Infection par Antivirus AV2009 Fermé

Question

Bonjour,

Je suis infectée par l'antivirus AV2009....combien beaucoup.
Mes connexions sont plus que difficiles; la preuve, j'ai bien lu le lien que Toptibal donné à Leyla pour télécharger le Hyjackthis mais c'est impossible d'ouvrir la page.

Une bonne âme patiente pourrait-elle m'aider à résoudre ou plutôt réduire à néant celle saleté.



Merci!!



Cliniou.

Utilisateur anonyme · Accepted Answer

Salut,

essaie avec celui la des liens:

télécharge hijackthis
->  enregistre la cible sous .... "le bureau" 

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse 

->Tuto hijackthis

stephane_mc2004 · Answer

Tiens, et suis ce post : 
http://www.commentcamarche.net/forum/affich 7325288 probleme pub up spyware antivirus 2009

Cliniou · Answer

Hum...merci...et donc, je fais tout ce qui est marqué là? 
J'avoue ne rien y connaître, donc je préfère m'en assurer avant de me lancer.
Si j'ai un problème, puis-je revenir le notre ici ?

stephane_mc2004 · Answer

Pas de problème. Fais ce que dis le message 2 (telecharge HIJACKTHIS) et suis les instructions de la suite

Cliniou · Answer

Bon, je suis Golgorak...GO ! ;-)

Utilisateur anonyme · Answer

Re,

installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]



Option:1 => Recherche:

    * Double cliquer sur SmitfraudFix.exe
    
* Sélectionner 1 et pressez =>Entrée dans le menu pour créer 

un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque 

système 

C:\rapport.txt

==>et colle le rapport génèrer sur le forum.

*=>Ne pas faire l'option 2 sans un avis d'une personne compétente*<=


==>Tutoriel Smitfraudix

Cliniou · Answer

Bon, là je suis sur mon portable qui n'a rien et je vous explique.
L'ordinateur fixe est extrêment lent; de plus, dès que je veux ouvrir trensecure, j'obtiens le message "cannot display....". J'ai donc essayé de passer par google. Et là, c'est pire car Google m'affiche un message me conseillant grandement et de manière urgent d'installer l'antivirus 2009. Ensuite, j'ai un simple Blocked qui apparaît.
En d'autres termes, j'ai très peu de temps pour pouvoir vous écrir, ouvrir une page devient un challenge de patience et aucun des liens proposés ne peut être ouverts.
Je suis desepérée.

Je vais retenter avec vos liens un peu plus tard car là, l'ordi contaminé est totalement bloqué, j'arrive même plus à l'éteindre.

Mais c'est quoi ce AV 2009 ?

Utilisateur anonyme · Answer

Re,

AV 2009==> un virus.

@+

Cliniou · Answer

Voilà, ça a marché avec SmitFraudix.exe
J'attends vos conseils pour la suite. :-)



SmitFraudFix v2.373

Scan done at 10:36:06,07, 09/11/2008
Run from C:\Documents and Settings\Belgacom\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is 
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\DOCUME~1\Belgacom\LOCALS~1\Temp\a.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\WINDOWS\system32\ieexplorer32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\Belgacom\LOCALS~1\Temp\~tmpd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\DOCUME~1\Belgacom\LOCALS~1\Temp\~tmpc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Belgacom\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job FOUND !
C:\WINDOWS\Tasks\At??.job FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ieupdates.exe FOUND !
C:\WINDOWS\system32\msxml71.dll FOUND !
C:\WINDOWS\system32\winsrc.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Belgacom


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Belgacom\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Belgacom\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BELGACOM\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="NVDESK32.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ezShellStart.exe"
"Windows Shell (ezShellStart)"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Utilisateur anonyme · Answer

Re, Maintenant fait ceci: 2) Nettoyage: * Redemarrer l'ordinateur en mode sans échec: * Double cliquer sur smitfraudix: * Sélectionner 2 et pressez Entrée dans le menu pour supprimer les fichiers responsables de l'infection. * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection:. * Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:. * Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt: Option:: * Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu. * A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:. :FAUX POSITIF:: process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Cliniou · Answer

Question blonde: que veut dire "redémarrer l'ordinateur en mode sans échec" ? 
Je fais "restart" ?

Cliniou · Answer

Hum....vais lire le tuto, ce sera mieux;....

Utilisateur anonyme · Answer

Re,

Non pas question blonde.

mais bien de me le faire remarquer le rajouterais sur mon canned speech.

Tu redemarre ton pc normalement et au lancement tu tapottes sur F8 en générale et la tu à un belle écran noir avec plusieurs choix:

-mode sans échec,

-mode sans échec avec prise en charge du réseau.

Avec l'aide des flèches tu choisit "mode sans échec"

Cliniou · Answer

Je suis sur mon portable.
Alors sur le fixe un nouveau rapport s'eszt affiché. Dois-je le mettre (me demande comment mais bon.)
Sinon, après le rapport, le menu est à nouveau apparu , j'ai toujours les possibilités 1,2,3,4,5, L,Q et aussi "close all applications. Computer may reboot"

Utilisateur anonyme · Answer

Re,

As tu lancer le nettoyage ?

Si oui tu me passe le rapport ensuite tu redemarre en mode normal et me fait un rapport hijackthis.

merci

Cliniou · Answer

Oui, nettoyage lancé. Je vais essayer de mettre le rapport.
Merci Grand Chef !

Cliniou · Answer

Bon, c'est ben ce que je craignais, impossible d'ouvrir Explorer.

Utilisateur anonyme · Answer

Re,

Tu as mozilla essaie avec lui.

Sinon ,fait ceci:

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Cliniou · Answer

Comme je l'ai dit, ici je communique avec mon portable qui n'est pas infecté. Mon fixe, lui, l'est.
Lorsque j'ai redémarré en mode sans échec, il n'y a plus eu moyen de se connecter à internet.
Donc le lien malwarebyte, je n'arrive pas à l'utiliser car je peux taper n'importe quelle adresse sur le fixe, il refuse.

Désolée pour toute cette embrouille.

Utilisateur anonyme · Answer

Re,

Sur ton pc "infecter" as tu accès au mode normal?

@+

Cliniou · Answer

Déjà, je ne sais pas où je vois ce mode normal.
Est-ce que ça peut servir à quelque chose que je retape tout le rapport ?

Cliniou · Answer

Vive les clefs USB !!
Voilà le rapport

SmitFraudFix v2.373

Scan done at 10:56:58,95, 09/11/2008
Run from C:\Documents and Settings\Belgacom\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is 
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\Tasks\At?.job Deleted
C:\WINDOWS\Tasks\At??.job Deleted
C:\WINDOWS\system32\ieupdates.exe Deleted
C:\WINDOWS\system32\msxml71.dll Deleted
C:\WINDOWS\system32\winsrc.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Utilisateur anonyme · Answer

Re, Maintenant fait ceci: 2) Nettoyage: * Redemarrer l'ordinateur en mode sans échec: * Double cliquer sur smitfraudix: * Sélectionner 2 et pressez Entrée dans le menu pour supprimer les fichiers responsables de l'infection. * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection:. * Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:. * Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt: Option:: * Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu. * A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:. :FAUX POSITIF:: process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Cliniou · Answer

SmitFraudFix v2.373

Rapport fait à 11:53:37,44, 09/11/2008
Executé à partir de C:\Documents and Settings\Belgacom\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Le type du système de fichiers est 
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{673D56EC-BBFD-42F6-BD09-A8CA5260FE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Re,

Fait ceci maintenant:

 
télécharge hijackthis
->  enregistre la cible sous .... "le bureau" 

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse 

->Tuto hijackthis

Cliniou · Answer

Rien à faire, Av 2009 bloque ton lien. Impossible d'aller sur tendsecure

Utilisateur anonyme · Answer

Re,

Pas grave:::

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Cliniou · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:45, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ezShellStart.exe
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [88174322179859893086113967857300] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Utilisateur anonyme · Answer

Re,

Passe malwarebyte.

