Sujet Précédent Sujet Suivant

Antivirus Trigger + Security Toolbar

Fermé
bibopaloula - 26 nov. 2008 à 16:42
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 - 1 déc. 2008 à 08:19
Bonjour,

comme visiblement de nombreuses personnes, je me retrouve depuis qques jours avec une "Security Toolbar" et une penible icone "antivirus Trigger" sur la barre de tache.
Peu familier des arcanes informatiques j'ai suivi les pistes du forum.

Après avoir lancé Smitfraudfix, voici ce que j'obtiens :

(Merci pour votre aide.... dans un langage spécial néo-utlisateur pls !)

SmitFraudFix v2.378

Rapport fait à 16:32:50,40, 26/11/2008
Executé à partir de C:\Documents and Settings\Bigboss\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\hpmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0000aa88.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bigboss\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bigboss


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bigboss\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bigboss\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Antivirus Scan.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bigboss\Favoris

C:\DOCUME~1\Bigboss\Favoris\Antivirus Scan.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://www.3suisses.fr/portail3s_img/3S/FRA/contenus/fonds/avril07.gif"
"SubscribedURL"="https://www.3suisses.fr/portail3s_img/3S/FRA/contenus/fonds/avril07.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{854b8525-c907-4258-bc2e-7b118037419c}"="disaffiliation"

[HKEY_CLASSES_ROOT\CLSID\{854b8525-c907-4258-bc2e-7b118037419c}\InProcServer32]
@="C:\WINDOWS\system32\eebpj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{854b8525-c907-4258-bc2e-7b118037419c}\InProcServer32]
@="C:\WINDOWS\system32\eebpj.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E71E2F5D-234A-420B-AEF2-FCBD61D47999}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E71E2F5D-234A-420B-AEF2-FCBD61D47999}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E5B6457-C3F3-4D9E-B9F5-8842085D033E}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E71E2F5D-234A-420B-AEF2-FCBD61D47999}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:

58 réponses

Précédent
Réponse 21 / 58
bibopaloula
28 nov. 2008 à 19:28
Voici le rapport combo fix :

ComboFix 08-11-27.07 - Bigboss 2008-11-28 19:02:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bigboss\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2012-12-17 20:42 . 2006-12-21 13:54 <REP> d-------- c:\program files\VirtualDJ
2008-11-28 16:29 . 2008-11-28 18:53 <REP> d-------- c:\windows\ERUNT
2008-11-28 16:29 . 2008-11-28 17:12 <REP> d-------- C:\Backups
2008-11-25 13:50 . 2008-11-25 14:05 <REP> d-------- c:\program files\WebMediaViewer
2008-11-25 13:50 . 2008-11-25 13:58 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 18:28 . 2008-11-24 19:04 <REP> d-------- C:\DVDVideoSoft
2008-11-22 18:27 . 2008-11-25 15:37 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
2008-11-22 18:27 . 2008-11-22 18:27 <REP> d-------- c:\program files\DVDVideoSoft
2008-11-22 18:27 . 2008-11-22 18:27 <REP> d-------- c:\program files\AskSearch
2008-11-19 15:58 . 2008-11-19 16:13 <REP> d-------- c:\documents and settings\Bigboss\.homeplayer
2008-11-08 21:33 . 2008-11-08 21:33 <REP> d-------- c:\windows\system32\Adobe
2008-10-30 16:29 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 16:29 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 12:50 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-29 12:50 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-29 12:50 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 18:01 --------- d-----w c:\program files\PeerGuardian2
2008-11-28 17:52 --------- d-----w c:\program files\Trend Micro
2008-11-28 17:46 --------- d-----w c:\program files\Google
2008-11-26 14:04 --------- d-----w c:\program files\eMule
2008-11-25 14:24 --------- d-----w c:\program files\Circle Developement
2008-11-25 13:44 --------- d-----w c:\documents and settings\Bigboss\Application Data\mathtraydog
2008-11-17 17:46 --------- d-----w c:\documents and settings\Bigboss\Application Data\OpenOffice.org2
2008-10-25 12:17 107,880 -c--a-w c:\documents and settings\Bigboss\Application Data\GDIPFONTCACHEV1.DAT
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-07-11 07:22 328 -c--a-w c:\documents and settings\Bigboss\Application Data\wklnhst.dat
2007-03-21 14:21 334 -c--a-w c:\documents and settings\Vincent\Application Data\wklnhst.dat
2006-11-09 17:36 76,976 -c--a-w c:\documents and settings\Vincent\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 67128]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-01-23 204843]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-15 180269]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-12 110592]
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-13 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bigboss^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Bigboss\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bigboss^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Bigboss\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-23 20:33 57344 c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audiograbber]
--a------ 2004-02-09 04:48 899072 c:\audiograbber\audiograbber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
-ra--c--- 2005-10-17 10:45 61440 c:\windows\VM303_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO4Ut]
--a--c--- 2004-03-03 12:54 252416 c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-10-11 16:03 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 00:07 593920 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:e 1
"4672:UDP"= 4672:UDP:emule 2
"4661:TCP"= 4661:TCP:e 3
"4665:UDP"= 4665:UDP:e 4
"4711:TCP"= 4711:TCP:e 5

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2005-12-19 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-12-19 799744]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2006-06-12 13724]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-12-19 215040]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc []
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2006-09-17 18848]
.
Contenu du dossier 'Tâches planifiées'

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-MSMSGS - c:\progra~1\MESSEN~1\Msmsgs.exe
HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
HKLM-Run-RegistryMechanic - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SharedTaskScheduler-{854b8525-c907-4258-bc2e-7b118037419c} - c:\windows\system32\eebpj.dll
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
MSConfigStartUp-Insider - c:\program files\Insider\Insider.exe
MSConfigStartUp-PCMService - c:\program files\CyberLink\PowerCinema\PCMService.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-Words - c:\program files\Words\Words.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\system32\MSSTKPRP.DLL - c:\windows\system32\MSPRPFR.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\MSVBVM50.DLL
c:\windows\system32\VB5FR.DLL
c:\windows\Downloaded Program Files\MSFLXGRD.OCX
c:\windows\Downloaded Program Files\DNLMANAGER.DEP
c:\windows\Downloaded Program Files\OLELIB.TLB
c:\windows\Downloaded Program Files\DNLMANAGER.EXE
c:\windows\Downloaded Program Files\FNACMUSICDNL.OCX
O16 -: {B9907873-6560-4A36-B76B-9DADE84A7F55}
hxxps://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
c:\windows\Downloaded Program Files\FnacmusicDnl.INF
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:05:27
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g0???V??g0???SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????g2???2???????x???8???? @??%X??%X?????????????????x?Y?????^?Q?????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\docume~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe
c:\progra~1\INCRED~1\bin\IMApp.exe
.
**************************************************************************
.
Heure de fin: 2008-11-28 19:08:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-28 18:08:53

Avant-CF: 92 853 612 544 octets libres
Après-CF: 92,773,015,552 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

