Rapport hijackthis ordi portable

dine77380 Messages postés 5 Statut Membre -
dine77380 - 15 nov. 2008 à 17:53

Bonjour je vous envoie mon rapport hijackthis pouvez vous me dire ce qu'il ne va pas ?? merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:30, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\windows live\messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\IMVU\IMVUClient.exe
C:\Program Files\IMVU\IMVUQualityAgent.exe
C:\Users\Hospice\Documents\Personnaliser mon PC\Personnalisé Bureau\Tombe sur mon bureau\AutumnLeaves\AutumnLeaves.exe
C:\Users\Hospice\Documents\Personnaliser mon PC\Personnalisé Bureau\Tombe sur mon bureau\AutumnLeaves\AutumnLeaves.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4ADBF_frFR242FR242&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c1511f2d-d6ab-46c8-8c09-4b21d29206d5} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hospice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Afficher la suite

A voir également:

Rapport hijackthis ordi portable
Hijackthis - Télécharger - Antivirus & Antimalwares
Ordi qui rame - Guide
Comment reinitialiser un ordi - Guide
Hwmonitor portable - Télécharger - Informations & Diagnostic
Activer pavé tactile pc portable - Guide

9 réponses

Réponse 1 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

Salut ! plusieurs infection bababab.... on commence par l'infection lop ! :::: désactive l'uac de vista stp : http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac#1 via le panneau de configuration

*Télécharge LopSD.exe sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Clique-droit sur le raccourci LopSD présent sur le Bureau et choisis "Exécuter en tant qu'administrateur" pour lancer LopSD.

Choisis la langue F pour Français puis valide par Entrée.

Choisis l'option Recherche en saisissant 1 puis valide par Entrée
.
* Patiente jusqu'à la fin du scan
* Poste le rapport généré qui se trouve ici => (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide

dine77380

Merci pour votre aide voici le rapport

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2080 @ 1.73GHz )
BIOS : BIOS Date: 06/23/07 Ver: V2.10
USER : Hospice ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:26 Go)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:24 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 14/11/2008|15:09 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[23/01/2008|10:21] C:\Users\Hospice\AppData\Local\Adobe
[17/09/2007|14:26] C:\Users\Hospice\AppData\Local\Apple Computer
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Application Data
[14/11/2008|10:26] C:\Users\Hospice\AppData\Local\ApplicationHistory
[07/11/2008|14:01] C:\Users\Hospice\AppData\Local\Autodesk
[04/01/2008|15:24] C:\Users\Hospice\AppData\Local\Axialis
[29/09/2007|11:49] C:\Users\Hospice\AppData\Local\BingoCafe
[21/09/2007|13:05] C:\Users\Hospice\AppData\Local\BingoLiner
[28/09/2007|07:17] C:\Users\Hospice\AppData\Local\BingoLinerUK
[25/01/2008|08:59] C:\Users\Hospice\AppData\Local\Clips-Rap.com
[23/11/2007|17:12] C:\Users\Hospice\AppData\Local\d3d8caps.dat
[03/06/2008|19:44] C:\Users\Hospice\AppData\Local\d3d9caps.dat
[07/11/2008|10:56] C:\Users\Hospice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/10/2008|16:03] C:\Users\Hospice\AppData\Local\eMule
[17/09/2007|14:46] C:\Users\Hospice\AppData\Local\fusioncache.dat
[29/04/2008|14:58] C:\Users\Hospice\AppData\Local\GDIPFONTCACHEV1.DAT
[22/10/2008|16:25] C:\Users\Hospice\AppData\Local\Google
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Historique
[14/11/2008|15:03] C:\Users\Hospice\AppData\Local\IconCache.db
[05/03/2008|09:09] C:\Users\Hospice\AppData\Local\itnxnx.0xe
[03/05/2008|09:51] C:\Users\Hospice\AppData\Local\itnxnx.dat
[23/02/2008|10:51] C:\Users\Hospice\AppData\Local\itnxnx_nav.dat
[03/05/2008|09:52] C:\Users\Hospice\AppData\Local\itnxnx_navps.dat
[06/10/2008|13:12] C:\Users\Hospice\AppData\Local\Microsoft
[12/02/2008|14:39] C:\Users\Hospice\AppData\Local\Microsoft Games
[03/05/2008|09:26] C:\Users\Hospice\AppData\Local\MigWiz
[20/06/2008|07:32] C:\Users\Hospice\AppData\Local\Netlog
[03/01/2008|10:45] C:\Users\Hospice\AppData\Local\Panda Software
[04/11/2008|09:55] C:\Users\Hospice\AppData\Local\PokerStars
[12/04/2008|07:53] C:\Users\Hospice\AppData\Local\Sony Ericsson
[14/11/2008|15:07] C:\Users\Hospice\AppData\Local\Temp
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Temporary Internet Files
[12/09/2007|09:27] C:\Users\Hospice\AppData\Local\Toshiba
[13/09/2007|14:26] C:\Users\Hospice\AppData\Local\VirtualStore
[20/02/2008|09:01] C:\Users\Hospice\AppData\Local\WMTools Downloaded Files