@+

Cliniou · Answer

Grâce à ma clef USB, je peux passer les fichiers du portable au fixe infecté.
Malwarebyte's est lancé; je te dis quoi dès qu'il a fini.

Utilisateur anonyme · Answer

Re,

Il a du boulot.

@+

Cliniou · Answer

Voilà le rapport de Malwarebyte's.
J'ai supprimé toutes les infections présentes, ensuite le shut down n'a pas fonctionné et il a fallu éteindre l'ordi manuellement.
Je ne sais pas si c'est bon signe mais pour l'instant AV 2009 n'a plus l'air vivant.....

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

09/11/2008 13:04:19
mbam-log-2008-11-09 (13-04-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 161841
Temps écoulé: 34 minute(s), 54 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\winsrc.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	dssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE	dss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88174322179859893086113967857300 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst	emp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Upload (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Delete on reboot.
C:\Program Files\Screensavers.com\Wallpaper\Heidi Klum.jpg (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml.backup (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\UNINSTALL.INF (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\009AA99C (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\009AB20F (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\009AB3AA.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\009AB51C.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Cache\009AB653.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Re,

Fait un nouvelle hijackthis.

merci

Cliniou · Answer

Voilà.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:53, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Utilisateur anonyme · Answer

Re, ==>>Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.<<=== Toolbar-S&D !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ... * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil . * Choisis l'option 1 ( "recherche") et tapes "entrée" . * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ... ( le rapport est en outre sauvegardé ici -> C:\TB.txt ) Tutoriel Toolbard-S&D

Utilisateur anonyme · Answer

Salut,

oui l'hebergeur merdouille.

@+

Cliniou · Answer

-----------\  ToolBar S&D 1.2.4   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.00GHz )
   BIOS : Award Medallion BIOS v6.0
   USER : Belgacom ( Administrator )
   BOOT : Normal boot
   A:\ (USB)
   C:\ (Local Disk) - FAT32 - Total:29 Go (Free:2 Go)
   D:\ (Local Disk) - FAT32 - Total:44 Go (Free:19 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
   Option : [1] ( 09/11/2008|14:34 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AltNet
   C:\Program Files\AltNet\My Altnet Shares
   C:\Program Files\AltNet\Download Manager
   C:\DOCUME~1\BELGACOM\APPLIC~1\Hotbar
   C:\DOCUME~1\BELGACOM\APPLIC~1\Hotbareports.txt
   C:\Program Files\Common Files\WhenU
   C:\WINDOWS\System32\P2P Networking
   C:\WINDOWS\Downloaded Program Files\hotbar.inf

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.au



   1 - "C:\ToolBar SD\TB_1.txt" - 09/11/2008|14:37 - Option : [1]

   -----------\  Fin du rapport a 14:37:15,78

Utilisateur anonyme · Answer

Re,

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

Cliniou · Answer

J'ai plusieurs possibilités: 

iNv
OsV
pv
sed
setpath



Laquelle ?

Utilisateur anonyme · Answer

Re,

Tu relance toolbard et ->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Cliniou · Answer

Le problème est que lorsque je double-clique sur le raccourci, j'obtiens Open, Explore, Search, Travailler avec Service Photo Media Markt, Scan for Viruses....
Si je clique sur "open", j'ai une liste de noms et je ne vois pas un simple "run" comme on pourrait le croire.

Goldorak, surtout continue à rester patient, je t'assure que je ne le fais pas exprès.

Utilisateur anonyme · Answer

Re,

Clic sur open pour voir.

Sinon desinstalle le et relance le.(fait l'option 2)

@+

Cliniou · Answer

Voilà le rapport de Toolbar SD


   -----------\  ToolBar S&D 1.2.4   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.00GHz )
   BIOS : Award Medallion BIOS v6.0
   USER : Belgacom ( Administrator )
   BOOT : Normal boot
   A:\ (USB)
   C:\ (Local Disk) - FAT32 - Total:29 Go (Free:2 Go)
   D:\ (Local Disk) - FAT32 - Total:44 Go (Free:19 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
   Option : [2] ( 09/11/2008|15:00 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\AltNet\My Altnet Shares
   Supprime! - C:\Program Files\AltNet\Download Manager
   Supprime! - C:\DOCUME~1\BELGACOM\APPLIC~1\Hotbareports.txt
   Supprime! - C:\WINDOWS\System32\P2P Networking
   Supprime! - C:\WINDOWS\Downloaded Program Files\hotbar.inf
   Supprime! - C:\Program Files\AltNet
   Supprime! - C:\DOCUME~1\BELGACOM\APPLIC~1\Hotbar
   Supprime! - C:\Program Files\Common Files\WhenU

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.au



   1 - "C:\ToolBar SD\TB_1.txt" - 09/11/2008|14:37 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 09/11/2008|15:03 - Option : [2]

   -----------\  Fin du rapport a 15:03:10,62



Et voilà le Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:20, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Utilisateur anonyme · Answer

Re,

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau
&#9679; Au menu principal choisi l'option "A"
&#9679; Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Cliniou · Answer

F --------- Logfile of AD-Remover 1.0.3.0 by C_XX ---------    

START at: 15:13:04 | 09/11/2008 
ON: Microsoft Windows XP [Version 5.1.2600] ( Windows XP ) 
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Belgacom | PC: HALL
BOOT MODE: Normal 
DRIVE(S): A:\ ~> Systemdrive: C:\

IE: 7.0.5730.11
 
--------- [ PROCESSES ] ---------

 C:\WINDOWS\System32\smss.exe 
 C:\WINDOWS\system32\winlogon.exe 
 C:\WINDOWS\system32\services.exe 
 C:\WINDOWS\system32\lsass.exe 
 C:\WINDOWS\system32\svchost.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\WINDOWS\system32\devldr32.exe 
 C:\WINDOWS\Explorer.EXE 
 C:\WINDOWS\system32\spoolsv.exe 
 C:\KMaestro\KMaestro.exe 
 C:\Program Files\Creative\ShareDLL\CtNotify.exe 
 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE 
 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe 
 C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE 
 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe 
 C:\Program Files\USB Disk Win98 Driver\Res.EXE 
 C:\Program Files\iTunes\iTunesHelper.exe 
 C:\Program Files\Belgacom\bin\sprtcmd.exe 
 C:\WINDOWS\system32\ctfmon.exe 
 C:\Program Files\Windows Media Player\WMPNSCFG.exe 
 C:\Program Files\Creative\ShareDLL\MediaDet.Exe 
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
 C:\Program Files\Bonjour\mDNSResponder.exe 
 C:\WINDOWS\System32\drivers\CDAC11BA.EXE 
 C:\WINDOWS\System32\CTsvcCDA.EXE 
 C:\WINDOWS\system32\ezNTSvc.exe 
 C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe 
 C:\Program Files\Network Associates\VirusScan\Mcshield.exe 
 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe 
 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 
 C:\WINDOWS\System32
vsvc32.exe 
 C:\WINDOWS\System32	cpsvcs.exe 
 C:\WINDOWS\System32\snmp.exe 
 C:\Program Files\Belgacom\bin\sprtsvc.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\WINDOWS\System32\MsPMSPSv.exe 
 C:\WINDOWS\system32\fxssvc.exe 
 C:\Program Files\iPod\bin\iPodService.exe 
 C:\WINDOWS\system32\cmd.exe 
 C:\WINDOWS\System32\WScript.exe 

