Bonjour, Je suis infectée par l'antivirus AV2009....combien beaucoup. Mes connexions sont plus que difficiles; la preuve, j'ai bien lu le lien que Toptibal donné à Leyla pour télécharger le Hyjackthis mais c'est impossible d'ouvrir la page. Une bonne âme patiente pourrait-elle m'aider à résoudre ou plutôt réduire à néant celle saleté. Merci!! Cliniou.

Salut, essaie avec celui la des liens: télécharge hijackthis -> enregistre la cible sous .... "le bureau" -> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation -> Clique sur Install ensuite sur "I Accept" -> Clique sur" Do a scan system and save log file" -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse ->Tuto hijackthis

Infection par Antivirus AV2009

Réponse 61 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
9 nov. 2008 à 18:27

J'ai dû faire 4 réparations sans sauvegarde des registres. CCleaner ne trouve plus d'erreurs.
C'est ... fini ???

Réponse 62 / 70

Utilisateur anonyme
9 nov. 2008 à 18:35

Re,

Fait l'option 2 de lop.
Fait un nouveau hijackthis STP.

merci

Réponse 63 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
9 nov. 2008 à 19:12

Rapport 2 de lop:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : Award Medallion BIOS v6.0
USER : Belgacom ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:29 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:44 Go (Free:19 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 09/11/2008|18:57 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[07/12/2001|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[07/12/2001|15:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[14/09/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[21/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/09/2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/11/2005|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/06/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[14/01/2004|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[18/08/2008|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[15/09/2004|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[22/09/2007|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[09/11/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/01/2005|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[20/12/2001|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGI
[07/12/2001|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/12/2001|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[05/08/2004|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[12/05/2005|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[22/01/2006|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[16/04/2002|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[04/10/2005|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[05/12/2002|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
[29/10/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[02/03/2008|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/08/2005|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/05/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[21/11/2005|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[22/07/2004|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[03/11/2008|13:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[03/11/2008|13:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[07/12/2001|15:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[17/08/2005|09:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[07/12/2001|15:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[07/12/2001|15:22] C:\DOCUME~1\OWNER\APPLIC~1\Identities
[07/12/2001|15:04] C:\DOCUME~1\OWNER\APPLIC~1\Microsoft

[17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\Adobe
[24/03/2006|16:16] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeAUM
[21/11/2005|20:34] C:\DOCUME~1\BELGACOM\APPLIC~1\AdobeUM
[14/01/2004|19:52] C:\DOCUME~1\BELGACOM\APPLIC~1\Ahead
[11/11/2005|20:38] C:\DOCUME~1\BELGACOM\APPLIC~1\Apple Computer
[27/01/2004|16:47] C:\DOCUME~1\BELGACOM\APPLIC~1\ArcSoft
[13/01/2004|20:44] C:\DOCUME~1\BELGACOM\APPLIC~1\DVD Shrink 3.0
[21/07/2005|16:17] C:\DOCUME~1\BELGACOM\APPLIC~1\Google
[20/12/2001|12:43] C:\DOCUME~1\BELGACOM\APPLIC~1\Help
[13/04/2007|14:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Hulabee
[07/12/2001|15:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Identities
[25/03/2007|11:43] C:\DOCUME~1\BELGACOM\APPLIC~1\InstallShield
[17/12/2001|10:47] C:\DOCUME~1\BELGACOM\APPLIC~1\InterTrust
[20/12/2001|12:31] C:\DOCUME~1\BELGACOM\APPLIC~1\InterVideo
[07/07/2005|22:28] C:\DOCUME~1\BELGACOM\APPLIC~1\iScreensaver
[01/05/2006|11:02] C:\DOCUME~1\BELGACOM\APPLIC~1\Leadertech
[16/10/2002|20:40] C:\DOCUME~1\BELGACOM\APPLIC~1\Macromedia
[09/11/2008|12:23] C:\DOCUME~1\BELGACOM\APPLIC~1\Malwarebytes
[07/12/2001|15:04] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft
[17/12/2001|17:06] C:\DOCUME~1\BELGACOM\APPLIC~1\Microsoft Web Folders
[20/12/2001|12:29] C:\DOCUME~1\BELGACOM\APPLIC~1\MSN6
[19/05/2005|17:39] C:\DOCUME~1\BELGACOM\APPLIC~1\OD2
[25/03/2007|11:46] C:\DOCUME~1\BELGACOM\APPLIC~1\Panasonic
[22/01/2006|17:25] C:\DOCUME~1\BELGACOM\APPLIC~1\PlayFirst
[08/05/2004|17:26] C:\DOCUME~1\BELGACOM\APPLIC~1\Real
[08/02/2006|09:22] C:\DOCUME~1\BELGACOM\APPLIC~1\Sauce
[04/10/2005|20:55] C:\DOCUME~1\BELGACOM\APPLIC~1\Skype
[02/03/2008|14:05] C:\DOCUME~1\BELGACOM\APPLIC~1\SpinTop
[12/06/2005|19:28] C:\DOCUME~1\BELGACOM\APPLIC~1\Sun
[31/12/2005|15:50] C:\DOCUME~1\BELGACOM\APPLIC~1\Wildfire
[09/11/2008|17:12] C:\DOCUME~1\BELGACOM\APPLIC~1\WinRAR
[01/05/2005|11:39] C:\DOCUME~1\BELGACOM\APPLIC~1\Zylom