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[10/01/2008 17:25][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[14/11/2008 15:05][--ah-----] C:\Windows\tasks\SA.DAT
[14/11/2008 15:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/01/2008|16:04] C:\ProgramData\Adobe
[17/09/2007|14:17] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[12/09/2007|08:13] C:\ProgramData\Atheros
[07/11/2008|14:03] C:\ProgramData\Autodesk
[12/11/2007|11:24] C:\ProgramData\Azureus
[12/09/2007|09:19] C:\ProgramData\Bureau
[05/10/2007|16:01] C:\ProgramData\CanonBJ
[23/01/2008|17:31] C:\ProgramData\Corel
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[21/10/2008|16:04] C:\ProgramData\eMule
[12/09/2007|09:19] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[14/11/2008|10:42] C:\ProgramData\F-Secure
[24/01/2008|13:14] C:\ProgramData\fssg
[26/09/2007|09:46] C:\ProgramData\Google
[13/11/2008|18:32] C:\ProgramData\Google Updater
[03/06/2008|13:22] C:\ProgramData\Grisoft
[25/04/2008|21:35] C:\ProgramData\Installations
[21/10/2008|14:28] C:\ProgramData\Lavasoft
[18/12/2007|13:40] C:\ProgramData\LUUnInstall.LiveUpdate
[12/09/2007|09:19] C:\ProgramData\Menu D‚marrer
[05/10/2007|09:55] C:\ProgramData\MGS
[14/05/2008|13:15] C:\ProgramData\Microgaming
[23/01/2008|22:30] C:\ProgramData\Microsoft
[12/09/2007|09:19] C:\ProgramData\ModŠles
[29/04/2008|14:24] C:\ProgramData\ntusers.log
[25/04/2008|21:54] C:\ProgramData\PC Suite
[22/05/2008|12:46] C:\ProgramData\Propellerhead Software
[12/04/2008|07:52] C:\ProgramData\Sony Ericsson
[02/11/2006|14:02] C:\ProgramData\Start Menu
[18/12/2007|15:50] C:\ProgramData\Symantec
[29/04/2008|14:13] C:\ProgramData\SymplisIT
[12/04/2008|07:52] C:\ProgramData\Teleca
[12/02/2008|14:33] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[01/06/2007|09:59] C:\ProgramData\Toshiba
[12/09/2007|09:24] C:\ProgramData\ToshibaEurope
[01/06/2007|09:45] C:\ProgramData\Ulead Systems
[08/10/2008|15:22] C:\ProgramData\WinZip
[20/01/2008|14:01] C:\ProgramData\WLInstaller
[07/07/2008|22:19] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[24/01/2008|11:18] C:\Program Files\3D Snow
[10/01/2008|10:52] C:\Program Files\7-Zip
[17/07/2008|17:45] C:\Program Files\Adobe
[01/06/2007|09:35] C:\Program Files\Analog Devices
[20/06/2008|07:30] C:\Program Files\AnmSMP
[25/01/2008|11:34] C:\Program Files\Antadis
[12/09/2007|08:13] C:\Program Files\Atheros
[01/06/2007|09:40] C:\Program Files\ATK Hotkey
[07/11/2008|13:57] C:\Program Files\Autodesk
[25/01/2008|08:58] C:\Program Files\AxBx
[25/10/2007|12:48] C:\Program Files\Blender Foundation
[25/01/2008|09:05] C:\Program Files\bwin
[26/11/2007|23:32] C:\Program Files\Casino Classic Flash Casino
[27/01/2008|19:15] C:\Program Files\Clips-Rap.com
[07/11/2008|13:46] C:\Program Files\Common Files
[24/01/2008|11:18] C:\Program Files\Conduit
[23/01/2008|17:31] C:\Program Files\Corel
[20/05/2008|15:07] C:\Program Files\Dealio
[20/01/2008|14:37] C:\Program Files\Dexxa
[25/04/2008|21:55] C:\Program Files\DIFX
[27/05/2008|08:42] C:\Program Files\Direct MIDI to MP3 Converter
[21/10/2008|16:03] C:\Program Files\eMule
[30/12/2007|12:36] C:\Program Files\EoRezo
[24/01/2008|11:18] C:\Program Files\e-texaspoker client
[12/09/2007|09:19] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/05/2008|15:06] C:\Program Files\Free Audio Pack
[27/09/2007|21:21] C:\Program Files\Free Notes & Office Ink
[04/05/2008|17:50] C:\Program Files\Freeplayer
[22/10/2008|16:53] C:\Program Files\Gimp-2.0
[10/08/2008|14:02] C:\Program Files\Google
[13/10/2007|08:29] C:\Program Files\Graphex3
[01/06/2007|10:14] C:\Program Files\IDM
[03/06/2008|12:17] C:\Program Files\IEToolbar
[17/07/2008|19:30] C:\Program Files\IMVU
[07/11/2008|10:21] C:\Program Files\ImvuTools2
[06/10/2008|13:02] C:\Program Files\InstallShield Installation Information
[01/06/2007|09:30] C:\Program Files\Intel
[03/08/2008|20:37] C:\Program Files\Internet Explorer
[01/06/2007|09:46] C:\Program Files\InterVideo
[30/12/2007|12:39] C:\Program Files\ItsLabel
[14/05/2008|16:57] C:\Program Files\IVCsoft
[17/07/2008|17:58] C:\Program Files\Java
[21/10/2008|14:24] C:\Program Files\Lavasoft
[01/06/2007|09:36] C:\Program Files\ltmoh
[31/01/2008|09:09] C:\Program Files\Macrogaming
[29/10/2008|10:03] C:\Program Files\MansionPoker
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[19/12/2007|09:40] C:\Program Files\Microsoft GIF Animator
[02/12/2007|09:38] C:\Program Files\Microsoft Office
[10/01/2008|17:26] C:\Program Files\Microsoft SQL Server Compact Edition
[27/05/2008|08:11] C:\Program Files\MidiMeow
[03/08/2008|20:38] C:\Program Files\Movie Maker
[20/02/2008|09:01] C:\Program Files\Movie Maker 2.6
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/12/2007|09:37] C:\Program Files\MSECache
[13/02/2008|13:52] C:\Program Files\MSN Games
[26/01/2008|11:45] C:\Program Files\MSN Messenger
[25/01/2008|15:14] C:\Program Files\MSXML 4.0
[01/06/2007|10:15] C:\Program Files\myphotobook
[06/05/2008|13:06] C:\Program Files\Nokia
[23/01/2008|20:06] C:\Program Files\Norton Security Scan
[03/06/2008|11:54] C:\Program Files\NRJ
[26/04/2008|09:20] C:\Program Files\OpenOffice.org 2.3
[26/04/2008|09:23] C:\Program Files\OpenOffice.org 2.4
[26/04/2008|09:43] C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files
[14/11/2008|10:51] C:\Program Files\Pack Securite
[25/04/2008|21:47] C:\Program Files\PC Connectivity Solution
[22/10/2008|16:25] C:\Program Files\Picasa2
[28/10/2008|14:49] C:\Program Files\PokerStars
[03/12/2007|15:19] C:\Program Files\PokerStars.NET
[17/09/2007|14:19] C:\Program Files\QuickTime
[25/02/2008|10:47] C:\Program Files\Radio Fr Solo
[06/11/2007|15:17] C:\Program Files\Real
[01/06/2007|09:52] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[20/05/2008|14:58] C:\Program Files\Replay Converter
[20/05/2008|15:08] C:\Program Files\Search Settings
[13/11/2008|17:16] C:\Program Files\SecondLife
[12/04/2008|07:50] C:\Program Files\Sony Ericsson
[04/12/2007|09:29] C:\Program Files\Star Downloader
[02/12/2007|12:08] C:\Program Files\SupraASCIIArt
[18/12/2007|13:40] C:\Program Files\Symantec
[01/06/2007|09:37] C:\Program Files\Synaptics
[01/06/2007|11:03] C:\Program Files\TOSHIBA
[20/05/2008|14:33] C:\Program Files\Total Video Converter
[14/11/2008|14:26] C:\Program Files\Trend Micro
[01/06/2007|09:42] C:\Program Files\Ulead Systems
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[21/09/2007|19:00] C:\Program Files\VideoLAN
[03/08/2008|20:38] C:\Program Files\Windows Calendar
[03/08/2008|20:37] C:\Program Files\Windows Collaboration
[03/08/2008|20:37] C:\Program Files\Windows Defender
[03/08/2008|20:37] C:\Program Files\Windows Journal
[27/02/2008|15:43] C:\Program Files\windows live
[10/01/2008|17:25] C:\Program Files\Windows Live Favorites
[10/01/2008|17:25] C:\Program Files\Windows Live Toolbar
[16/10/2008|14:35] C:\Program Files\Windows Mail
[01/06/2007|09:45] C:\Program Files\Windows Media Components
[03/08/2008|20:37] C:\Program Files\Windows Media Player
[12/09/2007|09:19] C:\Program Files\Windows NT
[03/08/2008|20:37] C:\Program Files\Windows Photo Gallery
[03/08/2008|20:38] C:\Program Files\Windows Sidebar
[25/01/2008|14:42] C:\Program Files\WinRAR
[06/10/2008|12:59] C:\Program Files\WinZip
[07/07/2008|22:21] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/02/2008|10:09] C:\Program Files\Common Files\Adobe
[07/11/2008|13:54] C:\Program Files\Common Files\Autodesk Shared
[17/09/2007|14:13] C:\Program Files\Common Files\InstallShield
[01/06/2007|09:29] C:\Program Files\Common Files\Java
[20/01/2008|14:37] C:\Program Files\Common Files\Logitech
[07/11/2008|13:37] C:\Program Files\Common Files\microsoft shared
[14/02/2008|10:49] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[12/04/2008|07:52] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/09/2007|14:04] C:\Program Files\Common Files\SWF Studio
[18/12/2007|15:50] C:\Program Files\Common Files\Symantec Shared
[03/08/2008|20:37] C:\Program Files\Common Files\System
[12/04/2008|07:52] C:\Program Files\Common Files\Teleca Shared
[01/06/2007|10:00] C:\Program Files\Common Files\Toshiba Shared
[01/06/2007|09:45] C:\Program Files\Common Files\Ulead Systems
[24/01/2008|11:18] C:\Program Files\Common Files\WindowsLiveInstaller
[14/02/2008|10:50] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 56 Processes )