255 --- E O F --- 2008-11-25 14:40:43
0
Réponse 22 / 58
bibopaloula
28 nov. 2008 à 19:33
La plupart des programmes que tu m'as indiqué de télécharger (dont hijackthis) ont été effacés.
0
Réponse 23 / 58
bibopaloula
28 nov. 2008 à 19:38
Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:49, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Documents and Settings\Bigboss\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.notrefamille.com/v2/boutique/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Acquisition d'image Windows (WIA)_Untrusted_BZ (StiSvc_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing)
0
Réponse 24 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 19:45
La plupart des programmes que tu m'as indiqué de télécharger (dont hijackthis) ont été effacés.

oui,c'est normal,c'est a ca que sert toolcleaner

bon reste des crasses

dont un qui était caché(adware lop)
MessengerPlus! 3 tu le désinstalle et tu le réinstalleras après ta désinfection et sans les sponsors

Supprime Combofix ainsi :
~>Clique sur " Démarrer " ~> " Exécuter "( ou combine la touche Windows + R ) -> copie/colle cette ligne :

ComboFix /u

( laisse l'espace entre Combofix et /u )

~>Valide .

balance c:\qoobox à la poubelle

ensuite

Télécharge LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )

Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 19:48
on fait sauter Circle Developement

puis on shoote zlob...y avait du boulôt...lol
0
bibopaloula
28 nov. 2008 à 20:11
Je n'ai pas trouvé le fichier "qoobox"

Voici le rapport Lop :


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Bigboss ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081128-0] 4.8.1290 (Activated)
Firewall : Sygate Personal Firewall 4.6 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 28/11/2008|20:06 )

--------------------\\ Listing des dossiers dans APPLIC~1

[30/06/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20/12/2005|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[12/12/2006|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/11/2007|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[12/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[18/03/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/11/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/04/2008|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/01/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[12/06/2006|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[06/04/2007|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[31/03/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[17/09/2006|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[17/08/2006|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[18/09/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[20/12/2005|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[26/06/2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[06/12/2007|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[16/06/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[27/06/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[21/12/2007|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[06/09/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[15/06/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[17/06/2007|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/09/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[25/11/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/05/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
[30/01/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[27/06/2006|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[02/07/2007|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[12/03/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[18/07/2008|17:57] C:\DOCUME~1\Bigboss\APPLIC~1\Adobe
[19/08/2006|17:55] C:\DOCUME~1\Bigboss\APPLIC~1\AdobeAUM
[11/07/2007|19:45] C:\DOCUME~1\Bigboss\APPLIC~1\AdobeUM
[16/06/2006|19:02] C:\DOCUME~1\Bigboss\APPLIC~1\Ahead
[12/12/2006|08:44] C:\DOCUME~1\Bigboss\APPLIC~1\Apple Computer
[03/08/2008|10:01] C:\DOCUME~1\Bigboss\APPLIC~1\ArcSoft
[13/09/2008|12:37] C:\DOCUME~1\Bigboss\APPLIC~1\BSplayer
[11/05/2008|15:49] C:\DOCUME~1\Bigboss\APPLIC~1\BSplayer Pro
[14/06/2006|06:55] C:\DOCUME~1\Bigboss\APPLIC~1\CyberLink
[22/12/2006|08:15] C:\DOCUME~1\Bigboss\APPLIC~1\DivX
[19/03/2008|20:19] C:\DOCUME~1\Bigboss\APPLIC~1\dvdcss
[05/05/2007|18:22] C:\DOCUME~1\Bigboss\APPLIC~1\eFax Messenger
[13/08/2007|19:44] C:\DOCUME~1\Bigboss\APPLIC~1\FUJIFILM
[28/08/2008|20:39] C:\DOCUME~1\Bigboss\APPLIC~1\GARMIN
[31/01/2007|18:09] C:\DOCUME~1\Bigboss\APPLIC~1\Google
[09/06/2007|17:32] C:\DOCUME~1\Bigboss\APPLIC~1\Help
[27/06/2006|22:26] C:\DOCUME~1\Bigboss\APPLIC~1\HP
[20/12/2005|05:41] C:\DOCUME~1\Bigboss\APPLIC~1\Identities
[28/12/2006|20:34] C:\DOCUME~1\Bigboss\APPLIC~1\Image Zone Express
[07/04/2008|11:58] C:\DOCUME~1\Bigboss\APPLIC~1\LaCie
[19/08/2006|18:08] C:\DOCUME~1\Bigboss\APPLIC~1\Leadertech
[12/06/2006|22:31] C:\DOCUME~1\Bigboss\APPLIC~1\Macromedia
[25/11/2008|14:44] C:\DOCUME~1\Bigboss\APPLIC~1\mathtraydog
[21/07/2007|22:22] C:\DOCUME~1\Bigboss\APPLIC~1\Media Player Classic
[11/11/2007|19:34] C:\DOCUME~1\Bigboss\APPLIC~1\Microsoft
[26/06/2006|20:04] C:\DOCUME~1\Bigboss\APPLIC~1\Microsoft Web Folders
[03/09/2006|17:52] C:\DOCUME~1\Bigboss\APPLIC~1\MSNInstaller
[06/07/2007|19:29] C:\DOCUME~1\Bigboss\APPLIC~1\Musicmatch
[28/07/2007|17:57] C:\DOCUME~1\Bigboss\APPLIC~1\NewsLeecher
[17/11/2008|18:46] C:\DOCUME~1\Bigboss\APPLIC~1\OpenOffice.org2
[17/09/2006|15:09] C:\DOCUME~1\Bigboss\APPLIC~1\PlayFirst
[14/08/2008|12:42] C:\DOCUME~1\Bigboss\APPLIC~1\Real
[06/12/2007|18:41] C:\DOCUME~1\Bigboss\APPLIC~1\Skyline
[21/06/2007|13:39] C:\DOCUME~1\Bigboss\APPLIC~1\Skype
[21/12/2007|17:47] C:\DOCUME~1\Bigboss\APPLIC~1\Sony Corporation
[06/09/2008|17:40] C:\DOCUME~1\Bigboss\APPLIC~1\Sony Ericsson
[19/06/2006|19:20] C:\DOCUME~1\Bigboss\APPLIC~1\Sun
[12/06/2006|23:06] C:\DOCUME~1\Bigboss\APPLIC~1\Symantec
[07/09/2008|15:29] C:\DOCUME~1\Bigboss\APPLIC~1\Teleca
[03/08/2007|16:58] C:\DOCUME~1\Bigboss\APPLIC~1\Template
[13/09/2008|12:36] C:\DOCUME~1\Bigboss\APPLIC~1\Todae
[06/04/2007|06:47] C:\DOCUME~1\Bigboss\APPLIC~1\Uniblue
[25/09/2007|16:21] C:\DOCUME~1\Bigboss\APPLIC~1\vlc
[28/11/2008|16:55] C:\DOCUME~1\Bigboss\APPLIC~1\WinRAR