---------------------------- [~> 43]


+---------------------------------------------------------------------------+
+-------------------------------  SERVICES FOUND
+---------------------------------------------------------------------------+ 

Found ! - "Boonty Games"  

+---------------------------------------------------------------------------+
+-------------------------------  REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+ 

"HKEY_LOCAL_MACHINE\Software\Boonty" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}" 
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}" 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games" 
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games" 
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games" 

+---------------------------------------------------------------------------+
+-------------------------------  FILES\FOLDERS FOUND 
+---------------------------------------------------------------------------+ 

[16/09/2004 22:07|d--------] C:\Program Files\BoontyGames 
[21/05/2005 09:17|d--------] C:\Program Files\Common Files\BOONTY Shared 
[21/05/2005 09:17|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY 

+---------- Added scan ...

+-----[HKLM\...\Run]
 
KeyMaestro	REG_SZ	C:\KMaestro\KMaestro.exe 
Disc Detector	REG_SZ	C:\Program Files\Creative\ShareDLL\CtNotify.exe 
AHQInit	REG_SZ	C:\Program Files\Creative\SBLive\Program\AHQInit.exe 
AudioHQ	REG_SZ	C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE 
NvCplDaemon	REG_SZ	RUNDLL32.EXE NvQTwk,NvCplDaemon initialize 
NeroFilterCheck	REG_SZ	C:\WINDOWS\system32\NeroCheck.exe 
WeatherOnTray	REG_SZ	C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe 
McAfeeUpdaterUI	REG_SZ	"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey 
ShStatEXE	REG_SZ	"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE 
SunJavaUpdateSched	REG_SZ	"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
Adobe Photo Downloader	REG_SZ	"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" 
USB Storage Toolbox	REG_SZ	C:\Program Files\USB Disk Win98 Driver\Res.EXE 
Adobe Reader Speed Launcher	REG_SZ	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
QuickTime Task	REG_SZ	"C:\Program Files\QuickTime\qttask.exe" -atboottime 
iTunesHelper	REG_SZ	"C:\Program Files\iTunes\iTunesHelper.exe" 
Belgacom	REG_SZ	"C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom 

+-----[HKCU\...\Run]

ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe 
WMPNSCFG	REG_SZ	C:\Program Files\Windows Media Player\WMPNSCFG.exe 

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/ 

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 

+---------------------------------------------------------------------------+
+-------------------------------  [ EOF - 103 lines ]
+---------------------------------------------------------------------------+

[ END at: 15:14:52 | 09/11/2008 ] - [ Time elapsed: 1 minute, 47 seconds ]

Utilisateur anonyme · Answer

Re,

Nettoyage AD-Remover :

! Déconnectes toi et fermes toutes applications en cours !

&#9679; Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

&#9679; Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)

Refait un hijackthis STP.

merci

Cliniou · Answer

Bien reçu, le nettoyage est lancé.
Juste pour me rassurer, je dois faire autant de nettoyages tellement l'infection est profonde ou c'est normal ?

Utilisateur anonyme · Answer

Re,

Fait un nouvelle hijackthis et te dit quoi après.(tu es pas mal infecter)

@+

Cliniou · Answer

Voilà le rapport AD Remover:

F --------- Logfile of AD-Remover 1.0.3.0 by C_XX ---------    

START at: 15:21:53 | 09/11/2008 
ON: Microsoft Windows XP [Version 5.1.2600] ( Windows XP )
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Belgacom | PC: HALL
BOOT MODE: Normal 
DRIVE(S): A:\ ~> Systemdrive: C:\

IE: 7.0.5730.11
 
--------- [ PROCESSES ] ---------

 C:\WINDOWS\System32\smss.exe 
 C:\WINDOWS\system32\winlogon.exe 
 C:\WINDOWS\system32\services.exe 
 C:\WINDOWS\system32\lsass.exe 
 C:\WINDOWS\system32\svchost.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\WINDOWS\system32\devldr32.exe 
 C:\WINDOWS\system32\spoolsv.exe 
 C:\KMaestro\KMaestro.exe 
 C:\Program Files\Creative\ShareDLL\CtNotify.exe 
 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE 
 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe 
 C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE 
 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe 
 C:\Program Files\USB Disk Win98 Driver\Res.EXE 
 C:\Program Files\iTunes\iTunesHelper.exe 
 C:\Program Files\Belgacom\bin\sprtcmd.exe 
 C:\WINDOWS\system32\ctfmon.exe 
 C:\Program Files\Windows Media Player\WMPNSCFG.exe 
 C:\Program Files\Creative\ShareDLL\MediaDet.Exe 
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
 C:\Program Files\Bonjour\mDNSResponder.exe 
 C:\WINDOWS\System32\drivers\CDAC11BA.EXE 
 C:\WINDOWS\System32\CTsvcCDA.EXE 
 C:\WINDOWS\system32\ezNTSvc.exe 
 C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe 
 C:\Program Files\Network Associates\VirusScan\Mcshield.exe 
 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe 
 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 
 C:\WINDOWS\System32
vsvc32.exe 
 C:\WINDOWS\System32	cpsvcs.exe 
 C:\WINDOWS\System32\snmp.exe 
 C:\Program Files\Belgacom\bin\sprtsvc.exe 
 C:\WINDOWS\System32\svchost.exe 
 C:\WINDOWS\System32\MsPMSPSv.exe 
 C:\WINDOWS\system32\fxssvc.exe 
 C:\Program Files\iPod\bin\iPodService.exe 
 C:\WINDOWS\system32\cmd.exe 
 C:\WINDOWS\System32\WScript.exe 

---------------------------- [~> 42]


+---------------------------------------------------------------------------+
+-------------------------------  SERVICES DELETED
+---------------------------------------------------------------------------+ 

Deleted successfully ! - "Boonty Games"  

+---------------------------------------------------------------------------+
+-------------------------------  REGISTRY ELEMENTS DELETED 
+---------------------------------------------------------------------------+ 

"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"

+---------------------------------------------------------------------------+
+-------------------------------  FILES\FOLDERS DELETED 
+---------------------------------------------------------------------------+ 

[16/09/2004 22:07|d--------] C:\Program Files\BoontyGames  
[21/05/2005 09:17|d--------] C:\Program Files\Common Files\BOONTY Shared  
[21/05/2005 09:17|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY  

(!) ---- Temp files deleted.

(!) ---- Recycle bin emptied in all drives.


+---------- Added scan ...