iexplore.exe ~ [PID:2900]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Hospice\AppData\Roaming\MICROS~1\Windows\Cookies\hospice@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 15:09:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 179

--------------------\\ Recherche d'autres infections

C:\Windows\System32\nvs2.inf

C:\Users\Hospice\AppData\Local\itnxnx.dat
C:\Users\Hospice\AppData\Local\itnxnx_nav.dat
C:\Users\Hospice\AppData\Local\itnxnx_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Hospice\AppData\Roaming\Azureus\torrents\!_Norton_AntiVirus_2007_Crack-Serial-Keygen[1].torrent
C:\Users\Hospice\AppData\Roaming\Azureus\torrents\Norton_Antivirus_2007_+_keygen[1].torrent
C:\Users\Hospice\AppData\Roaming\Azureus\torrents\Panda_AntiVirus_2008_Keygen[1].torrent

[F:242][D:21]-> C:\Users\Hospice\AppData\Local\Temp
[F:686][D:1]-> C:\Users\Hospice\AppData\Roaming\MICROS~1\Windows\Cookies
[F:623][D:4]-> C:\Users\Hospice\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:11]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 14/11/2008|15:13 - Option : [1]

--------------------\\ Fin du rapport a 15:13:28
[ UAC => 1 ]

Réponse 2 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

relance lopS&D ! (en ayant fermé tout t'es programmes en cours :) ) et fait l'option 2 ! Ensuite redonne le nouveau rapport ici ;) !

Désactive encore le contrôle des comptes utilisateurs(car il à été remit par lopS&D) (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite "activer ou désactiver le contrôle des comptes utilisateur
-décoche la case met "ok" !

Télécharge maintenant Navilog1 :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter

en tant qu'administrateur".