[20/12/2005|05:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/12/2007|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/09/2007|19:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[16/06/2006|21:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
[20/12/2005|05:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[19/12/2006|13:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[25/07/2008|09:07] C:\DOCUME~1\Vincent\APPLIC~1\Adobe
[21/03/2007|15:35] C:\DOCUME~1\Vincent\APPLIC~1\Apple Computer
[11/05/2007|15:16] C:\DOCUME~1\Vincent\APPLIC~1\DivX
[11/09/2006|18:55] C:\DOCUME~1\Vincent\APPLIC~1\Google
[20/12/2005|05:41] C:\DOCUME~1\Vincent\APPLIC~1\Identities
[11/09/2006|19:23] C:\DOCUME~1\Vincent\APPLIC~1\Macromedia
[10/10/2006|17:50] C:\DOCUME~1\Vincent\APPLIC~1\MessengerPlus! 3
[14/07/2007|13:58] C:\DOCUME~1\Vincent\APPLIC~1\Microsoft
[19/12/2006|21:00] C:\DOCUME~1\Vincent\APPLIC~1\Real
[13/09/2006|19:03] C:\DOCUME~1\Vincent\APPLIC~1\Template

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[21/09/2008 08:20][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/11/2008 19:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/03/2008|17:04] C:\Program Files\Acro Software
[19/10/2008|18:26] C:\Program Files\Adobe
[20/12/2005|06:17] C:\Program Files\Ahead
[20/07/2006|08:46] C:\Program Files\Alliance MCA
[17/06/2007|17:30] C:\Program Files\Alwil Software
[17/09/2006|11:07] C:\Program Files\American Systems
[25/02/2007|09:20] C:\Program Files\Apple Software Update
[22/11/2008|18:27] C:\Program Files\AskSearch
[21/12/2006|13:56] C:\Program Files\Atomix Virtual DJ 3.2 + crack + 38 skins + 109 effects + 123 samples
[30/07/2007|09:01] C:\Program Files\AviSynth 2.5
[30/01/2007|18:12] C:\Program Files\BFG
[21/07/2008|13:32] C:\Program Files\BitTorrent Fastest Tool
[28/02/2007|18:31] C:\Program Files\BlueSquad
[13/11/2007|13:25] C:\Program Files\Boonty
[15/11/2007|16:48] C:\Program Files\BoontyGames
[08/04/2008|17:56] C:\Program Files\CeWe Color
[25/11/2008|15:24] C:\Program Files\Circle Developement
[23/07/2007|10:36] C:\Program Files\Combined Community Codec Pack
[18/05/2007|11:49] C:\Program Files\Common
[18/05/2007|11:49] C:\Program Files\Common Files
[20/12/2005|05:36] C:\Program Files\ComPlus Applications
[09/04/2007|23:29] C:\Program Files\Creative
[15/10/2006|17:37] C:\Program Files\Cryo Interactive
[18/03/2008|18:00] C:\Program Files\CyberLink
[21/07/2008|14:12] C:\Program Files\CyberQix
[20/09/2006|17:45] C:\Program Files\Debugmode
[22/02/2007|23:59] C:\Program Files\Diner Dash - Flo On The Go
[07/03/2007|19:51] C:\Program Files\Diner Dash 2
[08/10/2006|18:07] C:\Program Files\directx
[06/09/2008|17:50] C:\Program Files\Disc2Phone
[10/11/2007|09:48] C:\Program Files\DivX
[22/11/2008|18:27] C:\Program Files\DVDVideoSoft
[02/08/2008|17:46] C:\Program Files\Eidos Interactive
[28/02/2007|18:27] C:\Program Files\Elfima
[26/11/2008|15:04] C:\Program Files\eMule
[21/07/2007|23:25] C:\Program Files\FairUse Wizard 2
[28/11/2008|19:02] C:\Program Files\Fichiers communs
[17/08/2006|18:02] C:\Program Files\FinePixViewer
[08/01/2007|17:35] C:\Program Files\Free Audio Pack
[12/06/2006|22:25] C:\Program Files\Free.fr
[28/08/2008|20:39] C:\Program Files\Garmin GPS Plugin
[17/08/2006|22:18] C:\Program Files\gdargaud.net
[17/09/2006|13:04] C:\Program Files\Gdot
[02/11/2007|20:50] C:\Program Files\GIMP-2.0
[28/11/2008|18:46] C:\Program Files\Google
[17/03/2008|17:09] C:\Program Files\GPLGS
[09/02/2007|21:15] C:\Program Files\Hewlett-Packard
[06/11/2007|16:40] C:\Program Files\Hobby Concept
[27/06/2006|20:00] C:\Program Files\HP
[31/01/2007|21:18] C:\Program Files\IncrediMail
[13/09/2008|12:35] C:\Program Files\InstallShield Installation Information
[02/12/2007|02:14] C:\Program Files\Intel
[16/10/2008|10:55] C:\Program Files\Internet Explorer
[12/12/2006|08:43] C:\Program Files\iPod
[12/12/2006|08:44] C:\Program Files\iTunes
[26/08/2008|19:08] C:\Program Files\Java
[07/04/2008|11:58] C:\Program Files\LaCie
[04/08/2007|17:02] C:\Program Files\L'Aventure Multimedia
[26/06/2008|13:11] C:\Program Files\Livrephoto
[22/08/2007|14:06] C:\Program Files\Logitech
[25/09/2008|19:16] C:\Program Files\mathtraydog
[30/07/2007|09:03] C:\Program Files\MediaCoder
[27/09/2008|09:44] C:\Program Files\Messenger
[28/04/2008|17:15] C:\Program Files\Messenger Plus! Live
[18/03/2008|17:50] C:\Program Files\Micro Application
[26/09/2008|22:38] C:\Program Files\Microsoft
[26/08/2008|20:41] C:\Program Files\Microsoft ActiveSync
[03/07/2007|06:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[26/06/2006|20:09] C:\Program Files\microsoft frontpage
[11/11/2007|19:33] C:\Program Files\Microsoft Office
[20/12/2005|06:18] C:\Program Files\Microsoft Visual Studio
[17/09/2006|13:04] C:\Program Files\Microsoft Visual Studio .NET
[20/12/2005|06:15] C:\Program Files\Microsoft Works
[30/07/2007|09:03] C:\Program Files\MKVtoolnix
[20/12/2005|05:37] C:\Program Files\Movie Maker
[22/11/2008|18:27] C:\Program Files\Mozilla Firefox
[16/12/2006|13:38] C:\Program Files\MP3 Player Utilities