+-----[HKLM\...\Run]
 
KeyMaestro	REG_SZ	C:\KMaestro\KMaestro.exe 
Disc Detector	REG_SZ	C:\Program Files\Creative\ShareDLL\CtNotify.exe 
AHQInit	REG_SZ	C:\Program Files\Creative\SBLive\Program\AHQInit.exe 
AudioHQ	REG_SZ	C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE 
NvCplDaemon	REG_SZ	RUNDLL32.EXE NvQTwk,NvCplDaemon initialize 
NeroFilterCheck	REG_SZ	C:\WINDOWS\system32\NeroCheck.exe 
WeatherOnTray	REG_SZ	C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe 
McAfeeUpdaterUI	REG_SZ	"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey 
ShStatEXE	REG_SZ	"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE 
SunJavaUpdateSched	REG_SZ	"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
Adobe Photo Downloader	REG_SZ	"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" 
USB Storage Toolbox	REG_SZ	C:\Program Files\USB Disk Win98 Driver\Res.EXE 
Adobe Reader Speed Launcher	REG_SZ	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
QuickTime Task	REG_SZ	"C:\Program Files\QuickTime\qttask.exe" -atboottime 
iTunesHelper	REG_SZ	"C:\Program Files\iTunes\iTunesHelper.exe" 
Belgacom	REG_SZ	"C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom 

+-----[HKCU\...\Run]

ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe 
WMPNSCFG	REG_SZ	C:\Program Files\Windows Media Player\WMPNSCFG.exe 

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/ 

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 
 

+---------------------------------------------------------------------------+
+-------------------------------  [ EOF - 102 lines ]
+---------------------------------------------------------------------------+


Et voilà le Hijackthis: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:37, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Utilisateur anonyme · Answer

Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

 Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.

• Appuie sur une touche pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

 TUTORIAL

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

Cliniou · Answer

Voilà le rappor de SBFix: 

[b]SDFix: Version 1.240 [/b]
Run by Belgacom on 09/11/2008 at 16:52

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\drivers\TDSSpqlt.sys - Deleted
C:\WINDOWS\system32\TDSSoiqn.dll - Deleted
C:\WINDOWS\system32\TDSShrsr.dll - Deleted
C:\WINDOWS\system32\TDSSrtqp.dll - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSorvd.dat - Deleted
C:\WINDOWS\system32\TDSSkkbi.log - Deleted



Folder C:\Documents and Settings\All Users\Application Data\Software Licensors - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 17:12:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???V???????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A???????B???@?????P???$?@?? ??????~?B~??????????@?R?????????????????B???????????????????????????????????B 

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Support.com\BIN\TGCMD.EXE"="C:\Program Files\Support.com\BIN\TGCMD.EXE:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\BoontyGames\Insane\Game.exe"="C:\Program Files\BoontyGames\Insane\Game.exe:*:Enabled:INSANE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon  6 May 2002         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  7 Jun 2001        57,344 A..H. --- "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCrypt.dll"
Fri 29 Jun 2001        61,440 A..H. --- "C:\Program Files\Elaborate Bytes\CloneCD\ElbyECC.dll"
Fri  6 Jul 2001        61,440 A..H. --- "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCDIO.dll"
Fri  6 Jul 2001        61,440 A..H. --- "C:\Program Files\Elaborate Bytes\CloneCD\CCDDriver.dll"
Mon 25 Jun 2001        72,704 A..H. --- "C:\Program Files\Elaborate Bytes\CloneCD\InstallHelp.dll"
Sun 11 Sep 2005           987 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti53.tmp"
Wed 24 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 20 Mar 2002         7,798 A..H. --- "C:\Documents and Settings\Belgacom\Application Data\Microsoft\Office\Shortcut Bar\Off5.tmp"
Sun  9 Nov 2008             0 A..H. --- "C:\Documents and Settings\All Users\Application Data\SupportSoft\belgacom\SYSTEM\data\BIT1C.tmp"
Sun  9 Nov 2008             0 A..H. --- "C:\Documents and Settings\Belgacom\Local Settings\Application Data\SupportSoft\Belgacom\Belgacom\data\BIT1B.tmp"
Sun  9 Nov 2008             0 A..H. --- "C:\Documents and Settings\Belgacom\Local Settings\Application Data\SupportSoft\Belgacom\Belgacom\data\BIT1C.tmp"

[b]Finished![/b]


Voilà le Hijackthis: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:52, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32
otepad.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Cliniou · Answer

Je remets le Hijackthis car il y a eu un problème ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:45, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: BHO.clsUrlSearch - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - C:\WINDOWS\System32\BHO2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Utilisateur anonyme · Answer

Re,

installe NAVILOG1


Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\

Utilisateurs de Windows Vista :

* Afin que Navilog1 puisse fonctionner correctement, il est recommandé de désactiver l'UAC pendant l'utilisation de Navilog1 (Installation, Utilisation). N'oubliez pas dès l'utilisation de Navilog1 terminé à réactiver l'UAC sur votre Ordinateur.
comment faire pour désactiver l'UAC

* A chaque fois que vous êtes amené à exécuter Navilog1.bat ou Navilog1.exe pour l'installation, ne double-cliquez pas sur le fichier ou raccourci mais faites un clic droit dessus et dans le menu contextuel choisssez "Exécuter en tant qu'administrateur".

Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

Une fois l'installation terminé, pour lancer le fix :

- en utilisant le raccourci crée sur le bureau : Navilog1
- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

Faite le choix 1

Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.

==>>Tutoriel Navilog1

Utilisateur anonyme · Answer

Salut 

pour fkm:

Comment faire sont propre topic sur CCM

Merci

Cliniou · Answer

Search Navipromo version 3.6.9 commencé le 09/11/2008 à 17:44:52,45

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Belgacom" 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Belgacom\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\OWNER\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Belgacom\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\OWNER\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Belgacom\startm~1\programs" *** 


*** Recherche dossiers dans "C:\DOCUME~1\OWNER\startm~1\programs" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Belgacom\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\OWNER\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Belgacom\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\OWNER\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 09/11/2008 à 17:47:38,56 ***

Utilisateur anonyme · Answer

Re,

Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )

Cliniou · Answer

--------------------\  Lop S&D 4.2.4-9c   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.00GHz )
   BIOS : Award Medallion BIOS v6.0
   USER : Belgacom ( Administrator )
   BOOT : Normal boot
   A:\ (USB)
   C:\ (Local Disk) - FAT32 - Total:29 Go (Free:5 Go)
   D:\ (Local Disk) - FAT32 - Total:44 Go (Free:19 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
   Option : [1] ( 09/11/2008|17:58 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [07/12/2001|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [07/12/2001|15:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [14/09/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [21/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [13/09/2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [11/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [19/06/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
   [14/01/2004|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [18/08/2008|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
   [15/09/2004|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [22/09/2007|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [09/11/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [22/01/2005|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
   [20/12/2001|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGI
   [07/12/2001|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [20/12/2001|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [05/08/2004|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
   [12/05/2005|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [22/01/2006|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [16/04/2002|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [04/10/2005|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2002|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
   [29/10/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
   [02/03/2008|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [17/08/2005|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [25/05/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [21/11/2005|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/07/2004|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [03/11/2008|13:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [03/11/2008|13:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [07/12/2001|15:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [17/08/2005|09:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
   [07/12/2001|15:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [07/12/2001|15:22] C:\DOCUME~1\OWNER\APPLIC~1\Identities
   [07/12/2001|15:04] C:\DOCUME~1\OWNER\APPLIC~1\Microsoft