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt

dine77380

Merci et voici le rapport LOP option 2

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2080 @ 1.73GHz )
BIOS : BIOS Date: 06/23/07 Ver: V2.10
USER : Hospice ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:26 Go)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:24 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14/11/2008|15:35 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Hospice\AppData\Roaming\MICROS~1\Windows\Cookies\hospice@advertising[2].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[23/01/2008|10:21] C:\Users\Hospice\AppData\Local\Adobe
[17/09/2007|14:26] C:\Users\Hospice\AppData\Local\Apple Computer
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Application Data
[14/11/2008|10:26] C:\Users\Hospice\AppData\Local\ApplicationHistory
[07/11/2008|14:01] C:\Users\Hospice\AppData\Local\Autodesk
[04/01/2008|15:24] C:\Users\Hospice\AppData\Local\Axialis
[29/09/2007|11:49] C:\Users\Hospice\AppData\Local\BingoCafe
[21/09/2007|13:05] C:\Users\Hospice\AppData\Local\BingoLiner
[28/09/2007|07:17] C:\Users\Hospice\AppData\Local\BingoLinerUK
[25/01/2008|08:59] C:\Users\Hospice\AppData\Local\Clips-Rap.com
[23/11/2007|17:12] C:\Users\Hospice\AppData\Local\d3d8caps.dat
[03/06/2008|19:44] C:\Users\Hospice\AppData\Local\d3d9caps.dat
[07/11/2008|10:56] C:\Users\Hospice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/10/2008|16:03] C:\Users\Hospice\AppData\Local\eMule
[17/09/2007|14:46] C:\Users\Hospice\AppData\Local\fusioncache.dat
[29/04/2008|14:58] C:\Users\Hospice\AppData\Local\GDIPFONTCACHEV1.DAT
[22/10/2008|16:25] C:\Users\Hospice\AppData\Local\Google
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Historique
[14/11/2008|15:03] C:\Users\Hospice\AppData\Local\IconCache.db
[05/03/2008|09:09] C:\Users\Hospice\AppData\Local\itnxnx.0xe
[03/05/2008|09:51] C:\Users\Hospice\AppData\Local\itnxnx.dat
[23/02/2008|10:51] C:\Users\Hospice\AppData\Local\itnxnx_nav.dat
[03/05/2008|09:52] C:\Users\Hospice\AppData\Local\itnxnx_navps.dat
[06/10/2008|13:12] C:\Users\Hospice\AppData\Local\Microsoft
[12/02/2008|14:39] C:\Users\Hospice\AppData\Local\Microsoft Games
[03/05/2008|09:26] C:\Users\Hospice\AppData\Local\MigWiz
[20/06/2008|07:32] C:\Users\Hospice\AppData\Local\Netlog
[03/01/2008|10:45] C:\Users\Hospice\AppData\Local\Panda Software
[04/11/2008|09:55] C:\Users\Hospice\AppData\Local\PokerStars
[12/04/2008|07:53] C:\Users\Hospice\AppData\Local\Sony Ericsson
[14/11/2008|15:35] C:\Users\Hospice\AppData\Local\Temp
[12/09/2007|09:23] C:\Users\Hospice\AppData\Local\Temporary Internet Files
[12/09/2007|09:27] C:\Users\Hospice\AppData\Local\Toshiba
[13/09/2007|14:26] C:\Users\Hospice\AppData\Local\VirtualStore
[20/02/2008|09:01] C:\Users\Hospice\AppData\Local\WMTools Downloaded Files