[27/11/2007|21:50] C:\Program Files\mp3DirectCut
[11/11/2007|19:33] C:\Program Files\MSECache
[13/06/2006|06:21] C:\Program Files\MSN
[20/12/2005|05:36] C:\Program Files\MSN Gaming Zone
[26/09/2008|22:39] C:\Program Files\MSN Messenger
[17/11/2006|13:25] C:\Program Files\MSXML 4.0
[22/08/2007|13:30] C:\Program Files\MUSICMATCH
[15/07/2006|22:21] C:\Program Files\NAVIGON GmbH
[20/01/2008|16:50] C:\Program Files\NCH Software
[20/12/2005|05:37] C:\Program Files\NetMeeting
[17/06/2007|17:20] C:\Program Files\Norton AntiVirus
[15/01/2007|08:06] C:\Program Files\Oberon Media
[20/12/2005|05:36] C:\Program Files\Online Services
[26/08/2008|19:08] C:\Program Files\OpenOffice.org 2.4
[30/01/2008|20:14] C:\Program Files\Outlook Express
[28/02/2007|19:21] C:\Program Files\PDF 2 Word 2
[28/11/2008|20:06] C:\Program Files\PeerGuardian2
[17/08/2006|18:03] C:\Program Files\PIXELA
[25/02/2007|09:23] C:\Program Files\QuickTime
[16/06/2006|20:00] C:\Program Files\QuickZip4
[12/06/2006|22:02] C:\Program Files\Raccourcis de programmes
[15/08/2006|18:51] C:\Program Files\Real
[26/02/2007|18:09] C:\Program Files\Redoubt
[03/02/2007|18:33] C:\Program Files\ReflexiveArcade
[07/04/2008|12:04] C:\Program Files\Registry Mechanic
[17/08/2006|17:52] C:\Program Files\REGSHAVE
[30/07/2007|09:02] C:\Program Files\Ripp-it_AM
[12/09/2008|20:21] C:\Program Files\Secured IE
[20/12/2005|05:37] C:\Program Files\Services en ligne
[08/09/2006|19:26] C:\Program Files\Sierra On-Line
[06/12/2007|16:15] C:\Program Files\Skyline
[16/06/2006|19:57] C:\Program Files\Skype
[17/08/2006|22:28] C:\Program Files\Smoky City Design
[26/06/2006|20:11] C:\Program Files\Snapshot Viewer
[21/12/2007|17:39] C:\Program Files\Sonic
[21/12/2007|17:45] C:\Program Files\Sony
[03/07/2006|18:50] C:\Program Files\Sony Corporation
[06/09/2008|17:36] C:\Program Files\Sony Ericsson
[15/06/2008|15:57] C:\Program Files\Spybot - Search & Destroy
[06/09/2008|13:50] C:\Program Files\Star Defender 3
[19/08/2006|18:19] C:\Program Files\StudioLine Photo Basic
[16/06/2006|20:00] C:\Program Files\Sygate
[13/09/2008|12:36] C:\Program Files\TimeAdjuster
[28/11/2008|18:52] C:\Program Files\Trend Micro
[20/12/2005|05:40] C:\Program Files\Uninstall Information
[05/05/2007|15:31] C:\Program Files\V3CallCenter
[08/10/2006|18:05] C:\Program Files\ValuSoft
[20/08/2007|14:22] C:\Program Files\VideoLAN
[03/03/2007|19:12] C:\Program Files\Vimicro
[21/12/2006|13:54] C:\Program Files\VirtualDJ
[25/11/2008|14:05] C:\Program Files\WebMediaViewer
[11/05/2008|15:49] C:\Program Files\Webteh
[08/12/2006|17:42] C:\Program Files\Winamp
[26/09/2008|22:40] C:\Program Files\Windows Live
[08/12/2007|15:38] C:\Program Files\Windows Media Connect 2
[19/06/2008|20:22] C:\Program Files\Windows Media Player
[20/12/2005|05:36] C:\Program Files\Windows NT
[20/12/2005|05:37] C:\Program Files\WindowsUpdate
[08/09/2006|19:26] C:\Program Files\won
[20/12/2005|05:38] C:\Program Files\xerox
[18/05/2007|11:49] C:\Program Files\Yahoo!
[10/02/2007|14:35] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/06/2008|19:31] C:\Program Files\Fichiers communs\Adobe
[20/12/2005|06:16] C:\Program Files\Fichiers communs\Ahead
[15/11/2007|16:48] C:\Program Files\Fichiers communs\BOONTY Shared
[17/09/2006|13:04] C:\Program Files\Fichiers communs\Crystal Decisions
[20/09/2006|17:45] C:\Program Files\Fichiers communs\debugmode
[20/12/2005|06:18] C:\Program Files\Fichiers communs\DESIGNER
[25/11/2008|15:37] C:\Program Files\Fichiers communs\DVDVideoSoft
[24/09/2006|17:35] C:\Program Files\Fichiers communs\GTK
[27/06/2006|19:57] C:\Program Files\Fichiers communs\Hewlett-Packard
[27/06/2006|20:03] C:\Program Files\Fichiers communs\HP
[03/03/2007|19:12] C:\Program Files\Fichiers communs\InstallShield
[19/06/2006|17:05] C:\Program Files\Fichiers communs\Java
[12/06/2006|22:51] C:\Program Files\Fichiers communs\Logitech
[09/06/2007|17:12] C:\Program Files\Fichiers communs\Micro Application Shared
[26/09/2008|22:38] C:\Program Files\Fichiers communs\Microsoft Shared
[20/12/2005|05:37] C:\Program Files\Fichiers communs\MSSoap
[03/07/2006|18:49] C:\Program Files\Fichiers communs\muvee Technologies
[11/06/2008|15:51] C:\Program Files\Fichiers communs\Nero
[20/12/2005|06:32] C:\Program Files\Fichiers communs\ODBC
[15/08/2006|18:51] C:\Program Files\Fichiers communs\Real
[18/09/2006|19:27] C:\Program Files\Fichiers communs\Sandlot Shared
[20/12/2005|05:37] C:\Program Files\Fichiers communs\Services
[27/06/2006|20:04] C:\Program Files\Fichiers communs\Sonic Shared
[06/09/2008|17:37] C:\Program Files\Fichiers communs\Sony Ericsson Shared
[20/12/2005|06:32] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|17:25] C:\Program Files\Fichiers communs\Symantec Shared
[14/07/2008|14:11] C:\Program Files\Fichiers communs\System
[06/09/2008|17:37] C:\Program Files\Fichiers communs\Teleca Shared
[26/09/2008|22:31] C:\Program Files\Fichiers communs\Windows Live
[12/03/2008|18:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[15/08/2006|18:51] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 48 Processes )