   [17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\Adobe
   [24/03/2006|16:16] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeAUM
   [21/11/2005|20:34] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeUM
   [14/01/2004|19:52] C:\DOCUME~1\BELGACOM\APPLIC~1\Ahead
   [11/11/2005|20:38] C:\DOCUME~1\BELGACOM\APPLIC~1\Apple Computer
   [27/01/2004|16:47] C:\DOCUME~1\BELGACOM\APPLIC~1\ArcSoft
   [13/01/2004|20:44] C:\DOCUME~1\BELGACOM\APPLIC~1\DVD Shrink 3.0
   [21/07/2005|16:17] C:\DOCUME~1\BELGACOM\APPLIC~1\Google
   [20/12/2001|12:43] C:\DOCUME~1\BELGACOM\APPLIC~1\Help
   [13/04/2007|14:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Hulabee
   [07/12/2001|15:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Identities
   [25/03/2007|11:43] C:\DOCUME~1\BELGACOM\APPLIC~1\InstallShield
   [17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\InterTrust
   [20/12/2001|12:31] C:\DOCUME~1\BELGACOM\APPLIC~1\InterVideo
   [07/07/2005|22:28] C:\DOCUME~1\BELGACOM\APPLIC~1\iScreensaver
   [01/05/2006|11:02] C:\DOCUME~1\BELGACOM\APPLIC~1\Leadertech
   [16/10/2002|20:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Macromedia
   [09/11/2008|12:23] C:\DOCUME~1\BELGACOM\APPLIC~1\Malwarebytes
   [07/12/2001|15:04] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft
   [17/12/2001|17:06] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft Web Folders
   [20/12/2001|12:29] C:\DOCUME~1\BELGACOM\APPLIC~1\MSN6
   [19/05/2005|17:39] C:\DOCUME~1\BELGACOM\APPLIC~1\OD2
   [25/03/2007|11:46] C:\DOCUME~1\BELGACOM\APPLIC~1\Panasonic
   [22/01/2006|17:25] C:\DOCUME~1\BELGACOM\APPLIC~1\PlayFirst
   [08/05/2004|17:26] C:\DOCUME~1\BELGACOM\APPLIC~1\Real
   [08/02/2006|09:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Sauce
   [04/10/2005|20:55] C:\DOCUME~1\BELGACOM\APPLIC~1\Skype
   [02/03/2008|14:05] C:\DOCUME~1\BELGACOM\APPLIC~1\SpinTop
   [12/06/2005|19:28] C:\DOCUME~1\BELGACOM\APPLIC~1\Sun
   [31/12/2005|15:50] C:\DOCUME~1\BELGACOM\APPLIC~1\Wildfire
   [09/11/2008|17:12] C:\DOCUME~1\BELGACOM\APPLIC~1\WinRAR
   [01/05/2005|11:39] C:\DOCUME~1\BELGACOM\APPLIC~1\Zylom

   [07/12/2001|15:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [22/10/2008 19:08][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [09/11/2008 17:09][--ah-----] C:\WINDOWS	asks\SA.DAT
   [18/08/2001 06:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [02/03/2005|19:44] C:\Program Files\_ArcadeDownloadFolder
   [03/05/2002|14:39] C:\Program Files\1047[1]
   [20/12/2001|10:33] C:\Program Files\Adaptec
   [17/12/2001|10:47] C:\Program Files\Adobe
   [09/11/2008|15:11] C:\Program Files\Ad-remover
   [14/01/2004|19:51] C:\Program Files\Ahead
   [11/05/2007|12:04] C:\Program Files\Apple Software Update
   [21/01/2004|22:10] C:\Program Files\ArcSoft
   [19/06/2008|09:33] C:\Program Files\AVG
   [09/09/2002|21:21] C:\Program Files\BBL
   [29/10/2008|10:26] C:\Program Files\Belgacom
   [14/09/2008|17:35] C:\Program Files\Bonjour
   [20/12/2001|10:15] C:\Program Files\Codemasters
   [07/12/2001|15:05] C:\Program Files\Common Files
   [07/12/2001|15:12] C:\Program Files\ComPlus Applications
   [09/08/2002|13:22] C:\Program Files\Core Design
   [11/01/2002|16:27] C:\Program Files\Creative
   [28/11/2005|15:30] C:\Program Files\Cryo
   [22/02/2005|19:47] C:\Program Files\DigiKidz
   [20/12/2001|10:23] C:\Program Files\directx
   [14/07/2002|21:48] C:\Program Files\DivX_311alpha
   [14/01/2004|17:26] C:\Program Files\DVD Shrink
   [04/01/2007|15:47] C:\Program Files\DynGate
   [18/06/2005|10:43] C:\Program Files\EasyBits For Kids
   [12/12/2002|16:28] C:\Program Files\Elaborate Bytes
   [17/12/2001|09:37] C:\Program Files\EuroTool
   [20/06/2002|19:39] C:\Program Files\FlaskMpeg
   [02/12/2007|09:51] C:\Program Files\Foto.com
   [21/12/2001|17:03] C:\Program Files\Ghost Explorer
   [02/03/2005|20:59] C:\Program Files\Google
   [25/06/2005|00:20] C:\Program Files\Google Video
   [01/03/2005|16:23] C:\Program Files\Grisoft
   [07/03/2004|21:26] C:\Program Files\hbinst
   [17/12/2001|11:38] C:\Program Files\HelpDesk
   [01/12/2004|16:06] C:\Program Files\HighMAT CD Writing Wizard
   [26/11/2003|21:56] C:\Program Files\Infogrames
   [12/12/2001|15:23] C:\Program Files\InstallShield Installation Information
   [27/09/2004|20:13] C:\Program Files\InterActual
   [07/12/2001|15:12] C:\Program Files\Internet Explorer
   [12/12/2001|15:24] C:\Program Files\InterVideo
   [14/09/2008|17:36] C:\Program Files\iPod
   [14/09/2008|17:36] C:\Program Files\iTunes
   [12/06/2005|19:27] C:\Program Files\Java
   [31/01/2007|08:59] C:\Program Files\KLDownloader
   [09/11/2008|12:23] C:\Program Files\Malwarebytes' Anti-Malware
   [20/12/2001|10:40] C:\Program Files\Maxis
   [05/01/2008|12:41] C:\Program Files\Media Markt
   [07/12/2001|15:11] C:\Program Files\Messenger
   [20/12/2001|10:23] C:\Program Files\MGI
   [05/02/2005|15:09] C:\Program Files\Microsoft ActiveSync
   [07/12/2001|15:17] C:\Program Files\microsoft frontpage
   [17/12/2001|17:06] C:\Program Files\Microsoft Office
   [24/05/2008|21:29] C:\Program Files\Microsoft Silverlight
   [05/02/2005|15:09] C:\Program Files\Microsoft Visual Studio
   [05/02/2005|15:09] C:\Program Files\Microsoft.NET
   [17/07/2002|21:37] C:\Program Files\Mindscape
   [07/12/2001|15:13] C:\Program Files\Movie Maker
   [07/12/2001|15:11] C:\Program Files\MSN
   [07/12/2001|15:11] C:\Program Files\MSN Gaming Zone
   [12/05/2005|20:05] C:\Program Files\Music Manager
   [26/03/2004|10:55] C:\Program Files\MVReader
   [09/11/2008|17:33] C:\Program Files\Navilog1
   [02/04/2008|18:31] C:\Program Files\Nemopolis
   [07/12/2001|15:13] C:\Program Files\NetMeeting
   [06/02/2005|09:27] C:\Program Files\Network Associates
   [22/03/2004|19:40] C:\Program Files\New Folder
   [17/12/2001|09:50] C:\Program Files\OfficeUpdate
   [18/05/2005|14:38] C:\Program Files\OfficeUpdate11
   [07/12/2001|15:11] C:\Program Files\Online Services
   [07/12/2001|15:13] C:\Program Files\Outlook Express
   [25/03/2007|11:44] C:\Program Files\Panasonic
   [26/11/2003|20:53] C:\Program Files\PerfectNav
   [26/05/2008|17:28] C:\Program Files\PopCap Games
   [14/09/2008|17:34] C:\Program Files\QuickTime
   [08/05/2004|17:27] C:\Program Files\Real
   [20/06/2002|19:41] C:\Program Files\RippackV3
   [14/09/2008|17:27] C:\Program Files\Safari
   [04/10/2005|20:55] C:\Program Files\Skype
   [14/09/2008|17:48] C:\Program Files\Sun
   [20/06/2002|19:36] C:\Program Files\Temporary files 1
   [09/11/2008|12:16] C:\Program Files\Trend Micro
   [26/11/2003|22:00] C:\Program Files\TryMedia
   [21/04/2003|21:11] C:\Program Files\Ubi Soft
   [07/12/2001|15:22] C:\Program Files\Uninstall Information
   [25/10/2007|00:04] C:\Program Files\USB Disk Win98 Driver
   [19/01/2003|20:59] C:\Program Files\Virtools Web Player 2.0
   [06/02/2005|11:21] C:\Program Files\Voyager2020
   [19/01/2004|18:14] C:\Program Files\vso
   [17/09/2004|17:32] C:\Program Files\WildTangent
   [25/05/2008|13:36] C:\Program Files\Windows Live
   [01/12/2004|16:36] C:\Program Files\Windows Media Connect
   [24/10/2007|23:54] C:\Program Files\Windows Media Connect 2
   [07/12/2001|15:13] C:\Program Files\Windows Media Player
   [07/12/2001|15:11] C:\Program Files\Windows NT
   [07/12/2001|15:11] C:\Program Files\WindowsUpdate
   [10/03/2007|18:23] C:\Program Files\wkasteel
   [07/12/2001|15:17] C:\Program Files\xerox
   [21/11/2005|20:31] C:\Program Files\Yahoo!
   [16/12/2007|10:08] C:\Program Files\ZoneAlarmSB
   [02/03/2008|14:05] C:\Program Files\Zuma
   [01/02/2006|20:26] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [20/12/2001|10:33] C:\Program Files\Common Files\Adaptec Shared
   [17/12/2001|10:47] C:\Program Files\Common Files\Adobe
   [14/01/2004|19:51] C:\Program Files\Common Files\Ahead
   [13/09/2007|20:09] C:\Program Files\Common Files\Apple
   [05/02/2005|15:09] C:\Program Files\Common Files\DESIGNER
   [12/12/2001|15:23] C:\Program Files\Common Files\InstallShield
   [12/06/2005|19:26] C:\Program Files\Common Files\Java
   [23/01/2005|08:50] C:\Program Files\Common Files\L&H
   [15/09/2004|13:23] C:\Program Files\Common Files\Macrovision Shared
   [20/12/2001|10:23] C:\Program Files\Common Files\MGI Shared
   [07/12/2001|15:05] C:\Program Files\Common Files\Microsoft Shared
   [07/12/2001|15:12] C:\Program Files\Common Files\MSSoap
   [06/02/2005|09:27] C:\Program Files\Common Files\Network Associates
   [07/12/2001|15:05] C:\Program Files\Common Files\ODBC
   [05/06/2002|20:29] C:\Program Files\Common Files\Real
   [07/12/2001|15:13] C:\Program Files\Common Files\Services
   [26/09/2007|22:59] C:\Program Files\Common Files\Skype
   [07/12/2001|15:05] C:\Program Files\Common Files\SpeechEngines
   [27/10/2008|14:54] C:\Program Files\Common Files\SupportSoft
   [07/12/2001|15:12] C:\Program Files\Common Files\System
   [25/05/2008|13:36] C:\Program Files\Common Files\WindowsLiveInstaller
   [10/08/2008|09:50] C:\Program Files\Common Files\xing shared

   --------------------\  Process

   ( 53 Processes )

   iexplore.exe ~ [PID:3876]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-11-09 18:00:03
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.au
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.idx
   C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.au


   [F:539][D:90]-> C:\DOCUME~1\Belgacom\LOCALS~1\Temp
   [F:349][D:0]-> C:\DOCUME~1\Belgacom\Cookies
   [F:346][D:27]-> C:\DOCUME~1\Belgacom\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   1 - "C:\Lop SD\LopR_1.txt" - 09/11/2008|18:00 - Option : [1]

   --------------------\  Fin du rapport a 18:00:37

Utilisateur anonyme · Answer

Re

Vire tes cracks et fait ceci:

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )

refait un hijackthis.

Cliniou · Answer

Je ne sais pas ce qu'est un crack :-(

Utilisateur anonyme · Answer

Re,

C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.idx
C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-53754eb6-36c5c130.au
C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.idx
C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-4e41a19c-20d4f52d.au
C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.idx
C:\DOCUME~1\BELGACOM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-21a36418-2db369af.au 

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

Cliniou · Answer

J'ai dû faire 4 réparations sans sauvegarde des registres. CCleaner ne trouve plus d'erreurs.
C'est ... fini ???

Utilisateur anonyme · Answer

Re,


Fait l'option 2 de lop.
Fait un nouveau hijackthis STP.

merci

Cliniou · Answer

Rapport 2 de lop: 


   --------------------\  Lop S&D 4.2.4-9c   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.00GHz )
   BIOS : Award Medallion BIOS v6.0
   USER : Belgacom ( Administrator )
   BOOT : Normal boot
   A:\ (USB)
   C:\ (Local Disk) - FAT32 - Total:29 Go (Free:5 Go)
   D:\ (Local Disk) - FAT32 - Total:44 Go (Free:19 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
   Option : [2] ( 09/11/2008|18:57 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [07/12/2001|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [07/12/2001|15:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [14/09/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [21/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [13/09/2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [11/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [19/06/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
   [14/01/2004|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [18/08/2008|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
   [15/09/2004|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [22/09/2007|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [09/11/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [22/01/2005|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
   [20/12/2001|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGI
   [07/12/2001|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [20/12/2001|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [05/08/2004|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
   [12/05/2005|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [22/01/2006|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [16/04/2002|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [04/10/2005|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2002|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
   [29/10/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
   [02/03/2008|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [17/08/2005|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [25/05/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [21/11/2005|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [22/07/2004|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [03/11/2008|13:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [03/11/2008|13:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [07/12/2001|15:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [17/08/2005|09:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
   [07/12/2001|15:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [07/12/2001|15:22] C:\DOCUME~1\OWNER\APPLIC~1\Identities
   [07/12/2001|15:04] C:\DOCUME~1\OWNER\APPLIC~1\Microsoft