[07/12/2001|15:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[22/10/2008 19:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/11/2008 18:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[18/08/2001 06:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/03/2005|19:44] C:\Program Files\_ArcadeDownloadFolder
[03/05/2002|14:39] C:\Program Files\1047[1]
[20/12/2001|10:33] C:\Program Files\Adaptec
[17/12/2001|10:47] C:\Program Files\Adobe
[09/11/2008|15:11] C:\Program Files\Ad-remover
[14/01/2004|19:51] C:\Program Files\Ahead
[11/05/2007|12:04] C:\Program Files\Apple Software Update
[21/01/2004|22:10] C:\Program Files\ArcSoft
[19/06/2008|09:33] C:\Program Files\AVG
[09/09/2002|21:21] C:\Program Files\BBL
[29/10/2008|10:26] C:\Program Files\Belgacom
[14/09/2008|17:35] C:\Program Files\Bonjour
[09/11/2008|18:18] C:\Program Files\CCleaner
[20/12/2001|10:15] C:\Program Files\Codemasters
[07/12/2001|15:05] C:\Program Files\Common Files
[07/12/2001|15:12] C:\Program Files\ComPlus Applications
[09/08/2002|13:22] C:\Program Files\Core Design
[11/01/2002|16:27] C:\Program Files\Creative
[28/11/2005|15:30] C:\Program Files\Cryo
[22/02/2005|19:47] C:\Program Files\DigiKidz
[20/12/2001|10:23] C:\Program Files\directx
[14/07/2002|21:48] C:\Program Files\DivX_311alpha
[14/01/2004|17:26] C:\Program Files\DVD Shrink
[04/01/2007|15:47] C:\Program Files\DynGate
[18/06/2005|10:43] C:\Program Files\EasyBits For Kids
[12/12/2002|16:28] C:\Program Files\Elaborate Bytes
[17/12/2001|09:37] C:\Program Files\EuroTool
[20/06/2002|19:39] C:\Program Files\FlaskMpeg
[02/12/2007|09:51] C:\Program Files\Foto.com
[21/12/2001|17:03] C:\Program Files\Ghost Explorer
[02/03/2005|20:59] C:\Program Files\Google
[25/06/2005|00:20] C:\Program Files\Google Video
[01/03/2005|16:23] C:\Program Files\Grisoft
[07/03/2004|21:26] C:\Program Files\hbinst
[17/12/2001|11:38] C:\Program Files\HelpDesk
[01/12/2004|16:06] C:\Program Files\HighMAT CD Writing Wizard
[26/11/2003|21:56] C:\Program Files\Infogrames
[12/12/2001|15:23] C:\Program Files\InstallShield Installation Information
[27/09/2004|20:13] C:\Program Files\InterActual
[07/12/2001|15:12] C:\Program Files\Internet Explorer
[12/12/2001|15:24] C:\Program Files\InterVideo
[14/09/2008|17:36] C:\Program Files\iPod
[14/09/2008|17:36] C:\Program Files\iTunes
[12/06/2005|19:27] C:\Program Files\Java
[31/01/2007|08:59] C:\Program Files\KLDownloader
[09/11/2008|12:23] C:\Program Files\Malwarebytes' Anti-Malware
[20/12/2001|10:40] C:\Program Files\Maxis
[05/01/2008|12:41] C:\Program Files\Media Markt
[07/12/2001|15:11] C:\Program Files\Messenger
[20/12/2001|10:23] C:\Program Files\MGI
[05/02/2005|15:09] C:\Program Files\Microsoft ActiveSync
[07/12/2001|15:17] C:\Program Files\microsoft frontpage
[17/12/2001|17:06] C:\Program Files\Microsoft Office
[24/05/2008|21:29] C:\Program Files\Microsoft Silverlight
[05/02/2005|15:09] C:\Program Files\Microsoft Visual Studio
[05/02/2005|15:09] C:\Program Files\Microsoft.NET
[17/07/2002|21:37] C:\Program Files\Mindscape
[07/12/2001|15:13] C:\Program Files\Movie Maker
[07/12/2001|15:11] C:\Program Files\MSN
[07/12/2001|15:11] C:\Program Files\MSN Gaming Zone
[12/05/2005|20:05] C:\Program Files\Music Manager
[26/03/2004|10:55] C:\Program Files\MVReader
[09/11/2008|17:33] C:\Program Files\Navilog1