IEXPLORE.EXE ~ [PID:2256]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Bigboss\APPLIC~1\mathtraydog
C:\Program Files\mathtraydog
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5.0.0-setup.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Program Files\BitTorrent Fastest Tool\torrent_search1307.exe
C:\Program Files\Circle Developement
C:\DOCUME~1\Bigboss\Cookies\bigboss@advertising[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 20:08:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 6

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Bigboss\Local Settings\Application Data\IM\Identities\{B5B1AFB6-8365-41B1-9919-EB0CE7775C19}\Message Store\Attachments\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual Dj 3.2 Crack 38 Skins 109 Effects 123 Samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Diner Dash 2 + Crack (No Fake).zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files - Huntsville - Francais + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files Huntsville + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Star Defender 3 + Crack.zip


[F:13][D:3]-> C:\DOCUME~1\Bigboss\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\Bigboss\Cookies
[F:230][D:4]-> C:\DOCUME~1\Bigboss\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 28/11/2008|20:09 - Option : [1]

--------------------\\ Fin du rapport a 20:09:19
0
Réponse 26 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 20:17
Relance LOP S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )


ensuite(pour zlob)

Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et en fin d'installation, vérifie que les options "Update Malwarebytes' Anti-Malware" et "Launch Malwarebytes' Anti-Malware" soit cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur.
L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares sont détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE*** , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse



tes cracks,vérifie les sur virus total
C:\DOCUME~1\Bigboss\Local Settings\Application Data\IM\Identities\{B5B1AFB6-8365-41B1-9919-EB0CE7775C19}\Message Store\Attachments\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual Dj 3.2 Crack 38 Skins 109 Effects 123 Samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Diner Dash 2 + Crack (No Fake).zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files - Huntsville - Francais + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files Huntsville + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Star Defender 3 + Crack.zip
0
Réponse 27 / 58
bibopaloula
28 nov. 2008 à 20:29
Voici le nouveau Rapport LOP :


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Bigboss ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081128-0] 4.8.1290 (Activated)
Firewall : Sygate Personal Firewall 4.6 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 28/11/2008|20:25 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5.0.0-setup.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\Program Files\BitTorrent Fastest Tool\torrent_search1307.exe
Supprime! - C:\DOCUME~1\Bigboss\Cookies\bigboss@advertising[2].txt
Supprime! - C:\DOCUME~1\Bigboss\APPLIC~1\mathtraydog
Supprime! - C:\Program Files\mathtraydog
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
Supprime! - C:\Program Files\BitTorrent Fastest Tool

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[30/06/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20/12/2005|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[12/12/2006|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/11/2007|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[12/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[18/03/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/11/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/04/2008|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/01/2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[12/06/2006|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[06/04/2007|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[31/03/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[17/09/2006|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[17/08/2006|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[18/09/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[20/12/2005|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[26/06/2006|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[06/12/2007|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[16/06/2006|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[27/06/2006|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[21/12/2007|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[06/09/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[15/06/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[17/06/2007|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/09/2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[25/11/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[30/01/2007|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[27/06/2006|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[02/07/2007|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[12/03/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[18/07/2008|17:57] C:\DOCUME~1\Bigboss\APPLIC~1\Adobe
[19/08/2006|17:55] C:\DOCUME~1\Bigboss\APPLIC~1\AdobeAUM
[11/07/2007|19:45] C:\DOCUME~1\Bigboss\APPLIC~1\AdobeUM
[16/06/2006|19:02] C:\DOCUME~1\Bigboss\APPLIC~1\Ahead
[12/12/2006|08:44] C:\DOCUME~1\Bigboss\APPLIC~1\Apple Computer
[03/08/2008|10:01] C:\DOCUME~1\Bigboss\APPLIC~1\ArcSoft
[13/09/2008|12:37] C:\DOCUME~1\Bigboss\APPLIC~1\BSplayer
[11/05/2008|15:49] C:\DOCUME~1\Bigboss\APPLIC~1\BSplayer Pro
[14/06/2006|06:55] C:\DOCUME~1\Bigboss\APPLIC~1\CyberLink
[22/12/2006|08:15] C:\DOCUME~1\Bigboss\APPLIC~1\DivX
[19/03/2008|20:19] C:\DOCUME~1\Bigboss\APPLIC~1\dvdcss
[05/05/2007|18:22] C:\DOCUME~1\Bigboss\APPLIC~1\eFax Messenger
[13/08/2007|19:44] C:\DOCUME~1\Bigboss\APPLIC~1\FUJIFILM
[28/08/2008|20:39] C:\DOCUME~1\Bigboss\APPLIC~1\GARMIN
[31/01/2007|18:09] C:\DOCUME~1\Bigboss\APPLIC~1\Google
[09/06/2007|17:32] C:\DOCUME~1\Bigboss\APPLIC~1\Help
[27/06/2006|22:26] C:\DOCUME~1\Bigboss\APPLIC~1\HP
[20/12/2005|05:41] C:\DOCUME~1\Bigboss\APPLIC~1\Identities
[28/12/2006|20:34] C:\DOCUME~1\Bigboss\APPLIC~1\Image Zone Express
[07/04/2008|11:58] C:\DOCUME~1\Bigboss\APPLIC~1\LaCie
[19/08/2006|18:08] C:\DOCUME~1\Bigboss\APPLIC~1\Leadertech
[12/06/2006|22:31] C:\DOCUME~1\Bigboss\APPLIC~1\Macromedia
[21/07/2007|22:22] C:\DOCUME~1\Bigboss\APPLIC~1\Media Player Classic
[11/11/2007|19:34] C:\DOCUME~1\Bigboss\APPLIC~1\Microsoft
[26/06/2006|20:04] C:\DOCUME~1\Bigboss\APPLIC~1\Microsoft Web Folders
[03/09/2006|17:52] C:\DOCUME~1\Bigboss\APPLIC~1\MSNInstaller
[06/07/2007|19:29] C:\DOCUME~1\Bigboss\APPLIC~1\Musicmatch
[28/07/2007|17:57] C:\DOCUME~1\Bigboss\APPLIC~1\NewsLeecher
[17/11/2008|18:46] C:\DOCUME~1\Bigboss\APPLIC~1\OpenOffice.org2
[17/09/2006|15:09] C:\DOCUME~1\Bigboss\APPLIC~1\PlayFirst
[14/08/2008|12:42] C:\DOCUME~1\Bigboss\APPLIC~1\Real
[06/12/2007|18:41] C:\DOCUME~1\Bigboss\APPLIC~1\Skyline
[21/06/2007|13:39] C:\DOCUME~1\Bigboss\APPLIC~1\Skype
[21/12/2007|17:47] C:\DOCUME~1\Bigboss\APPLIC~1\Sony Corporation
[06/09/2008|17:40] C:\DOCUME~1\Bigboss\APPLIC~1\Sony Ericsson
[19/06/2006|19:20] C:\DOCUME~1\Bigboss\APPLIC~1\Sun
[12/06/2006|23:06] C:\DOCUME~1\Bigboss\APPLIC~1\Symantec
[07/09/2008|15:29] C:\DOCUME~1\Bigboss\APPLIC~1\Teleca
[03/08/2007|16:58] C:\DOCUME~1\Bigboss\APPLIC~1\Template
[13/09/2008|12:36] C:\DOCUME~1\Bigboss\APPLIC~1\Todae
[06/04/2007|06:47] C:\DOCUME~1\Bigboss\APPLIC~1\Uniblue
[25/09/2007|16:21] C:\DOCUME~1\Bigboss\APPLIC~1\vlc
[28/11/2008|16:55] C:\DOCUME~1\Bigboss\APPLIC~1\WinRAR

[20/12/2005|05:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/12/2007|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/09/2007|19:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[16/06/2006|21:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
[20/12/2005|05:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[19/12/2006|13:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[25/07/2008|09:07] C:\DOCUME~1\Vincent\APPLIC~1\Adobe
[21/03/2007|15:35] C:\DOCUME~1\Vincent\APPLIC~1\Apple Computer
[11/05/2007|15:16] C:\DOCUME~1\Vincent\APPLIC~1\DivX
[11/09/2006|18:55] C:\DOCUME~1\Vincent\APPLIC~1\Google
[20/12/2005|05:41] C:\DOCUME~1\Vincent\APPLIC~1\Identities
[11/09/2006|19:23] C:\DOCUME~1\Vincent\APPLIC~1\Macromedia
[10/10/2006|17:50] C:\DOCUME~1\Vincent\APPLIC~1\MessengerPlus! 3
[14/07/2007|13:58] C:\DOCUME~1\Vincent\APPLIC~1\Microsoft
[19/12/2006|21:00] C:\DOCUME~1\Vincent\APPLIC~1\Real
[13/09/2006|19:03] C:\DOCUME~1\Vincent\APPLIC~1\Template