   [17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\Adobe
   [24/03/2006|16:16] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeAUM
   [21/11/2005|20:34] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeUM
   [14/01/2004|19:52] C:\DOCUME~1\BELGACOM\APPLIC~1\Ahead
   [11/11/2005|20:38] C:\DOCUME~1\BELGACOM\APPLIC~1\Apple Computer
   [27/01/2004|16:47] C:\DOCUME~1\BELGACOM\APPLIC~1\ArcSoft
   [13/01/2004|20:44] C:\DOCUME~1\BELGACOM\APPLIC~1\DVD Shrink 3.0
   [21/07/2005|16:17] C:\DOCUME~1\BELGACOM\APPLIC~1\Google
   [20/12/2001|12:43] C:\DOCUME~1\BELGACOM\APPLIC~1\Help
   [13/04/2007|14:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Hulabee
   [07/12/2001|15:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Identities
   [25/03/2007|11:43] C:\DOCUME~1\BELGACOM\APPLIC~1\InstallShield
   [17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\InterTrust
   [20/12/2001|12:31] C:\DOCUME~1\BELGACOM\APPLIC~1\InterVideo
   [07/07/2005|22:28] C:\DOCUME~1\BELGACOM\APPLIC~1\iScreensaver
   [01/05/2006|11:02] C:\DOCUME~1\BELGACOM\APPLIC~1\Leadertech
   [16/10/2002|20:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Macromedia
   [09/11/2008|12:23] C:\DOCUME~1\BELGACOM\APPLIC~1\Malwarebytes
   [07/12/2001|15:04] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft
   [17/12/2001|17:06] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft Web Folders
   [20/12/2001|12:29] C:\DOCUME~1\BELGACOM\APPLIC~1\MSN6
   [19/05/2005|17:39] C:\DOCUME~1\BELGACOM\APPLIC~1\OD2
   [25/03/2007|11:46] C:\DOCUME~1\BELGACOM\APPLIC~1\Panasonic
   [22/01/2006|17:25] C:\DOCUME~1\BELGACOM\APPLIC~1\PlayFirst
   [08/05/2004|17:26] C:\DOCUME~1\BELGACOM\APPLIC~1\Real
   [08/02/2006|09:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Sauce
   [04/10/2005|20:55] C:\DOCUME~1\BELGACOM\APPLIC~1\Skype
   [02/03/2008|14:05] C:\DOCUME~1\BELGACOM\APPLIC~1\SpinTop
   [12/06/2005|19:28] C:\DOCUME~1\BELGACOM\APPLIC~1\Sun
   [31/12/2005|15:50] C:\DOCUME~1\BELGACOM\APPLIC~1\Wildfire
   [09/11/2008|17:12] C:\DOCUME~1\BELGACOM\APPLIC~1\WinRAR
   [01/05/2005|11:39] C:\DOCUME~1\BELGACOM\APPLIC~1\Zylom

   [07/12/2001|15:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [22/10/2008 19:08][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [09/11/2008 18:43][--ah-----] C:\WINDOWS	asks\SA.DAT
   [18/08/2001 06:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [02/03/2005|19:44] C:\Program Files\_ArcadeDownloadFolder
   [03/05/2002|14:39] C:\Program Files\1047[1]
   [20/12/2001|10:33] C:\Program Files\Adaptec
   [17/12/2001|10:47] C:\Program Files\Adobe
   [09/11/2008|15:11] C:\Program Files\Ad-remover
   [14/01/2004|19:51] C:\Program Files\Ahead
   [11/05/2007|12:04] C:\Program Files\Apple Software Update
   [21/01/2004|22:10] C:\Program Files\ArcSoft
   [19/06/2008|09:33] C:\Program Files\AVG
   [09/09/2002|21:21] C:\Program Files\BBL
   [29/10/2008|10:26] C:\Program Files\Belgacom
   [14/09/2008|17:35] C:\Program Files\Bonjour
   [09/11/2008|18:18] C:\Program Files\CCleaner
   [20/12/2001|10:15] C:\Program Files\Codemasters
   [07/12/2001|15:05] C:\Program Files\Common Files
   [07/12/2001|15:12] C:\Program Files\ComPlus Applications
   [09/08/2002|13:22] C:\Program Files\Core Design
   [11/01/2002|16:27] C:\Program Files\Creative
   [28/11/2005|15:30] C:\Program Files\Cryo
   [22/02/2005|19:47] C:\Program Files\DigiKidz
   [20/12/2001|10:23] C:\Program Files\directx
   [14/07/2002|21:48] C:\Program Files\DivX_311alpha
   [14/01/2004|17:26] C:\Program Files\DVD Shrink
   [04/01/2007|15:47] C:\Program Files\DynGate
   [18/06/2005|10:43] C:\Program Files\EasyBits For Kids
   [12/12/2002|16:28] C:\Program Files\Elaborate Bytes
   [17/12/2001|09:37] C:\Program Files\EuroTool
   [20/06/2002|19:39] C:\Program Files\FlaskMpeg
   [02/12/2007|09:51] C:\Program Files\Foto.com
   [21/12/2001|17:03] C:\Program Files\Ghost Explorer
   [02/03/2005|20:59] C:\Program Files\Google
   [25/06/2005|00:20] C:\Program Files\Google Video
   [01/03/2005|16:23] C:\Program Files\Grisoft
   [07/03/2004|21:26] C:\Program Files\hbinst
   [17/12/2001|11:38] C:\Program Files\HelpDesk
   [01/12/2004|16:06] C:\Program Files\HighMAT CD Writing Wizard
   [26/11/2003|21:56] C:\Program Files\Infogrames
   [12/12/2001|15:23] C:\Program Files\InstallShield Installation Information
   [27/09/2004|20:13] C:\Program Files\InterActual
   [07/12/2001|15:12] C:\Program Files\Internet Explorer
   [12/12/2001|15:24] C:\Program Files\InterVideo
   [14/09/2008|17:36] C:\Program Files\iPod
   [14/09/2008|17:36] C:\Program Files\iTunes
   [12/06/2005|19:27] C:\Program Files\Java
   [31/01/2007|08:59] C:\Program Files\KLDownloader
   [09/11/2008|12:23] C:\Program Files\Malwarebytes' Anti-Malware
   [20/12/2001|10:40] C:\Program Files\Maxis
   [05/01/2008|12:41] C:\Program Files\Media Markt
   [07/12/2001|15:11] C:\Program Files\Messenger
   [20/12/2001|10:23] C:\Program Files\MGI
   [05/02/2005|15:09] C:\Program Files\Microsoft ActiveSync
   [07/12/2001|15:17] C:\Program Files\microsoft frontpage
   [17/12/2001|17:06] C:\Program Files\Microsoft Office
   [24/05/2008|21:29] C:\Program Files\Microsoft Silverlight
   [05/02/2005|15:09] C:\Program Files\Microsoft Visual Studio
   [05/02/2005|15:09] C:\Program Files\Microsoft.NET
   [17/07/2002|21:37] C:\Program Files\Mindscape
   [07/12/2001|15:13] C:\Program Files\Movie Maker
   [07/12/2001|15:11] C:\Program Files\MSN
   [07/12/2001|15:11] C:\Program Files\MSN Gaming Zone
   [12/05/2005|20:05] C:\Program Files\Music Manager
   [26/03/2004|10:55] C:\Program Files\MVReader
   [09/11/2008|17:33] C:\Program Files\Navilog1
   [02/04/2008|18:31] C:\Program Files\Nemopolis
   [07/12/2001|15:13] C:\Program Files\NetMeeting
   [06/02/2005|09:27] C:\Program Files\Network Associates
   [22/03/2004|19:40] C:\Program Files\New Folder
   [17/12/2001|09:50] C:\Program Files\OfficeUpdate
   [18/05/2005|14:38] C:\Program Files\OfficeUpdate11
   [07/12/2001|15:11] C:\Program Files\Online Services
   [07/12/2001|15:13] C:\Program Files\Outlook Express
   [25/03/2007|11:44] C:\Program Files\Panasonic
   [26/11/2003|20:53] C:\Program Files\PerfectNav
   [26/05/2008|17:28] C:\Program Files\PopCap Games
   [14/09/2008|17:34] C:\Program Files\QuickTime
   [08/05/2004|17:27] C:\Program Files\Real
   [20/06/2002|19:41] C:\Program Files\RippackV3
   [14/09/2008|17:27] C:\Program Files\Safari
   [04/10/2005|20:55] C:\Program Files\Skype
   [14/09/2008|17:48] C:\Program Files\Sun
   [20/06/2002|19:36] C:\Program Files\Temporary files 1
   [09/11/2008|12:16] C:\Program Files\Trend Micro
   [26/11/2003|22:00] C:\Program Files\TryMedia
   [21/04/2003|21:11] C:\Program Files\Ubi Soft
   [07/12/2001|15:22] C:\Program Files\Uninstall Information
   [25/10/2007|00:04] C:\Program Files\USB Disk Win98 Driver
   [19/01/2003|20:59] C:\Program Files\Virtools Web Player 2.0
   [06/02/2005|11:21] C:\Program Files\Voyager2020
   [19/01/2004|18:14] C:\Program Files\vso
   [17/09/2004|17:32] C:\Program Files\WildTangent
   [25/05/2008|13:36] C:\Program Files\Windows Live
   [01/12/2004|16:36] C:\Program Files\Windows Media Connect
   [24/10/2007|23:54] C:\Program Files\Windows Media Connect 2
   [07/12/2001|15:13] C:\Program Files\Windows Media Player
   [07/12/2001|15:11] C:\Program Files\Windows NT
   [07/12/2001|15:11] C:\Program Files\WindowsUpdate
   [10/03/2007|18:23] C:\Program Files\wkasteel
   [07/12/2001|15:17] C:\Program Files\xerox
   [21/11/2005|20:31] C:\Program Files\Yahoo!
   [09/11/2008|18:39] C:\Program Files\Zone Labs
   [16/12/2007|10:08] C:\Program Files\ZoneAlarmSB
   [02/03/2008|14:05] C:\Program Files\Zuma
   [01/02/2006|20:26] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [20/12/2001|10:33] C:\Program Files\Common Files\Adaptec Shared
   [17/12/2001|10:47] C:\Program Files\Common Files\Adobe
   [14/01/2004|19:51] C:\Program Files\Common Files\Ahead
   [13/09/2007|20:09] C:\Program Files\Common Files\Apple
   [05/02/2005|15:09] C:\Program Files\Common Files\DESIGNER
   [12/12/2001|15:23] C:\Program Files\Common Files\InstallShield
   [12/06/2005|19:26] C:\Program Files\Common Files\Java
   [23/01/2005|08:50] C:\Program Files\Common Files\L&H
   [15/09/2004|13:23] C:\Program Files\Common Files\Macrovision Shared
   [20/12/2001|10:23] C:\Program Files\Common Files\MGI Shared
   [07/12/2001|15:05] C:\Program Files\Common Files\Microsoft Shared
   [07/12/2001|15:12] C:\Program Files\Common Files\MSSoap
   [06/02/2005|09:27] C:\Program Files\Common Files\Network Associates
   [07/12/2001|15:05] C:\Program Files\Common Files\ODBC
   [05/06/2002|20:29] C:\Program Files\Common Files\Real
   [07/12/2001|15:13] C:\Program Files\Common Files\Services
   [26/09/2007|22:59] C:\Program Files\Common Files\Skype
   [07/12/2001|15:05] C:\Program Files\Common Files\SpeechEngines
   [27/10/2008|14:54] C:\Program Files\Common Files\SupportSoft
   [07/12/2001|15:12] C:\Program Files\Common Files\System
   [25/05/2008|13:36] C:\Program Files\Common Files\WindowsLiveInstaller
   [10/08/2008|09:50] C:\Program Files\Common Files\xing shared