[02/04/2008|18:31] C:\Program Files\Nemopolis
[07/12/2001|15:13] C:\Program Files\NetMeeting
[06/02/2005|09:27] C:\Program Files\Network Associates
[22/03/2004|19:40] C:\Program Files\New Folder
[17/12/2001|09:50] C:\Program Files\OfficeUpdate
[18/05/2005|14:38] C:\Program Files\OfficeUpdate11
[07/12/2001|15:11] C:\Program Files\Online Services
[07/12/2001|15:13] C:\Program Files\Outlook Express
[25/03/2007|11:44] C:\Program Files\Panasonic
[26/11/2003|20:53] C:\Program Files\PerfectNav
[26/05/2008|17:28] C:\Program Files\PopCap Games
[14/09/2008|17:34] C:\Program Files\QuickTime
[08/05/2004|17:27] C:\Program Files\Real
[20/06/2002|19:41] C:\Program Files\RippackV3
[14/09/2008|17:27] C:\Program Files\Safari
[04/10/2005|20:55] C:\Program Files\Skype
[14/09/2008|17:48] C:\Program Files\Sun
[20/06/2002|19:36] C:\Program Files\Temporary files 1
[09/11/2008|12:16] C:\Program Files\Trend Micro
[26/11/2003|22:00] C:\Program Files\TryMedia
[21/04/2003|21:11] C:\Program Files\Ubi Soft
[07/12/2001|15:22] C:\Program Files\Uninstall Information
[25/10/2007|00:04] C:\Program Files\USB Disk Win98 Driver
[19/01/2003|20:59] C:\Program Files\Virtools Web Player 2.0
[06/02/2005|11:21] C:\Program Files\Voyager2020
[19/01/2004|18:14] C:\Program Files\vso
[17/09/2004|17:32] C:\Program Files\WildTangent
[25/05/2008|13:36] C:\Program Files\Windows Live
[01/12/2004|16:36] C:\Program Files\Windows Media Connect
[24/10/2007|23:54] C:\Program Files\Windows Media Connect 2
[07/12/2001|15:13] C:\Program Files\Windows Media Player
[07/12/2001|15:11] C:\Program Files\Windows NT
[07/12/2001|15:11] C:\Program Files\WindowsUpdate
[10/03/2007|18:23] C:\Program Files\wkasteel
[07/12/2001|15:17] C:\Program Files\xerox
[21/11/2005|20:31] C:\Program Files\Yahoo!
[09/11/2008|18:39] C:\Program Files\Zone Labs
[16/12/2007|10:08] C:\Program Files\ZoneAlarmSB
[02/03/2008|14:05] C:\Program Files\Zuma
[01/02/2006|20:26] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[20/12/2001|10:33] C:\Program Files\Common Files\Adaptec Shared
[17/12/2001|10:47] C:\Program Files\Common Files\Adobe
[14/01/2004|19:51] C:\Program Files\Common Files\Ahead
[13/09/2007|20:09] C:\Program Files\Common Files\Apple
[05/02/2005|15:09] C:\Program Files\Common Files\DESIGNER
[12/12/2001|15:23] C:\Program Files\Common Files\InstallShield
[12/06/2005|19:26] C:\Program Files\Common Files\Java
[23/01/2005|08:50] C:\Program Files\Common Files\L&H
[15/09/2004|13:23] C:\Program Files\Common Files\Macrovision Shared
[20/12/2001|10:23] C:\Program Files\Common Files\MGI Shared
[07/12/2001|15:05] C:\Program Files\Common Files\Microsoft Shared
[07/12/2001|15:12] C:\Program Files\Common Files\MSSoap
[06/02/2005|09:27] C:\Program Files\Common Files\Network Associates
[07/12/2001|15:05] C:\Program Files\Common Files\ODBC
[05/06/2002|20:29] C:\Program Files\Common Files\Real
[07/12/2001|15:13] C:\Program Files\Common Files\Services
[26/09/2007|22:59] C:\Program Files\Common Files\Skype
[07/12/2001|15:05] C:\Program Files\Common Files\SpeechEngines
[27/10/2008|14:54] C:\Program Files\Common Files\SupportSoft
[07/12/2001|15:12] C:\Program Files\Common Files\System
[25/05/2008|13:36] C:\Program Files\Common Files\WindowsLiveInstaller
[10/08/2008|09:50] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:06:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