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[21/09/2008 08:20][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/11/2008 19:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/03/2008|17:04] C:\Program Files\Acro Software
[19/10/2008|18:26] C:\Program Files\Adobe
[20/12/2005|06:17] C:\Program Files\Ahead
[20/07/2006|08:46] C:\Program Files\Alliance MCA
[17/06/2007|17:30] C:\Program Files\Alwil Software
[17/09/2006|11:07] C:\Program Files\American Systems
[25/02/2007|09:20] C:\Program Files\Apple Software Update
[22/11/2008|18:27] C:\Program Files\AskSearch
[21/12/2006|13:56] C:\Program Files\Atomix Virtual DJ 3.2 + crack + 38 skins + 109 effects + 123 samples
[30/07/2007|09:01] C:\Program Files\AviSynth 2.5
[30/01/2007|18:12] C:\Program Files\BFG
[28/02/2007|18:31] C:\Program Files\BlueSquad
[13/11/2007|13:25] C:\Program Files\Boonty
[15/11/2007|16:48] C:\Program Files\BoontyGames
[08/04/2008|17:56] C:\Program Files\CeWe Color
[23/07/2007|10:36] C:\Program Files\Combined Community Codec Pack
[18/05/2007|11:49] C:\Program Files\Common
[18/05/2007|11:49] C:\Program Files\Common Files
[20/12/2005|05:36] C:\Program Files\ComPlus Applications
[09/04/2007|23:29] C:\Program Files\Creative
[15/10/2006|17:37] C:\Program Files\Cryo Interactive
[18/03/2008|18:00] C:\Program Files\CyberLink
[21/07/2008|14:12] C:\Program Files\CyberQix
[20/09/2006|17:45] C:\Program Files\Debugmode
[22/02/2007|23:59] C:\Program Files\Diner Dash - Flo On The Go
[07/03/2007|19:51] C:\Program Files\Diner Dash 2
[08/10/2006|18:07] C:\Program Files\directx
[06/09/2008|17:50] C:\Program Files\Disc2Phone
[10/11/2007|09:48] C:\Program Files\DivX
[22/11/2008|18:27] C:\Program Files\DVDVideoSoft
[02/08/2008|17:46] C:\Program Files\Eidos Interactive
[28/02/2007|18:27] C:\Program Files\Elfima
[26/11/2008|15:04] C:\Program Files\eMule
[21/07/2007|23:25] C:\Program Files\FairUse Wizard 2
[28/11/2008|19:02] C:\Program Files\Fichiers communs
[17/08/2006|18:02] C:\Program Files\FinePixViewer
[08/01/2007|17:35] C:\Program Files\Free Audio Pack
[12/06/2006|22:25] C:\Program Files\Free.fr
[28/08/2008|20:39] C:\Program Files\Garmin GPS Plugin
[17/08/2006|22:18] C:\Program Files\gdargaud.net
[17/09/2006|13:04] C:\Program Files\Gdot
[02/11/2007|20:50] C:\Program Files\GIMP-2.0
[28/11/2008|18:46] C:\Program Files\Google
[17/03/2008|17:09] C:\Program Files\GPLGS
[09/02/2007|21:15] C:\Program Files\Hewlett-Packard
[06/11/2007|16:40] C:\Program Files\Hobby Concept
[27/06/2006|20:00] C:\Program Files\HP
[31/01/2007|21:18] C:\Program Files\IncrediMail
[13/09/2008|12:35] C:\Program Files\InstallShield Installation Information
[02/12/2007|02:14] C:\Program Files\Intel
[16/10/2008|10:55] C:\Program Files\Internet Explorer
[12/12/2006|08:43] C:\Program Files\iPod
[12/12/2006|08:44] C:\Program Files\iTunes
[26/08/2008|19:08] C:\Program Files\Java
[07/04/2008|11:58] C:\Program Files\LaCie
[04/08/2007|17:02] C:\Program Files\L'Aventure Multimedia
[26/06/2008|13:11] C:\Program Files\Livrephoto
[22/08/2007|14:06] C:\Program Files\Logitech
[30/07/2007|09:03] C:\Program Files\MediaCoder
[27/09/2008|09:44] C:\Program Files\Messenger
[28/04/2008|17:15] C:\Program Files\Messenger Plus! Live
[18/03/2008|17:50] C:\Program Files\Micro Application
[26/09/2008|22:38] C:\Program Files\Microsoft
[26/08/2008|20:41] C:\Program Files\Microsoft ActiveSync
[03/07/2007|06:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[26/06/2006|20:09] C:\Program Files\microsoft frontpage
[11/11/2007|19:33] C:\Program Files\Microsoft Office
[20/12/2005|06:18] C:\Program Files\Microsoft Visual Studio
[17/09/2006|13:04] C:\Program Files\Microsoft Visual Studio .NET
[20/12/2005|06:15] C:\Program Files\Microsoft Works
[30/07/2007|09:03] C:\Program Files\MKVtoolnix
[20/12/2005|05:37] C:\Program Files\Movie Maker
[22/11/2008|18:27] C:\Program Files\Mozilla Firefox
[16/12/2006|13:38] C:\Program Files\MP3 Player Utilities
[27/11/2007|21:50] C:\Program Files\mp3DirectCut
[11/11/2007|19:33] C:\Program Files\MSECache
[13/06/2006|06:21] C:\Program Files\MSN
[20/12/2005|05:36] C:\Program Files\MSN Gaming Zone
[26/09/2008|22:39] C:\Program Files\MSN Messenger
[17/11/2006|13:25] C:\Program Files\MSXML 4.0
[22/08/2007|13:30] C:\Program Files\MUSICMATCH
[15/07/2006|22:21] C:\Program Files\NAVIGON GmbH
[20/01/2008|16:50] C:\Program Files\NCH Software
[20/12/2005|05:37] C:\Program Files\NetMeeting
[17/06/2007|17:20] C:\Program Files\Norton AntiVirus
[15/01/2007|08:06] C:\Program Files\Oberon Media
[20/12/2005|05:36] C:\Program Files\Online Services
[26/08/2008|19:08] C:\Program Files\OpenOffice.org 2.4
[30/01/2008|20:14] C:\Program Files\Outlook Express
[28/02/2007|19:21] C:\Program Files\PDF 2 Word 2
[28/11/2008|20:24] C:\Program Files\PeerGuardian2
[17/08/2006|18:03] C:\Program Files\PIXELA
[25/02/2007|09:23] C:\Program Files\QuickTime
[16/06/2006|20:00] C:\Program Files\QuickZip4
[12/06/2006|22:02] C:\Program Files\Raccourcis de programmes
[15/08/2006|18:51] C:\Program Files\Real
[26/02/2007|18:09] C:\Program Files\Redoubt
[03/02/2007|18:33] C:\Program Files\ReflexiveArcade
[07/04/2008|12:04] C:\Program Files\Registry Mechanic
[17/08/2006|17:52] C:\Program Files\REGSHAVE
[30/07/2007|09:02] C:\Program Files\Ripp-it_AM
[12/09/2008|20:21] C:\Program Files\Secured IE
[20/12/2005|05:37] C:\Program Files\Services en ligne
[08/09/2006|19:26] C:\Program Files\Sierra On-Line
[06/12/2007|16:15] C:\Program Files\Skyline
[16/06/2006|19:57] C:\Program Files\Skype
[17/08/2006|22:28] C:\Program Files\Smoky City Design
[26/06/2006|20:11] C:\Program Files\Snapshot Viewer
[21/12/2007|17:39] C:\Program Files\Sonic
[21/12/2007|17:45] C:\Program Files\Sony
[03/07/2006|18:50] C:\Program Files\Sony Corporation
[06/09/2008|17:36] C:\Program Files\Sony Ericsson
[15/06/2008|15:57] C:\Program Files\Spybot - Search & Destroy
[06/09/2008|13:50] C:\Program Files\Star Defender 3
[19/08/2006|18:19] C:\Program Files\StudioLine Photo Basic
[16/06/2006|20:00] C:\Program Files\Sygate
[13/09/2008|12:36] C:\Program Files\TimeAdjuster
[28/11/2008|18:52] C:\Program Files\Trend Micro
[20/12/2005|05:40] C:\Program Files\Uninstall Information
[05/05/2007|15:31] C:\Program Files\V3CallCenter
[08/10/2006|18:05] C:\Program Files\ValuSoft
[20/08/2007|14:22] C:\Program Files\VideoLAN
[03/03/2007|19:12] C:\Program Files\Vimicro
[21/12/2006|13:54] C:\Program Files\VirtualDJ
[25/11/2008|14:05] C:\Program Files\WebMediaViewer
[11/05/2008|15:49] C:\Program Files\Webteh
[08/12/2006|17:42] C:\Program Files\Winamp
[26/09/2008|22:40] C:\Program Files\Windows Live
[08/12/2007|15:38] C:\Program Files\Windows Media Connect 2
[19/06/2008|20:22] C:\Program Files\Windows Media Player
[20/12/2005|05:36] C:\Program Files\Windows NT
[20/12/2005|05:37] C:\Program Files\WindowsUpdate
[08/09/2006|19:26] C:\Program Files\won
[20/12/2005|05:38] C:\Program Files\xerox
[18/05/2007|11:49] C:\Program Files\Yahoo!
[10/02/2007|14:35] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/06/2008|19:31] C:\Program Files\Fichiers communs\Adobe
[20/12/2005|06:16] C:\Program Files\Fichiers communs\Ahead
[15/11/2007|16:48] C:\Program Files\Fichiers communs\BOONTY Shared
[17/09/2006|13:04] C:\Program Files\Fichiers communs\Crystal Decisions
[20/09/2006|17:45] C:\Program Files\Fichiers communs\debugmode
[20/12/2005|06:18] C:\Program Files\Fichiers communs\DESIGNER
[25/11/2008|15:37] C:\Program Files\Fichiers communs\DVDVideoSoft
[24/09/2006|17:35] C:\Program Files\Fichiers communs\GTK
[27/06/2006|19:57] C:\Program Files\Fichiers communs\Hewlett-Packard
[27/06/2006|20:03] C:\Program Files\Fichiers communs\HP
[03/03/2007|19:12] C:\Program Files\Fichiers communs\InstallShield
[19/06/2006|17:05] C:\Program Files\Fichiers communs\Java
[12/06/2006|22:51] C:\Program Files\Fichiers communs\Logitech
[09/06/2007|17:12] C:\Program Files\Fichiers communs\Micro Application Shared
[26/09/2008|22:38] C:\Program Files\Fichiers communs\Microsoft Shared
[20/12/2005|05:37] C:\Program Files\Fichiers communs\MSSoap
[03/07/2006|18:49] C:\Program Files\Fichiers communs\muvee Technologies
[11/06/2008|15:51] C:\Program Files\Fichiers communs\Nero
[20/12/2005|06:32] C:\Program Files\Fichiers communs\ODBC
[15/08/2006|18:51] C:\Program Files\Fichiers communs\Real
[18/09/2006|19:27] C:\Program Files\Fichiers communs\Sandlot Shared
[20/12/2005|05:37] C:\Program Files\Fichiers communs\Services
[27/06/2006|20:04] C:\Program Files\Fichiers communs\Sonic Shared
[06/09/2008|17:37] C:\Program Files\Fichiers communs\Sony Ericsson Shared
[20/12/2005|06:32] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|17:25] C:\Program Files\Fichiers communs\Symantec Shared
[14/07/2008|14:11] C:\Program Files\Fichiers communs\System
[06/09/2008|17:37] C:\Program Files\Fichiers communs\Teleca Shared
[26/09/2008|22:31] C:\Program Files\Fichiers communs\Windows Live
[12/03/2008|18:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[15/08/2006|18:51] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 20:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 6