   --------------------\  Process

   ( 54 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-11-09 19:06:23
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]



   [F:327][D:8]-> C:\DOCUME~1\Belgacom\LOCALS~1\Temp
   [F:39][D:0]-> C:\DOCUME~1\Belgacom\Cookies
   [F:646][D:5]-> C:\DOCUME~1\Belgacom\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   1 - "C:\Lop SD\LopR_1.txt" - 09/11/2008|18:00 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 09/11/2008|19:08 - Option : [2]

   --------------------\  Fin du rapport a 19:08:16

Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:39, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Utilisateur anonyme · Answer

Re,

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe 

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe 

Ensuite clique sur "Fix checked"

Merci.

Refait un hijackthis.

Cliniou · Answer

Voici le dernier rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:16, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Utilisateur anonyme · Answer

Re,

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques 

Télécharge toolscleaner sur ton Bureau : 

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler 
* Clique sur Recherche et laisse le scan se terminer. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options facultatives. 
* Clique sur Quitter, pour que le rapport puisse se créer. 
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Tutoriel toolscleaner

Désactive et réactive la Restauration du système :
 
1 Dans la barre des tâches de Windows, clique sur Démarrer.
 
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
 
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.
  
5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.

Cliniou · Answer

Voilà déjà le rapport, je m'occupe de désactiver et réactiver la Restauration du système:

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Desktop\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Belgacom\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\Belgacom\Desktop\SmitFraudfix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Desktop\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Belgacom\Desktop\HijackThis.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
C:\Documents and Settings\Belgacom\Desktop\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Utilisateur anonyme · Answer

Re,

OK.

Bonne soirée.

@+

Cliniou · Answer

Voilà, tout est en ordre.

Mille mercis Goldorak !!!!!! 

10h de bataille, hum...heureusement que tous les membres du forum ne sont pas comme moi ^^


Bonne soirée. :-)

Cliniou · Answer

Je le remets ici sans savoir si j'aurai une réponse sur l'autre topic: ^^


Je me permets d'utiliser cette discussion pour éviter d'en relancer une qui ferait doublon. 
Je viens d'avoir un gros problème d'infection par AV 2009 et j'ai pu m'en sortir grâce à la patience de Goldorak. 
Pour l'instant, mes protections sont AVG Free et ZoneAlarm Free; sanbs oublier le pare-feu de Windows. 
Il y a eu une espèce de VirusScan qui voulait s'installer mais tout ce qui se présente est devenu un ennemi potentiel....vous pouvez me comprendre après 10h de nettoyage.^^ 

A votre avis, mes deux Free sont-ils suffisants et efficaces? 
Auriez-vous un conseil à me donner ? une mise en garde ? 


Non, non, moi parano ? Pffff.

Merci pour vos réponses instructives.

Infection par Antivirus AV2009

70 réponses

Discussions similaires