
      backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Manager.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Manager.lnk
      backup=c:\windows\pss\RAID Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
      path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
      backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
      path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
      backup=c:\windows\pss\Xfire.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      c:\windows\system32\dumprep 0 -k [X]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2002-12-31 07:00 15360 c:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2008-09-17 08:55 86016 c:\windows\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]
      --a------ 2005-02-05 12:49 90112 c:\program files\Fichiers communs\Roxio Shared\Upgrade\roxassist.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
      --a------ 2005-02-05 12:50 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
      --a------ 2005-02-05 12:50 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
      --a------ 2005-02-05 12:49 65536 c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      --a------ 2004-09-23 16:44 57344 c:\windows\ALCMTR.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
      --a------ 2004-09-24 13:06 2559488 c:\windows\ALCWZRD.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
      "c:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"=
      "c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
      "c:\\Program Files\\Xfire\\Xfire.exe"=
      "c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=
      "c:\\StubInstaller.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
      "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
      "c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
      "c:\\Program Files\\MAIET\\Gunz\\Gunz.exe"=
      "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
      "c:\\Program Files\\Valve\\Steam\\Steam.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2\\hl2.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\counter-strike source\\hl2.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base\\hl2.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\half-life 2 deathmatch\\hl2.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\day of defeat source\\hl2.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
      "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
      "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
      "c:\\Program Files\\Valve\\Steam\\SteamApps\\matt355\\source sdk base 2007\\hl2.exe"=
      "c:\\Program Files\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

      R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
      S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
      .
      Contenu du dossier 'Tâches planifiées'

      2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2008-11-07 c:\windows\Tasks\Norton Security Scan.job
      - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]

      2008-11-07 c:\windows\Tasks\Symantec NetDetect.job
      - c:\program files\Symantec\LiveUpdate\NDetect.exe []
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-07 18:31:46
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      PROCESSUS: c:\windows\system32\lsass.exe
      -> c:\windows\system32\xfire_lsp.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\CTSVCCDA.EXE
      c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
      c:\windows\system32\nvsvc32.exe
      c:\windows\system32\PnkBstrA.exe
      c:\windows\system32\UAService7.exe
      c:\windows\system32\MsPMSPSv.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\windows\system32\WgaTray.exe
      c:\windows\system32\rundll32.exe
      c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-11-07 18:40:55 - La machine a redémarré
      ComboFix-quarantined-files.txt 2008-11-07 23:40:45
      ComboFix2.txt 2008-11-07 22:54:41

      Avant-CF: 67 851 317 248 octets libres
      Après-CF: 67,837,063,168 octets libres

      259 --- E O F --- 2008-10-26 02:14:54
      Et voila :D
      0
      1. anonyme > anonyme
         
        Et voila..... J'attend ta prochaine instrucion, s'il y en a....
        0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Poste un nouveau rapport hijackthis stp

    0
    1. anonyme
       
      Ici



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:59:23, on 2008-11-07
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\Logi_MwX.Exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\program files\valve\steam\steam.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\Program Files\Webshots\WebshotsTray.exe
      C:\Program Files\Xfire\Xfire.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
      O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://youyourselfandyours.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
      O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      0
  9. anonyme
     
    Alors et voila, C'est fait....J'espere. Merci encore , y'a t'il d'autre instruction ?
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Très bien, ton ordinateur ne semble plus infecté ! Je vais te recommander un nouvel antivirus (ainsi que d'autres choses) : lorsque tu auras fait tout ce qui est indiqué ci-dessous (surtout l'étape 5), mets le à jour et fais un scan avec pour vérifier qu'il n'y a plus aucune trace d'infection.

    Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).

    1) Sécurise ton ordinateur

    - Anti-virus :
    Avast était un antivirus convenable il y a quelques années, mais il est dépassé aujourd'hui. Il existe d'autres antivirus gratuits plus efficaces (Antivir ou AVG)
    Désinstalle Avast : Commence par supprimer ce qu'il y a en quarantaine, puis fais clic droit sur l'icone d'Avast près de l'horloge --> désactive la protection résidente.
    Puis Menu démarrer --> Panneau de configuration --> ajout/suppression de programmes --> désinstalle Avast.
    Si ça ne fonctionne pas, consulte ce lien : Désinstallation d'Avast

    Si tu choisis Antivir pour le remplacer, tu peux trouver un tutoriel et un lien pour le télécharger ici.
    Note : cette version est en anglais, mais une pré-version en français est disponible en français ici

    - Pare-feu :
    Tu n’as apparemment aucun pare-feu (sauf peut-être celui de Windows, qui est inefficace et ne filtre pas les connections sortantes utilisées par beaucoup d'infections...) : Télécharges-en un vrai. En gratuit, les plus simples sont Kerio et surtout PC Tools Firewall. Tu peux t'aider des tuto suivants pour utiliser celui que tu choisiras :
    - Tutoriel PcTools
    - Tutoriel Kerio

    - Anti-spyware :
    Tu n'as apparemment pas d'anti-spyware actif :
    * Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement, tous les 10 jours environ, et activer toutes les protections (« Enable all protection »)
    * En complément, garde MalwareBytes pour son scan de nettoyage performant.

    - Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ». Tu peux trouver des explications ici

    - Java n'est pas à jour, c'est une faille de sécurité.
    Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
    Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

    2) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    Coche également toutes les lignes commençant par 016

    Ensuite, clique sur "Fix checked"

    3) Télécharge ToolsCleaner sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
    Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
    Tu peux aussi supprimer les fichiers temporaires.
    Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
    S'il ne supprime pas tout, supprime manuellement ce qui reste.

    4) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

    Lance CCleaner
    Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
    Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
    Relance le nettoyage une deuxième fois.

    Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

    (Tu peux garder ce logiciel et l'utiliser régulièrement).

    5) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).

    * Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
    * Sélectionne l'onglet restauration du système
    * Coche l'option Désactiver la restauration du système sur tous les lecteurs
    * Clique sur OK.

    Puis refais la manipulation inverse pour réactiver la restauration système.

    6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
    Prévention et sécurité sur internet

    Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
    0
    1. anonyme
       
      Merci de ton aide, a chaque fois que j'allumais mon Pc, il y avais ce "FAUX" message qui sautait a l'ecran, maintenant il exite plus, mais, Depuis que jai fais tous cela, je ne suis plus capable de démarrer mon Jeux, CSS(Counter strike source) Quand il marque " Lancement de Counter Strike Source" Sa gele et sa bouge plus =( Le seul moyen est de redemarrer le PC , est-ce-que tu c'est pourquoi???
      0
      1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > anonyme
         
        Quel pare-feu as-tu installé ?
        Tu as bien autorisé les processus correspondants à ce jeu lors de son premier lancement après l'installation du pare-feu ?

        Si ce n'est pas ça, tu peux toujours essayer une désinstallation/réinstallation du jeu ? (attention peut-être aux sauvegardes à garder si besoin ?)


        Je vais me coucher, je continuerai à t'aider demain.

        0
      2. anonyme > anthony5151 Messages postés 10927 Statut Contributeur sécurité
         
        Jai seulement besion de desactivé mon parefeu, et bein merci beacoup mon pc est desinfecté . merci
        0