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[10/01/2008 17:25][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[14/11/2008 15:05][--ah-----] C:\Windows\tasks\SA.DAT
[14/11/2008 15:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[22/01/2008|16:04] C:\ProgramData\Adobe
[17/09/2007|14:17] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[12/09/2007|08:13] C:\ProgramData\Atheros
[07/11/2008|14:03] C:\ProgramData\Autodesk
[12/11/2007|11:24] C:\ProgramData\Azureus
[12/09/2007|09:19] C:\ProgramData\Bureau
[05/10/2007|16:01] C:\ProgramData\CanonBJ
[23/01/2008|17:31] C:\ProgramData\Corel
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[21/10/2008|16:04] C:\ProgramData\eMule
[12/09/2007|09:19] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[14/11/2008|10:42] C:\ProgramData\F-Secure
[24/01/2008|13:14] C:\ProgramData\fssg
[26/09/2007|09:46] C:\ProgramData\Google
[13/11/2008|18:32] C:\ProgramData\Google Updater
[03/06/2008|13:22] C:\ProgramData\Grisoft
[25/04/2008|21:35] C:\ProgramData\Installations
[21/10/2008|14:28] C:\ProgramData\Lavasoft
[18/12/2007|13:40] C:\ProgramData\LUUnInstall.LiveUpdate
[12/09/2007|09:19] C:\ProgramData\Menu D‚marrer
[05/10/2007|09:55] C:\ProgramData\MGS
[14/05/2008|13:15] C:\ProgramData\Microgaming
[23/01/2008|22:30] C:\ProgramData\Microsoft
[12/09/2007|09:19] C:\ProgramData\ModŠles
[29/04/2008|14:24] C:\ProgramData\ntusers.log
[25/04/2008|21:54] C:\ProgramData\PC Suite
[22/05/2008|12:46] C:\ProgramData\Propellerhead Software
[12/04/2008|07:52] C:\ProgramData\Sony Ericsson
[02/11/2006|14:02] C:\ProgramData\Start Menu
[18/12/2007|15:50] C:\ProgramData\Symantec
[29/04/2008|14:13] C:\ProgramData\SymplisIT
[12/04/2008|07:52] C:\ProgramData\Teleca
[12/02/2008|14:33] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[01/06/2007|09:59] C:\ProgramData\Toshiba
[12/09/2007|09:24] C:\ProgramData\ToshibaEurope
[01/06/2007|09:45] C:\ProgramData\Ulead Systems
[08/10/2008|15:22] C:\ProgramData\WinZip
[20/01/2008|14:01] C:\ProgramData\WLInstaller
[07/07/2008|22:19] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[24/01/2008|11:18] C:\Program Files\3D Snow
[10/01/2008|10:52] C:\Program Files\7-Zip
[17/07/2008|17:45] C:\Program Files\Adobe
[01/06/2007|09:35] C:\Program Files\Analog Devices
[20/06/2008|07:30] C:\Program Files\AnmSMP
[25/01/2008|11:34] C:\Program Files\Antadis
[12/09/2007|08:13] C:\Program Files\Atheros
[01/06/2007|09:40] C:\Program Files\ATK Hotkey
[07/11/2008|13:57] C:\Program Files\Autodesk
[25/01/2008|08:58] C:\Program Files\AxBx
[25/10/2007|12:48] C:\Program Files\Blender Foundation
[25/01/2008|09:05] C:\Program Files\bwin
[26/11/2007|23:32] C:\Program Files\Casino Classic Flash Casino
[27/01/2008|19:15] C:\Program Files\Clips-Rap.com
[07/11/2008|13:46] C:\Program Files\Common Files
[24/01/2008|11:18] C:\Program Files\Conduit
[23/01/2008|17:31] C:\Program Files\Corel
[20/05/2008|15:07] C:\Program Files\Dealio
[20/01/2008|14:37] C:\Program Files\Dexxa
[25/04/2008|21:55] C:\Program Files\DIFX
[27/05/2008|08:42] C:\Program Files\Direct MIDI to MP3 Converter
[21/10/2008|16:03] C:\Program Files\eMule
[30/12/2007|12:36] C:\Program Files\EoRezo
[24/01/2008|11:18] C:\Program Files\e-texaspoker client
[12/09/2007|09:19] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/05/2008|15:06] C:\Program Files\Free Audio Pack
[27/09/2007|21:21] C:\Program Files\Free Notes & Office Ink
[04/05/2008|17:50] C:\Program Files\Freeplayer
[22/10/2008|16:53] C:\Program Files\Gimp-2.0
[10/08/2008|14:02] C:\Program Files\Google
[13/10/2007|08:29] C:\Program Files\Graphex3
[01/06/2007|10:14] C:\Program Files\IDM
[03/06/2008|12:17] C:\Program Files\IEToolbar
[17/07/2008|19:30] C:\Program Files\IMVU
[07/11/2008|10:21] C:\Program Files\ImvuTools2
[06/10/2008|13:02] C:\Program Files\InstallShield Installation Information
[01/06/2007|09:30] C:\Program Files\Intel
[03/08/2008|20:37] C:\Program Files\Internet Explorer
[01/06/2007|09:46] C:\Program Files\InterVideo
[30/12/2007|12:39] C:\Program Files\ItsLabel
[14/05/2008|16:57] C:\Program Files\IVCsoft
[17/07/2008|17:58] C:\Program Files\Java
[21/10/2008|14:24] C:\Program Files\Lavasoft
[01/06/2007|09:36] C:\Program Files\ltmoh
[31/01/2008|09:09] C:\Program Files\Macrogaming
[29/10/2008|10:03] C:\Program Files\MansionPoker
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[19/12/2007|09:40] C:\Program Files\Microsoft GIF Animator
[02/12/2007|09:38] C:\Program Files\Microsoft Office
[10/01/2008|17:26] C:\Program Files\Microsoft SQL Server Compact Edition
[27/05/2008|08:11] C:\Program Files\MidiMeow
[03/08/2008|20:38] C:\Program Files\Movie Maker
[20/02/2008|09:01] C:\Program Files\Movie Maker 2.6
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/12/2007|09:37] C:\Program Files\MSECache
[13/02/2008|13:52] C:\Program Files\MSN Games
[26/01/2008|11:45] C:\Program Files\MSN Messenger
[25/01/2008|15:14] C:\Program Files\MSXML 4.0
[01/06/2007|10:15] C:\Program Files\myphotobook
[06/05/2008|13:06] C:\Program Files\Nokia
[23/01/2008|20:06] C:\Program Files\Norton Security Scan
[03/06/2008|11:54] C:\Program Files\NRJ
[26/04/2008|09:20] C:\Program Files\OpenOffice.org 2.3
[26/04/2008|09:23] C:\Program Files\OpenOffice.org 2.4
[26/04/2008|09:43] C:\Program Files\OpenOffice.org 2.4 (fr) Installation Files
[14/11/2008|10:51] C:\Program Files\Pack Securite
[25/04/2008|21:47] C:\Program Files\PC Connectivity Solution
[22/10/2008|16:25] C:\Program Files\Picasa2
[28/10/2008|14:49] C:\Program Files\PokerStars
[03/12/2007|15:19] C:\Program Files\PokerStars.NET
[17/09/2007|14:19] C:\Program Files\QuickTime
[25/02/2008|10:47] C:\Program Files\Radio Fr Solo
[06/11/2007|15:17] C:\Program Files\Real
[01/06/2007|09:52] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[20/05/2008|14:58] C:\Program Files\Replay Converter
[20/05/2008|15:08] C:\Program Files\Search Settings
[13/11/2008|17:16] C:\Program Files\SecondLife
[12/04/2008|07:50] C:\Program Files\Sony Ericsson
[04/12/2007|09:29] C:\Program Files\Star Downloader
[02/12/2007|12:08] C:\Program Files\SupraASCIIArt
[18/12/2007|13:40] C:\Program Files\Symantec
[01/06/2007|09:37] C:\Program Files\Synaptics
[01/06/2007|11:03] C:\Program Files\TOSHIBA
[20/05/2008|14:33] C:\Program Files\Total Video Converter
[14/11/2008|14:26] C:\Program Files\Trend Micro
[01/06/2007|09:42] C:\Program Files\Ulead Systems
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[21/09/2007|19:00] C:\Program Files\VideoLAN
[03/08/2008|20:38] C:\Program Files\Windows Calendar
[03/08/2008|20:37] C:\Program Files\Windows Collaboration
[03/08/2008|20:37] C:\Program Files\Windows Defender
[03/08/2008|20:37] C:\Program Files\Windows Journal
[27/02/2008|15:43] C:\Program Files\windows live
[10/01/2008|17:25] C:\Program Files\Windows Live Favorites
[10/01/2008|17:25] C:\Program Files\Windows Live Toolbar
[16/10/2008|14:35] C:\Program Files\Windows Mail
[01/06/2007|09:45] C:\Program Files\Windows Media Components
[03/08/2008|20:37] C:\Program Files\Windows Media Player
[12/09/2007|09:19] C:\Program Files\Windows NT
[03/08/2008|20:37] C:\Program Files\Windows Photo Gallery
[03/08/2008|20:38] C:\Program Files\Windows Sidebar
[25/01/2008|14:42] C:\Program Files\WinRAR
[06/10/2008|12:59] C:\Program Files\WinZip
[07/07/2008|22:21] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/02/2008|10:09] C:\Program Files\Common Files\Adobe
[07/11/2008|13:54] C:\Program Files\Common Files\Autodesk Shared
[17/09/2007|14:13] C:\Program Files\Common Files\InstallShield
[01/06/2007|09:29] C:\Program Files\Common Files\Java
[20/01/2008|14:37] C:\Program Files\Common Files\Logitech
[07/11/2008|13:37] C:\Program Files\Common Files\microsoft shared
[14/02/2008|10:49] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[12/04/2008|07:52] C:\Program Files\Common Files\Sony Ericsson Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/09/2007|14:04] C:\Program Files\Common Files\SWF Studio
[18/12/2007|15:50] C:\Program Files\Common Files\Symantec Shared
[03/08/2008|20:37] C:\Program Files\Common Files\System
[12/04/2008|07:52] C:\Program Files\Common Files\Teleca Shared
[01/06/2007|10:00] C:\Program Files\Common Files\Toshiba Shared
[01/06/2007|09:45] C:\Program Files\Common Files\Ulead Systems
[24/01/2008|11:18] C:\Program Files\Common Files\WindowsLiveInstaller
[14/02/2008|10:50] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 15:35:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 179

--------------------\\ Recherche d'autres infections

C:\Windows\System32\nvs2.inf

C:\Users\Hospice\AppData\Local\itnxnx.dat
C:\Users\Hospice\AppData\Local\itnxnx_nav.dat
C:\Users\Hospice\AppData\Local\itnxnx_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Hospice\AppData\Roaming\Azureus\torrents\!_Norton_AntiVirus_2007_Crack-Serial-Keygen[1].torrent
C:\Users\Hospice\AppData\Roaming\Azureus\torrents\Norton_Antivirus_2007_+_keygen[1].torrent
C:\Users\Hospice\AppData\Roaming\Azureus\torrents\Panda_AntiVirus_2008_Keygen[1].torrent

[F:242][D:21]-> C:\Users\Hospice\AppData\Local\Temp
[F:690][D:1]-> C:\Users\Hospice\AppData\Roaming\MICROS~1\Windows\Cookies
[F:708][D:4]-> C:\Users\Hospice\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:11]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 14/11/2008|15:13 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14/11/2008|15:38 - Option : [2]

--------------------\\ Fin du rapport a 15:38:06
[ UAC => 1 ]

Réponse 3 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

voila merci ;))) maintenant fait navilog stp ! Ensuite va dans poste de travail ----> "disc C" ---> programme files ---> chercher le dossier EOREZO ---> supprime le !!! si sa ne marche pas --> redémarre en mode sans échec choisi ta session habituel et fait la même chose supprime le dossier ;)

dine77380

ok mais sa fais deja 10 minutes passer que je scan avec navilog je me demande si il n'a pas planter

dine77380

dossier eorezo supprimé :)

dine77380

et voici le rapport navilog

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Hospice\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Hospice\AppData\Local" *

*** Recherche fichiers ***

C:\Windows\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\Hospice\AppData\Local\Microsoft" :

* Dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" :

* Dans "C:\Users\Hospice\AppData\Local" :

itnxnx.dat trouvé !
itnxnx_nav.dat trouvé !
itnxnx_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 14/11/2008 à 16:06:32,23 ***

Réponse 4 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

ok pour le dossier EOREZO ;) ferme navilog et relance le mais avant ferme tout t'es programmes en cours !! désactive ton antivirus .. et recommence sans toucher au pc :)

dine77380

ok rapport navilog

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Hospice\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Hospice\AppData\Local" *

*** Recherche fichiers ***

C:\Windows\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\Hospice\AppData\Local\Microsoft" :

* Dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" :

* Dans "C:\Users\Hospice\AppData\Local" :

itnxnx.dat trouvé !
itnxnx_nav.dat trouvé !
itnxnx_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 14/11/2008 à 16:06:32,23 ***

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

voila :) relance navilog et choisi l'option 2 ! reposte le nouveau rapport ici ! Ensuite fait ceci ! :::

* Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

*met le a jours !!
*redémarre en mode sans échec ! (tapote la touche f8 ou f5 au démarrage du pc et choisi ta session habituel)
*ouvre malwaresbyte's ! et scan avec (exécute un scan complet !)
*a la fin tout ce qui trouvera tu supprimera :)
*a la fin un rapport sera généré garde le et poste le ici

*Télécharge et installe CCleaner https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html ( à l'installation, pense à DÉCOCHER l'installation de Yahoo toolbar !!!).

*Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Relance le nettoyage une deuxième fois.

*Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

*(garde ce logiciel et utilise le régulièrement ainsi que malwaresbyte's aussi ;)).

POUR FINIR refait un hijackthis stp et poste le rapport !

dine77380

voici le rapport navilog option 2

Clean Navipromo version 3.6.9 commencé le 14/11/2008 à 16:17:45,41

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Hospice"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *

* Suppression dans "C:\Users\Hospice\AppData\Local\Microsoft" *

* Suppression dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" *

* Suppression dans "C:\Users\Hospice\AppData\Local" *

*** Suppression dossiers dans "C:\Windows" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Suppression dossiers dans "C:\ProgramData" ***

*** Suppression dossiers dans c:\users\hospice\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Suppression dossiers dans "C:\Users\Hospice\AppData\Local\virtualstore\Program Files" ***

*** Suppression dossiers dans "C:\Users\Hospice\AppData\Roaming" ***

*** Suppression fichiers ***

C:\Windows\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Hospice\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\Windows\system32" *

* Dans "C:\Users\Hospice\AppData\Local\Microsoft" *

* Dans "C:\Users\Hospice\AppData\Local\virtualstore\windows\system32" *

* Dans "C:\Users\Hospice\AppData\Local" *

itnxnx.dat trouvé !
Copie itnxnx.dat réalisée avec succès !
itnxnx.dat supprimé !

itnxnx_nav.dat trouvé !
Copie itnxnx_nav.dat réalisée avec succès !
itnxnx_nav.dat supprimé !

itnxnx_navps.dat trouvé !
Copie itnxnx_navps.dat réalisée avec succès !
itnxnx_navps.dat supprimé !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 14/11/2008 à 16:24:27,78 ***

Réponse 6 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

voila merci ;) maintenant fait ce que j'ai demander au message n11 :)

dine77380

et voila j'ai tous fais . la le dernier rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:09, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\windows live\messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4ADBF_frFR242FR242&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c1511f2d-d6ab-46c8-8c09-4b21d29206d5} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hospice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Réponse 7 / 9

dine77380

rapport complet malwrebytes

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1397
Windows 6.0.6001 Service Pack 1