[F:327][D:8]-> C:\DOCUME~1\Belgacom\LOCALS~1\Temp
[F:39][D:0]-> C:\DOCUME~1\Belgacom\Cookies
[F:646][D:5]-> C:\DOCUME~1\Belgacom\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 09/11/2008|18:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 09/11/2008|19:08 - Option : [2]

--------------------\\ Fin du rapport a 19:08:16

Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:39, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Réponse 64 / 70

Utilisateur anonyme
9 nov. 2008 à 19:20

Re,

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.clitos.com/xxx.exe

Ensuite clique sur "Fix checked"

Merci.

Refait un hijackthis.

Réponse 65 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
9 nov. 2008 à 19:24

Voici le dernier rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:16, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pop03:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.crowneplazasharm.com/pages/vt/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamystery.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamystery.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game16.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Réponse 66 / 70

Utilisateur anonyme
9 nov. 2008 à 19:26

Re,

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques

Télécharge toolscleaner sur ton Bureau :

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Tutoriel toolscleaner

Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.

Réponse 67 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
9 nov. 2008 à 20:23

Voilà déjà le rapport, je m'occupe de désactiver et réactiver la Restauration du système:

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Desktop\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Belgacom\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\Belgacom\Desktop\SmitFraudfix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Desktop\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Belgacom\Desktop\HijackThis.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
C:\Documents and Settings\Belgacom\Desktop\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 68 / 70

Utilisateur anonyme
9 nov. 2008 à 20:24

Re,

OK.

Bonne soirée.

@+

Réponse 69 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
9 nov. 2008 à 20:29

Voilà, tout est en ordre.

Mille mercis Goldorak !!!!!!

10h de bataille, hum...heureusement que tous les membres du forum ne sont pas comme moi ^^

Bonne soirée. :-)

Réponse 70 / 70

Cliniou Messages postés 40 Date d'inscription samedi 8 novembre 2008 Statut Membre Dernière intervention 12 novembre 2008
11 nov. 2008 à 14:26

Je le remets ici sans savoir si j'aurai une réponse sur l'autre topic: ^^

Je me permets d'utiliser cette discussion pour éviter d'en relancer une qui ferait doublon.
Je viens d'avoir un gros problème d'infection par AV 2009 et j'ai pu m'en sortir grâce à la patience de Goldorak.
Pour l'instant, mes protections sont AVG Free et ZoneAlarm Free; sanbs oublier le pare-feu de Windows.
Il y a eu une espèce de VirusScan qui voulait s'installer mais tout ce qui se présente est devenu un ennemi potentiel....vous pouvez me comprendre après 10h de nettoyage.^^

A votre avis, mes deux Free sont-ils suffisants et efficaces?
Auriez-vous un conseil à me donner ? une mise en garde ?

Non, non, moi parano ? Pffff.

Merci pour vos réponses instructives.

Infection par Antivirus AV2009

70 réponses

Discussions similaires