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Bigboss\Local Settings\Application Data\IM\Identities\{B5B1AFB6-8365-41B1-9919-EB0CE7775C19}\Message Store\Attachments\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual Dj 3.2 Crack 38 Skins 109 Effects 123 Samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargement utilitaires\Atomix Virtual DJ 3.4 + crack + 38 skins + 109 effects + 123 samples.rar
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Diner Dash 2 + Crack (No Fake).zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files - Huntsville - Francais + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Mystery Case Files Huntsville + Crack.zip
C:\DOCUME~1\Bigboss\Mes documents\Téléchargements\Star Defender 3 + Crack.zip


[F:16][D:3]-> C:\DOCUME~1\Bigboss\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\Bigboss\Cookies
[F:274][D:4]-> C:\DOCUME~1\Bigboss\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 28/11/2008|20:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 28/11/2008|20:27 - Option : [2]

--------------------\\ Fin du rapport a 20:27:48
0
Réponse 28 / 58
bibopaloula
28 nov. 2008 à 21:36
Puis voici le rapport MBAM :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1433
Windows 5.1.2600 Service Pack 2

28/11/2008 21:34:51
mbam-log-2008-11-28 (21-34-51).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 177790
Temps écoulé: 57 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\WebMediaViewer\browseu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\browseul.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmom.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
0
Réponse 29 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 21:53
cool

poste un nouveau rapport HJT stp
0
Réponse 30 / 58
bibopaloula
28 nov. 2008 à 21:57
Voilà ! :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:03, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Bigboss\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.notrefamille.com/v2/boutique/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Acquisition d'image Windows (WIA)_Untrusted_BZ (StiSvc_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing)
0
Réponse 31 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 22:06
super

tout ce qui est zlob est parti

il reste un truc bizarre
ça
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe


relance HJT(scan only) et coche ces lignes

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Acquisition d'image Windows (WIA)_Untrusted_BZ (StiSvc_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing)

Ferme toutes les fenêtres, tous les programmes. Pas de connection Internet.