14/11/2008 17:28:02
mbam-log-2008-11-14 (17-28-02).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 204610
Temps écoulé: 50 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\IEToolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

cbs77380 Messages postés 7 Statut Membre

Réponse 8 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

;) voila qui est encore fait mdr je viens à peine de remarquer que je t'aider dans deux topic .. refait un hijackthis stp ...

cbs

voili voila :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14, on 14/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Setup] "C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

cbs

oupsssssss me suis tromper c'est pas le bon rapport je le mets de suite

dine77380 > cbs

voila le bon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:46:35, on 15/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\windows live\messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\calc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4ADBF_frFR242FR242&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c1511f2d-d6ab-46c8-8c09-4b21d29206d5} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Hospice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Réponse 9 / 9

J_O_J_O Messages postés 50 Date d'inscription Statut Membre Dernière intervention 92

Rebonjour :D :::

*Télécharge ComboFix (de subs), sur ton bureau ! https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

*FERME TOUT T'ES PROGRAMMES ET DéSACTIVE TON ANTIVIRUS ET T'ES DEFENSE antispywares :)

* Ouvre combofix appuie sur une touche pour démmarer le scan ...

*ATTENTION : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp ;)

dine77380

voili voila bombo

ComboFix 08-11-13.01 - Hospice 2008-11-15 13:51:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.480 [GMT 1:00]
Lancé depuis: c:\users\Hospice\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.

2008-11-15 11:59 . 2008-11-15 11:59 268 --ah----- C:\sqmdata06.sqm
2008-11-15 11:59 . 2008-11-15 11:59 244 --ah----- C:\sqmnoopt06.sqm
2008-11-15 10:49 . 2008-11-15 10:49 268 --ah----- C:\sqmdata05.sqm
2008-11-15 10:49 . 2008-11-15 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-11-15 10:44 . 2008-11-15 10:44 268 --ah----- C:\sqmdata04.sqm
2008-11-15 10:44 . 2008-11-15 10:44 244 --ah----- C:\sqmnoopt04.sqm
2008-11-14 20:40 . 2008-11-14 20:44 <REP> d-------- c:\users\Hospice\AppData\Roaming\IMVUClient
2008-11-14 17:46 . 2008-11-14 17:46 <REP> d-------- c:\program files\CCleaner
2008-11-14 16:30 . 2008-11-14 16:30 <REP> d-------- c:\users\Hospice\AppData\Roaming\Malwarebytes
2008-11-14 16:30 . 2008-11-14 16:30 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-14 16:30 . 2008-11-14 16:30 <REP> d-------- c:\programdata\Malwarebytes
2008-11-14 16:30 . 2008-11-14 16:30 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 16:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-14 16:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-14 15:43 . 2008-11-14 16:24 <REP> d-------- c:\program files\Navilog1
2008-11-14 15:09 . 2008-11-14 15:38 <REP> d-------- C:\Lop SD
2008-11-14 14:26 . 2008-11-14 14:26 <REP> d-------- c:\program files\Trend Micro
2008-11-13 17:12 . 2008-11-13 17:16 <REP> d-------- c:\program files\SecondLife
2008-11-12 12:33 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 12:33 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 12:33 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 14:03 . 2008-11-07 14:07 <REP> d-------- c:\users\Hospice\AppData\Roaming\Autodesk
2008-11-07 13:46 . 2008-11-07 14:03 <REP> d-------- c:\users\All Users\Autodesk
2008-11-07 13:46 . 2008-11-07 14:03 <REP> d-------- c:\programdata\Autodesk
2008-11-07 13:46 . 2008-11-07 13:54 <REP> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-07 13:44 . 2008-11-07 13:57 <REP> d-------- c:\program files\Autodesk
2008-11-07 13:43 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll
2008-11-07 13:43 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2008-11-07 13:43 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\System32\D3DCompiler_34.dll
2008-11-07 13:43 . 2007-05-16 16:45 443,752 --a------ c:\windows\System32\d3dx10_34.dll
2008-11-07 13:43 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll
2008-11-07 12:20 . 2008-11-07 12:20 <REP> d-------- C:\Autodesk
2008-11-07 11:22 . 2008-11-07 13:32 <REP> d-------- c:\users\Hospice\AppData\Roaming\Download Manager
2008-11-07 10:21 . 2008-11-07 10:21 <REP> d-------- c:\program files\ImvuTools2
2008-11-07 10:21 . 2008-11-07 10:21 <REP> d-------- C:\3dsmax7
2008-11-01 10:54 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 10:54 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 10:54 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 10:54 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 10:54 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 10:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 10:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 10:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 11:08 . 2008-10-28 11:08 <REP> d-------- c:\users\Hospice\AppData\Roaming\Ambient Design
2008-10-22 17:14 . 2008-10-29 14:10 <REP> d-------- c:\users\Hospice\AppData\Roaming\gtk-2.0
2008-10-22 17:14 . 2008-10-22 17:14 <REP> d-------- c:\users\Hospice\.thumbnails
2008-10-22 17:11 . 2008-10-29 14:10 <REP> d-------- c:\users\Hospice\.gimp-2.6
2008-10-22 17:11 . 2008-10-22 17:11 <REP> d-------- c:\users\Hospice\.gegl-0.0
2008-10-22 16:52 . 2008-10-22 16:53 <REP> d-------- c:\program files\Gimp-2.0
2008-10-21 16:02 . 2008-10-21 16:03 <REP> d-------- c:\program files\eMule
2008-10-21 14:24 . 2008-10-21 14:28 <REP> d-------- c:\users\All Users\Lavasoft
2008-10-21 14:24 . 2008-10-21 14:28 <REP> d-------- c:\programdata\Lavasoft
2008-10-21 14:24 . 2008-10-21 14:24 <REP> d-------- c:\program files\Lavasoft
2008-10-15 20:13 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 20:13 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-15 20:13 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-15 20:13 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-15 20:12 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 20:12 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 20:10 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-15 20:08 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 09:48 --------- d-----w c:\program files\MSN Messenger
2008-11-15 09:06 --------- d-----w c:\users\Hospice\AppData\Roaming\SecondLife
2008-11-14 19:45 --------- d-----w c:\users\Hospice\AppData\Roaming\IMVU
2008-11-14 19:40 --------- d-----w c:\program files\IMVU
2008-11-14 18:32 --------- d-----w c:\programdata\Google Updater
2008-11-14 09:51 --------- d-----w c:\program files\Pack Securite
2008-11-14 09:42 --------- d-----w c:\programdata\F-Secure
2008-10-29 09:03 --------- d-----w c:\program files\MansionPoker
2008-10-28 13:49 --------- d-----w c:\program files\PokerStars
2008-10-22 15:25 --------- d-----w c:\program files\Picasa2
2008-10-22 14:53 --------- d-----w c:\users\Hospice\AppData\Roaming\OpenOffice.org2
2008-10-21 15:04 --------- d-----w c:\programdata\eMule
2008-10-16 13:35 --------- d-----w c:\program files\Windows Mail
2008-10-08 14:22 --------- d-----w c:\programdata\WinZip
2008-10-06 12:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-27 15:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-16 15:10 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-10 14:36 222,651,588 ----a-w c:\users\Hospice\discipline_05.zip
2008-08-03 19:55 174 --sha-w c:\program files\desktop.ini
2008-06-14 15:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-14 15:54 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-14 15:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-03-09 07:12 27,648 --sha-w c:\windows\System32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\windows live\messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.iac2"= c:\users\Hospice\Desktop\iac25_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DFD2E564-76EB-4B89-A1F2-B5E792907B26}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{53A70C6E-D8AE-429A-9872-3260749FA77C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{241BB822-E895-4115-8850-4C55F7359634}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C9359AC2-4451-4968-93CD-9E0A713DEF73}c:\\casino\\bwin casino\\casino.exe"= UDP:c:\casino\bwin casino\casino.exe:casino
"UDP Query User{422D196D-7DC8-4B02-8100-8EB72011CC99}c:\\casino\\bwin casino\\casino.exe"= TCP:c:\casino\bwin casino\casino.exe:casino
"TCP Query User{2965FB5F-EF04-4EC2-B426-5B3A6EE18F7E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{926FA18D-39E1-4C5E-B898-68FFD5B6DDC1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{1DA8552D-37AE-4016-8588-8E0B4FA3D307}"= UDP:4662:emuleport
"{8EAA9D32-4EF0-4E6D-9EEF-97D00E14ADA0}"= TCP:4672:emuleport1
"{C654DBC3-0FA9-4D5F-BF47-9D0AE864D210}"= UDP:4711:emuleport2
"TCP Query User{DFE02B6A-C3C3-4C65-BBB3-150151E08C57}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6A628C79-303D-4555-9987-C42A99726134}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{FFD4C15A-A58D-44E9-AC58-024F6A4ED1DC}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{C310A999-BBA8-4602-A66A-32CC06B5F28F}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{DA7828EE-0379-4D8C-9825-E8F6E608BA53}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{52882A9B-1870-4BBD-980B-A12CDB481BC4}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{58D35109-87BC-4A8E-83D4-4C504E8CA4FD}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{332F8471-EDAF-4482-BD2F-FB6C1324EECB}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{F3ED4454-4940-445A-BD07-D484BA133AFD}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{C14DF5F0-DBC9-4B6A-B56A-A6F1A9A9AE9A}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{EC427AA8-ACF2-45DB-B469-E30265FC247D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{057DDFC8-2441-4DE9-97BE-B2AA02A5EF26}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EF4C402A-3DD5-4096-98C3-E9D00F3C5EFC}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{23C5573B-55DB-4AC1-88D8-1CC6F4A28DB2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4BE08DFB-769B-4740-A96C-BCD8BAB6BC39}"= UDP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{14285E49-D004-4687-B30E-BEEDCF90A1E1}"= TCP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{DF16E641-7A23-454C-8008-48D94DDB429A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6F5039A-71D6-4439-96F8-99253502F6FA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 sagmx08bus;Sagem Mobile Platform MX2008 driver (WDM);c:\windows\system32\DRIVERS\sagmx08bus.sys [2008-05-01 88960]
S3 sagmx08mdfl;Sagem MX2008 WMC CDC Modem Filter;c:\windows\system32\DRIVERS\sagmx08mdfl.sys [2008-05-01 14976]
S3 sagmx08mdm;Sagem MX2008 WMC CDC Modem Driver;c:\windows\system32\DRIVERS\sagmx08mdm.sys [2008-05-01 120448]
S3 sagmx08mgmt;Sagem MX2008 Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sagmx08mgmt.sys [2008-05-01 113920]
S3 sagmx08obex;Sagem MX2008 WMC OBEX;c:\windows\system32\DRIVERS\sagmx08obex.sys [2008-05-01 110336]
S3 utblfilt;utblfilt;c:\windows\system32\drivers\utblfilt.sys [2001-05-23 12084]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dcc0e6b-f65e-11dc-9c47-001a92fb1d1d}]
\shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-01-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{c1511f2d-d6ab-46c8-8c09-4b21d29206d5} - (no file)
WebBrowser-{31D3C51D-4678-4743-823E-D5074F800F43} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4ADBF_frFR242FR242
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 -: {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
O9 -: {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Hospice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr -
O9 -: {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 -
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe -
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Hospice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk -

O16 -: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
c:\windows\Downloaded Program Files\iefax.inf
c:\windows\Downloaded Program Files\iefax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 13:56:13
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
Heure de fin: 2008-11-15 13:59:43
ComboFix-quarantined-files.txt 2008-11-15 12:58:39

Avant-CF: 28 169 052 160 octets libres
Après-CF: 28,448,354,304 octets libres

218 --- E O F --- 2008-11-14 08:58:03

dine77380 > dine77380

Discussions similaires

écrire un rapport de travail

Rapport hijackthis ordi portable

9 réponses

Votre réponse

Discussions similaires

Newsletters