clic sur Fix checked
ferme Hijackthis

ensuite

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 32 / 58
bibopaloula
28 nov. 2008 à 22:41
Voici le dernier rapport :

ComboFix 08-11-28.02 - Bigboss 2008-11-28 22:27:33.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.516 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bigboss\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2012-12-17 20:42 . 2006-12-21 13:54 <REP> d-------- c:\program files\VirtualDJ
2008-11-28 20:33 . 2008-11-28 20:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 20:33 . 2008-11-28 20:33 <REP> d-------- c:\documents and settings\Bigboss\Application Data\Malwarebytes
2008-11-28 20:33 . 2008-11-28 20:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 20:33 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 20:33 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 20:06 . 2008-11-28 20:27 <REP> d-------- C:\Lop SD
2008-11-28 16:29 . 2008-11-28 18:53 <REP> d-------- c:\windows\ERUNT
2008-11-28 16:29 . 2008-11-28 17:12 <REP> d-------- C:\Backups
2008-11-25 13:50 . 2008-11-25 13:58 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 18:28 . 2008-11-24 19:04 <REP> d-------- C:\DVDVideoSoft
2008-11-22 18:27 . 2008-11-25 15:37 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
2008-11-22 18:27 . 2008-11-22 18:27 <REP> d-------- c:\program files\DVDVideoSoft
2008-11-22 18:27 . 2008-11-22 18:27 <REP> d-------- c:\program files\AskSearch
2008-11-19 15:58 . 2008-11-19 16:13 <REP> d-------- c:\documents and settings\Bigboss\.homeplayer
2008-11-08 21:33 . 2008-11-08 21:33 <REP> d-------- c:\windows\system32\Adobe
2008-10-30 16:29 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-10-30 16:29 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-29 12:50 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-29 12:50 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-29 12:50 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-29 12:50 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 21:27 --------- d-----w c:\program files\PeerGuardian2
2008-11-28 17:52 --------- d-----w c:\program files\Trend Micro
2008-11-28 17:46 --------- d-----w c:\program files\Google
2008-11-26 14:04 --------- d-----w c:\program files\eMule
2008-11-17 17:46 --------- d-----w c:\documents and settings\Bigboss\Application Data\OpenOffice.org2
2008-10-25 12:17 107,880 -c--a-w c:\documents and settings\Bigboss\Application Data\GDIPFONTCACHEV1.DAT
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-11 07:22 328 -c--a-w c:\documents and settings\Bigboss\Application Data\wklnhst.dat
2007-03-21 14:21 334 -c--a-w c:\documents and settings\Vincent\Application Data\wklnhst.dat
2006-11-09 17:36 76,976 -c--a-w c:\documents and settings\Vincent\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-13 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bigboss^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Bigboss\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bigboss^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Bigboss\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-23 20:33 57344 c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audiograbber]
--a------ 2004-02-09 04:48 899072 c:\audiograbber\audiograbber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
-ra--c--- 2005-10-17 10:45 61440 c:\windows\VM303_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO4Ut]
--a--c--- 2004-03-03 12:54 252416 c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 00:07 593920 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:e 1
"4672:UDP"= 4672:UDP:emule 2
"4661:TCP"= 4661:TCP:e 3
"4665:UDP"= 4665:UDP:e 4
"4711:TCP"= 4711:TCP:e 5

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2005-12-19 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-12-19 799744]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2006-06-12 13724]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-12-19 215040]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc []
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2006-09-17 18848]
.
Contenu du dossier 'Tâches planifiées'

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uSearch Bar = hxxp://www.google.com/ie
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\system32\MSSTKPRP.DLL - c:\windows\system32\MSPRPFR.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\MSVBVM50.DLL
c:\windows\system32\VB5FR.DLL
c:\windows\Downloaded Program Files\MSFLXGRD.OCX
c:\windows\Downloaded Program Files\DNLMANAGER.DEP
c:\windows\Downloaded Program Files\OLELIB.TLB
c:\windows\Downloaded Program Files\DNLMANAGER.EXE
c:\windows\Downloaded Program Files\FNACMUSICDNL.OCX
O16 -: {B9907873-6560-4A36-B76B-9DADE84A7F55}
hxxps://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
c:\windows\Downloaded Program Files\FnacmusicDnl.INF
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 22:29:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Heure de fin: 2008-11-28 22:31:12
ComboFix-quarantined-files.txt 2008-11-28 21:30:59
ComboFix2.txt 2008-11-28 18:08:57

Avant-CF: 94 511 058 944 octets libres
Après-CF: 94,509,371,392 octets libres

198 --- E O F --- 2008-11-25 14:40:43
0
Réponse 33 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 22:53
vire ca stp
c:\program files\AskSearch

essaye de virer ca manuellement aussi
c:\documents and settings\Bigboss\Application Data\GDIPFONTCACHEV1.DAT

si cela ne va pas manuellement on va utiliser le canon
0
Réponse 34 / 58
bibopaloula
28 nov. 2008 à 23:07
ok les 2 fichiers sont à la corbeille...

Sans le canon...
0
Réponse 35 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 23:29
y a juste ce bazard degueu

C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe


Télécharge OTMoveIt3( de Old Timer )
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Une fois téléchargé double-clique sur OTMoveIt3.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" est cochée
Copie les lignes en gras qui se trouvent en dessous :

:Processes
explorer.exe

:Files
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
-Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître, dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi sur l'onglet "Processus". Clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
Tape "explorer.exe"(sans les guillemèts) et valide. Cela fera réapparaître le Bureau.

poste ensuite un nouveau rapport HJT stp
0
Réponse 36 / 58
bibopaloula
28 nov. 2008 à 23:45
Voici le rapport :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo0001e2ba.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Bigboss\LOCALS~1\Temp\MFPL7014.DLL scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_233457

Files moved on Reboot...
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\MFPL7014.DLL unregistered successfully.
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\MFPL7014.DLL moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat not found!

le Rapport HJT suit...
0
Réponse 37 / 58
bibopaloula
28 nov. 2008 à 23:46
Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:45, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo00040ced.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Bigboss\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.notrefamille.com/v2/boutique/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Acquisition d'image Windows (WIA)_Untrusted_BZ (StiSvc_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing)
0
Réponse 38 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
28 nov. 2008 à 23:57
la vache...
il change de nom au démarrage

regarde
C:\DOCUME~1\Bigboss\LOCALS~1\Temp\bwgo00040ced.exe

est-ce que tu as installé F-secure de ces temps ci?
0
Réponse 39 / 58
bibopaloula
29 nov. 2008 à 00:02
Non... (Je ne sais pas ce que c'est !)
0
Réponse 40 / 58
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
29 nov. 2008 à 00:22
ok,

j'ai trouver
regarde ces explications
http://www.commentcamarche.net/forum/affich 2445963 virus programme winantyspyware pubs porno?page=5#104

plus d'info
https://www.neuber.com/taskmanager/process/backweb-8876480.exe.html (en anglais)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


donc,tu peux regarder si tu as du logitech qui tourne sur ton pc
mais attention...de ne pas dégommer des drivers important

tu as un dernier truc à retirer

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-remover située sur ton bureau
? Au menu principal choisi l'option "A"
? Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses