Fenêtres intempestives Internet Explorer

Réseaux & telecom Internet
1

Bonjour, j’ai des fenêtres intempestives qui s’exécutent dans Internet explorer
J’ai déjà fait un scan avast, et spybot, malwarebytes et adware, rien à faire, cela revient toujours au démarrage. j’ai fait mes scan en mode sans échec.
j’ai le rapport malwarebytes, si quelqu’un pouvait m’aider, ce serait génial!

voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:23, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LSEPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Documents and Settings\jeff\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gogole.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.aceradvantage.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PrinterSecurityLayer] C:\WINDOWS\LSEPRN.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools\daemon.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - zone.msn.com…
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - zone.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip…{0F2D1689-25DB-483C-954E-72E07B5E412A}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip…{437A7EDA-5D10-4178-B365-D4CB5620268B}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip…{90485B00-EF7B-46B0-A876-05EB0074B16C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


End of file - 13612 bytes

merci d’avance
Edité le 23/11/2008 à 12:54

2

Salut,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

SDFix (créé par AndyManchesta)

ou ici.

ou ici

–> Double-cliques sur SDFix.exe et choisis “Install” .
Double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur “Entrée”.

• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.

• Appuie sur une touche pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

•NOTE:Si SDFix ne se lance pas

Clique sur=> Démarrer => Exécuter
Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.

Redémarre et essaie de relance SDFix.

3

SDFix: Version 1.240
Run by jeff on 23/11/2008 at 13:20

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\autorun.ini - Deleted

Removing Temp Files

ADS Check :

                             [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-23 13:31:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden services & system hive …

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:8f81c3df
“s2”=dword:ab7530a1
“h0”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“h0”=dword:00000000
“khjeh”=hex:ba,26,2b,80,e2,a1,fa,97,64,83,73,73,af,10,73,30,b2,94,07,5f,cf,…
“p0”=“C:\Program Files\DAEMON Tools”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,d2,78,d6,0b,eb,6d,94,99,66,05,4a,1c,12,ac,a4,84,64,…
“khjeh”=hex:d6,8f,12,e2,8e,a7,46,13,77,fc,bb,c6,30,5c,d4,d3,a4,42,e0,17,e7,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:9b,f2,87,2f,f8,11,cb,1f,ed,87,ad,48,ed,ab,74,e4,83,b5,af,2e,28,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
“khjeh”=hex:e1,3d,24,c7,3c,75,9a,d8,1d,0b,8a,30,7e,93,ed,c6,df,05,7c,97,c8,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“h0”=dword:00000000
“khjeh”=hex:ba,26,2b,80,e2,a1,fa,97,64,83,73,73,af,10,73,30,b2,94,07,5f,cf,…
“p0”=“C:\Program Files\DAEMON Tools”

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,d2,78,d6,0b,eb,6d,94,99,66,05,4a,1c,12,ac,a4,84,64,…
“khjeh”=hex:d6,8f,12,e2,8e,a7,46,13,77,fc,bb,c6,30,5c,d4,d3,a4,42,e0,17,e7,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:9b,f2,87,2f,f8,11,cb,1f,ed,87,ad,48,ed,ab,74,e4,83,b5,af,2e,28,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
“khjeh”=hex:e1,3d,24,c7,3c,75,9a,d8,1d,0b,8a,30,7e,93,ed,c6,df,05,7c,97,c8,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“h0”=dword:00000000
“khjeh”=hex:ba,26,2b,80,e2,a1,fa,97,64,83,73,73,af,10,73,30,b2,94,07,5f,cf,…
“p0”=“C:\Program Files\DAEMON Tools”

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,d2,78,d6,0b,eb,6d,94,99,66,05,4a,1c,12,ac,a4,84,64,…
“khjeh”=hex:d6,8f,12,e2,8e,a7,46,13,77,fc,bb,c6,30,5c,d4,d3,a4,42,e0,17,e7,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:e1,c7,85,97,64,c7,d0,15,12,e5,d4,11,a1,52,69,9a,88,a1,0a,db,34,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
“khjeh”=hex:11,74,da,f7,0b,49,20,86,93,73,9e,22,56,fa,0e,2f,15,ae,3f,67,24,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
“khjeh”=hex:22,dc,bb,b6,b0,b2,9e,69,c2,33,40,0b,cb,75,03,49,f9,39,b1,c1,df,…

scanning hidden registry entries …

scanning hidden files …

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\eMule\emule.exe”="C:\Program Files\eMule\emule.exe::Enabled:eMule”
“C:\WINDOWS\ehome\ehshell.exe”=“C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\uTorrent\uTorrent.exe”="C:\Program Files\uTorrent\uTorrent.exe::Enabled:æTorrent”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\WINDOWS\system32\PnkBstrA.exe”="C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA”
“C:\WINDOWS\system32\PnkBstrB.exe”=“C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 23 Aug 2008 635,848 A.SH. — “C:\Program Files\Internet Explorer\iexplore.exe”
Fri 19 Nov 2004 26,112 A…H. — “C:\WINDOWS\AcerDRV\InsD1211.exe”
Tue 15 Nov 2005 26,112 A…H. — “C:\WINDOWS\AcerDRV\InsD1215.exe”
Mon 30 Aug 2004 44,032 A…H. — “C:\WINDOWS\AcerDRV\rescan.exe”
Fri 19 Nov 2004 26,112 A…H. — “C:\WINDOWS\system32\InsD1211.exe”
Tue 15 Nov 2005 26,112 A…H. — “C:\WINDOWS\system32\InsD1215.exe”
Wed 6 Aug 2003 24,576 A…H. — “C:\WINDOWS\system32\KCMDNIns.exe”
Fri 8 Sep 2006 1,024 …HR — “C:\WINDOWS\system32\NTIBUN4.dll”
Fri 8 Sep 2006 1,024 …HR — “C:\WINDOWS\system32\NTICDMK7.dll”
Fri 8 Sep 2006 1,024 …HR — “C:\WINDOWS\system32\NTIFCD3.dll”
Fri 8 Sep 2006 1,024 …HR — “C:\WINDOWS\system32\NTIMP3.dll”
Fri 8 Sep 2006 1,024 …HR — “C:\WINDOWS\system32\NTIMPEG2.dll”
Thu 7 Aug 2003 24,576 A…H. — “C:\WINDOWS\system32\reboot.exe”
Sat 20 Nov 2004 26,112 A…H. — “C:\WINDOWS\system32\RemD1211.exe”
Tue 15 Nov 2005 26,112 A…H. — “C:\WINDOWS\system32\RemD1215.exe”
Mon 30 Aug 2004 44,032 A…H. — “C:\WINDOWS\system32\rescan.exe”
Thu 4 Jan 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”
Sun 31 Dec 2006 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Sat 22 Nov 2008 1,354 …HR — “C:\Documents and Settings\jeff\Application Data\SecuROM\UserData\securom_v7_01.bak”
Fri 2 May 2008 3,493,888 A…H. — “C:\Documents and Settings\jeff\Application Data\U3\temp\Launchpad Removal.exe”

Finished!

voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:29, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LSEPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Documents and Settings\jeff\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gogole.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.aceradvantage.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PrinterSecurityLayer] C:\WINDOWS\LSEPRN.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools\daemon.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - zone.msn.com…
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - zone.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip…{0F2D1689-25DB-483C-954E-72E07B5E412A}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip…{437A7EDA-5D10-4178-B365-D4CB5620268B}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip…{90485B00-EF7B-46B0-A876-05EB0074B16C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


End of file - 13678 bytes
Edité le 23/11/2008 à 13:48

4

Re,

Fait un nouveau hijackthis.

@+

5

oui, pardon, je édité mon post avec le rapport hijackthis

6

Re,

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifTélécharge Toolbar-S&D (Team IDN) sur ton Bureau.<<===

Toolbar-S&D

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifdouble-cliques sur l’.exe pour lancer l’installe et laisses toi guider …

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifUne fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l’outil .

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifChoisis l’option1 ( “recherche”) et tapes “entrée” .

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifUne fois le scan finit , un rapport va apparaître, copie/colles l’intégralité
de son contenu dans ta prochaine réponse …

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

7

-----------\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : Default System BIOS
USER : jeff ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (Local Disk) - NTFS - Total:71 Go (Free:37 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 23/11/2008|13:58 )

-----------\ Recherche de Fichiers / Dossiers …

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\jeff\APPLIC~1\Search Settings
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\temp
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\ErrorPageTemplate.css
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\help.gif
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\pixel.gif
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\tabdata.js
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\tablib.js
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\tabwelcome_en.html
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\tab_icon.png
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\toolbar_background.gif
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\vista_directions.png
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\xp_directions.png
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\res\yahoo_search.gif
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\temp\ws-14203.log
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\temp\ws-14204.log
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\temp\ws-14205.log
C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125\temp\ws-14206.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb125\res
C:\Program Files\Search Settings\kb125\SearchSettings.dll
C:\Program Files\Search Settings\kb125\temp
C:\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
C:\Program Files\Search Settings\kb125\res\help.gif
C:\Program Files\Search Settings\kb125\res\pixel.gif
C:\Program Files\Search Settings\kb125\res\tabdata.js
C:\Program Files\Search Settings\kb125\res\tablib.js
C:\Program Files\Search Settings\kb125\res\tabwelcome_en.html
C:\Program Files\Search Settings\kb125\res\tab_icon.png
C:\Program Files\Search Settings\kb125\res\toolbar_background.gif
C:\Program Files\Search Settings\kb125\res\vista_directions.png
C:\Program Files\Search Settings\kb125\res\xp_directions.png
C:\Program Files\Search Settings\kb125\res\yahoo_search.gif
C:\DOCUME~1\jeff\MENUDM~1\PROGRA~1\WhenU

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.gogole.fr/
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://www.01net.com/telecharger/
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Start Page”=“http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\jeff\Application Data\uTorrent\Far_Cry_2-Razor1911_Crack_Only.torrent
C:\DOCUME~1\jeff\Mes documents\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar

1 - “C:\ToolBar SD\TB_1.txt” - 23/11/2008|13:59 - Option : [1]

-----------\ Fin du rapport a 13:59:14,95

quand je vois les fichiers infectés, je vais me calmer sur certains téléchargements, lol
Edité le 23/11/2008 à 14:03

8

Re,

Fais ceci maintenant :

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
–>Tapes sur l’option 2 ( “nettoyage” ) puis tapes sur “Entrée”.

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d’un nouveau rapport hijackthis pour analyse …

9

-----------\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : Default System BIOS
USER : jeff ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (Local Disk) - NTFS - Total:71 Go (Free:37 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 20-11-2008|20:25 )
Option : [2] ( 23/11/2008|14:04 )

-----------\ SUPPRESSION

Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\jeff\APPLIC~1\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\jeff\MENUDM~1\PROGRA~1\WhenU
Supprime! - C:\DOCUME~1\jeff\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\ Recherche de Fichiers / Dossiers …

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.gogole.fr/
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://www.01net.com/telecharger/
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Start Page”=“http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\jeff\Application Data\uTorrent\Far_Cry_2-Razor1911_Crack_Only.torrent
C:\DOCUME~1\jeff\Mes documents\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar

1 - “C:\ToolBar SD\TB_1.txt” - 23/11/2008|13:59 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 23/11/2008|14:05 - Option : [2]

-----------\ Fin du rapport a 14:05:27,62

ps ; j’ai maintenant "search settings qui se met en route "the feature you are trying to use is on a network ressource that is unavailable. Please wait while windows configures search settings…

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:06, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LSEPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jeff\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gogole.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.aceradvantage.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PrinterSecurityLayer] C:\WINDOWS\LSEPRN.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools\daemon.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - zone.msn.com…
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - zone.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip…{0F2D1689-25DB-483C-954E-72E07B5E412A}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip…{437A7EDA-5D10-4178-B365-D4CB5620268B}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip…{90485B00-EF7B-46B0-A876-05EB0074B16C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


End of file - 13804 bytes
Edité le 23/11/2008 à 14:10

10

Re,

installe NAVILOG1

Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s’exécuter normalement. / !\

Utilisateurs de Windows Vista :

  • Afin que Navilog1 puisse fonctionner correctement, il est recommandé de désactiver l’UAC pendant l’utilisation de Navilog1 (Installation, Utilisation). N’oubliez pas dès l’utilisation de Navilog1 terminé à réactiver l’UAC sur votre Ordinateur.
    [http://www.commentcamarche.net/faq/sujet-7036-desactiver-partiellement-l-uac comment faire pour désactiver l’UAC]

  • A chaque fois que vous êtes amené à exécuter Navilog1.bat ou Navilog1.exe pour l’installation, ne double-cliquez pas sur le fichier ou raccourci mais faites un clic droit dessus et dans le menu contextuel choisssez “Exécuter en tant qu’administrateur”.

Le lancement de l’installation de Navilog1 se fait en exécutant Navilog1.exe

(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

Une fois l’installation terminé, pour lancer le fix :

  • en utilisant le raccourci crée sur le bureau : Navilog1

  • Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

Après le choix de la langue et les messages d’avertissement, le menu s’affiche.

Faite le choix 1

Effectue la vérification du système à la recherche de l’adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu’au message «Analyse terminée le …». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l’intégralité de ce rapport sur le forum qui vous l’auras demandé.

(si le bloc-note ne s’ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l’avis/accord express de l’Helper qui vous as pris en charge sur le forum d’aide ou vous aurez exposer votre problème.

11

Search Navipromo version 3.6.9 commencé le 23/11/2008 à 14:33:53,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l’avis d’un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : “jeff”

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans “C:\WINDOWS” ***

*** Recherche dossiers dans “C:\Program Files” ***

*** Recherche dossiers dans “C:\Documents and Settings\All Users\menudm~1\progra~1” ***

*** Recherche dossiers dans “C:\Documents and Settings\All Users\menudm~1” ***

*** Recherche dossiers dans “c:\docume~1\alluse~1\applic~1” ***

*** Recherche dossiers dans “C:\Documents and Settings\jeff\applic~1” ***

*** Recherche dossiers dans “C:\DOCUME~1\ADMINI~1\applic~1” ***

*** Recherche dossiers dans “C:\Documents and Settings\jeff\locals~1\applic~1” ***

*** Recherche dossiers dans “C:\DOCUME~1\ADMINI~1\locals~1\applic~1” ***

*** Recherche dossiers dans “C:\Documents and Settings\jeff\menudm~1\progra~1” ***

*** Recherche dossiers dans “C:\DOCUME~1\ADMINI~1\menudm~1\progra~1” ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d’infos : www.gmer.net…

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

  • Recherche dans “C:\WINDOWS\system32” *

  • Recherche dans “C:\Documents and Settings\jeff\locals~1\applic~1” *

  • Recherche dans “C:\DOCUME~1\ADMINI~1\locals~1\applic~1” *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

  • Dans “C:\WINDOWS\system32” :

  • Dans “C:\Documents and Settings\jeff\locals~1\applic~1” :

  • Dans “C:\DOCUME~1\ADMINI~1\locals~1\applic~1” :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 23/11/2008 à 14:40:23,82 ***

12

Re,

Télécharge Lop S&D ici :

Lop S&D

==>Double-clique dessus pour lancer l’installation

==>Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

==>Séléctionne la langue souhaitée

==> Puis choisis l’Option 1 ( Recherche )

==>>Patiente jusqu’à la fin du scan

Poste le rapport généré ( C:lopR.txt )

13

--------------------\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : Default System BIOS
USER : jeff ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (Local Disk) - NTFS - Total:71 Go (Free:37 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)

“C:\Lop SD” ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 23/11/2008|15:00 )

--------------------\ Listing des dossiers dans APPLIC~1

[21/08/2006|03:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[21/08/2006|03:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/10/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/04/2007|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[29/01/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/01/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/01/2007|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[03/01/2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23/11/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[22/11/2008|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/09/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/11/2008|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/10/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[31/07/2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/01/2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/04/2008|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/08/2006|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[21/08/2006|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[30/10/2008|18:55] C:\DOCUME~1\jeff\APPLIC~1\Adobe
[15/05/2008|17:58] C:\DOCUME~1\jeff\APPLIC~1\AdobeUM
[29/01/2008|21:39] C:\DOCUME~1\jeff\APPLIC~1\Apple Computer
[03/01/2007|22:56] C:\DOCUME~1\jeff\APPLIC~1\Azureus
[29/01/2007|18:31] C:\DOCUME~1\jeff\APPLIC~1\BSplayer
[30/10/2008|18:55] C:\DOCUME~1\jeff\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[02/01/2007|12:44] C:\DOCUME~1\jeff\APPLIC~1\CyberLink
[12/02/2008|18:30] C:\DOCUME~1\jeff\APPLIC~1\DAEMON Tools
[12/11/2008|23:05] C:\DOCUME~1\jeff\APPLIC~1\Dev-Cpp
[05/01/2007|17:41] C:\DOCUME~1\jeff\APPLIC~1\DivX
[31/10/2008|20:31] C:\DOCUME~1\jeff\APPLIC~1\Google
[21/08/2006|03:02] C:\DOCUME~1\jeff\APPLIC~1\Identities
[08/01/2007|18:36] C:\DOCUME~1\jeff\APPLIC~1\Macromedia
[22/11/2008|17:42] C:\DOCUME~1\jeff\APPLIC~1\Malwarebytes
[06/02/2008|16:52] C:\DOCUME~1\jeff\APPLIC~1\Media Player Classic
[19/03/2008|15:27] C:\DOCUME~1\jeff\APPLIC~1\Microsoft
[27/08/2008|09:39] C:\DOCUME~1\jeff\APPLIC~1\Mozilla
[29/10/2008|18:49] C:\DOCUME~1\jeff\APPLIC~1\Nvu
[29/10/2008|18:44] C:\DOCUME~1\jeff\APPLIC~1\OpenOffice.org
[03/01/2007|17:26] C:\DOCUME~1\jeff\APPLIC~1\Real
[28/05/2007|18:02] C:\DOCUME~1\jeff\APPLIC~1\Screenshot Sender
[23/11/2008|14:54] C:\DOCUME~1\jeff\APPLIC~1\Search Settings
[20/02/2008|00:16] C:\DOCUME~1\jeff\APPLIC~1\SecuROM
[25/02/2008|19:54] C:\DOCUME~1\jeff\APPLIC~1\Serif
[08/01/2007|18:42] C:\DOCUME~1\jeff\APPLIC~1\Sun
[16/01/2007|01:27] C:\DOCUME~1\jeff\APPLIC~1\Talkback
[14/11/2008|14:12] C:\DOCUME~1\jeff\APPLIC~1\U3
[22/11/2008|12:28] C:\DOCUME~1\jeff\APPLIC~1\uTorrent
[11/07/2008|11:03] C:\DOCUME~1\jeff\APPLIC~1\vlc
[16/11/2008|23:01] C:\DOCUME~1\jeff\APPLIC~1\Winamp
[23/11/2008|13:30] C:\DOCUME~1\jeff\APPLIC~1\WinRAR
[21/11/2008|21:29] C:\DOCUME~1\jeff\APPLIC~1\Wireshark

[21/08/2006|03:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/08/2006|03:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\ Tâches planifiées dans C:\WINDOWS\tasks

[04/11/2008 19:34][–ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[23/11/2008 13:27][–ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\ Listing des dossiers dans C:\Program Files

[21/08/2006|03:03] C:\Program Files\Acer WLAN 11g USB Dongle
[30/10/2008|18:55] C:\Program Files\Adobe
[21/11/2008|14:25] C:\Program Files\AGEIA Technologies
[06/01/2007|16:49] C:\Program Files\Ahead
[23/10/2007|16:04] C:\Program Files\Alwil Software
[29/01/2008|21:37] C:\Program Files\Apple Software Update
[14/01/2007|18:36] C:\Program Files\Audacity
[06/02/2008|11:45] C:\Program Files\BitComet
[29/01/2008|21:39] C:\Program Files\Bonjour
[30/12/2006|16:24] C:\Program Files\comsummer
[21/08/2006|03:03] C:\Program Files\CyberLink
[12/02/2008|18:22] C:\Program Files\DAEMON Tools
[21/11/2008|13:29] C:\Program Files\directx
[06/02/2008|16:11] C:\Program Files\DivX
[29/06/2008|11:29] C:\Program Files\DVD Audio Extractor
[22/11/2008|11:17] C:\Program Files\eMule
[23/10/2007|16:38] C:\Program Files\ESET
[21/11/2008|14:25] C:\Program Files\Fichiers communs
[26/12/2007|21:31] C:\Program Files\Free Audio Pack
[21/08/2006|03:03] C:\Program Files\FrenchOtto
[21/08/2006|03:03] C:\Program Files\GemMasterFrench
[31/10/2008|20:30] C:\Program Files\Google
[22/11/2008|11:09] C:\Program Files\InstallShield Installation Information
[15/10/2008|16:39] C:\Program Files\Internet Explorer
[03/01/2007|09:49] C:\Program Files\Inventel
[09/04/2008|11:51] C:\Program Files\iPod
[09/04/2008|11:52] C:\Program Files\iTunes
[12/08/2008|11:09] C:\Program Files\Java
[29/10/2008|18:40] C:\Program Files\JRE
[17/11/2008|18:31] C:\Program Files\Lavalys
[23/11/2008|10:06] C:\Program Files\Lavasoft
[22/02/2007|20:22] C:\Program Files\LocalAutorun
[22/11/2008|17:42] C:\Program Files\Malwarebytes’ Anti-Malware
[06/02/2008|16:54] C:\Program Files\Media Player Classic
[22/08/2008|09:24] C:\Program Files\Messenger
[02/09/2008|10:09] C:\Program Files\Messenger Plus! Live
[03/01/2007|22:25] C:\Program Files\MessengerPlus! 3
[29/03/2008|15:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/08/2006|03:03] C:\Program Files\microsoft frontpage
[31/07/2007|17:12] C:\Program Files\Microsoft Office
[31/07/2007|17:13] C:\Program Files\Microsoft Visual Studio
[06/02/2008|19:16] C:\Program Files\Microsoft Xbox 360 Accessories
[22/08/2008|08:18] C:\Program Files\Movie Maker
[23/11/2008|14:40] C:\Program Files\Mozilla Firefox
[21/08/2006|03:03] C:\Program Files\MSN
[21/08/2006|03:03] C:\Program Files\MSN Gaming Zone
[12/11/2008|22:11] C:\Program Files\MSXML 4.0
[23/11/2008|14:40] C:\Program Files\Navilog1
[22/08/2008|08:16] C:\Program Files\NetMeeting
[21/08/2006|03:04] C:\Program Files\NewTech Infosystems
[06/01/2007|17:16] C:\Program Files\nLite
[31/10/2008|12:25] C:\Program Files\NOS
[18/11/2008|22:28] C:\Program Files\Nvu
[21/08/2006|03:04] C:\Program Files\Oca History Tool
[21/08/2006|03:04] C:\Program Files\Online Services
[29/10/2008|18:40] C:\Program Files\OpenOffice.org 3
[29/10/2008|18:39] C:\Program Files\OpenOffice.org 3.0 (fr) Installation Files
[22/08/2008|08:15] C:\Program Files\Outlook Express
[09/04/2008|11:50] C:\Program Files\QuickTime
[03/01/2007|17:12] C:\Program Files\Real
[21/08/2006|03:04] C:\Program Files\Realtek
[05/03/2008|21:34] C:\Program Files\Schneider Electric
[25/02/2008|19:51] C:\Program Files\Serif
[21/08/2006|03:04] C:\Program Files\Services en ligne
[06/02/2008|16:36] C:\Program Files\SLD Codec Pack
[28/01/2008|20:23] C:\Program Files\Spybot - Search & Destroy
[24/04/2007|21:02] C:\Program Files\Steam
[17/01/2007|22:11] C:\Program Files\Uninstall Information
[06/02/2008|11:46] C:\Program Files\uTorrent
[11/07/2008|11:02] C:\Program Files\VideoLAN
[29/01/2007|18:26] C:\Program Files\Webteh
[16/11/2008|19:00] C:\Program Files\Winamp
[29/04/2008|12:35] C:\Program Files\Windows Live
[20/11/2008|19:31] C:\Program Files\Windows Live Safety Center
[23/01/2007|21:38] C:\Program Files\Windows Media Connect 2
[22/08/2008|08:15] C:\Program Files\Windows Media Player
[22/08/2008|08:15] C:\Program Files\Windows NT
[21/08/2006|03:04] C:\Program Files\Windows Plus
[08/09/2006|11:55] C:\Program Files\WindowsUpdate
[14/11/2008|14:49] C:\Program Files\WinPcap
[01/01/2007|18:44] C:\Program Files\WinRAR
[14/11/2008|14:49] C:\Program Files\Wireshark
[21/08/2006|03:04] C:\Program Files\xerox

--------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/10/2008|18:54] C:\Program Files\Fichiers communs\Adobe
[30/10/2008|18:54] C:\Program Files\Fichiers communs\Adobe AIR
[17/04/2007|18:36] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/01/2007|16:49] C:\Program Files\Fichiers communs\Ahead
[29/01/2008|21:36] C:\Program Files\Fichiers communs\Apple
[31/07/2007|17:13] C:\Program Files\Fichiers communs\Designer
[21/08/2006|03:03] C:\Program Files\Fichiers communs\InstallShield
[30/12/2006|16:16] C:\Program Files\Fichiers communs\Java
[21/08/2006|03:03] C:\Program Files\Fichiers communs\LightScribe
[22/11/2008|10:41] C:\Program Files\Fichiers communs\Microsoft Shared
[21/08/2006|03:03] C:\Program Files\Fichiers communs\MSSoap
[21/08/2006|03:03] C:\Program Files\Fichiers communs\muvee Technologies
[21/08/2006|03:03] C:\Program Files\Fichiers communs\NewTech Infosystems
[21/08/2006|03:03] C:\Program Files\Fichiers communs\ODBC
[12/08/2008|11:06] C:\Program Files\Fichiers communs\Real
[21/08/2006|03:03] C:\Program Files\Fichiers communs\Services
[21/08/2006|03:03] C:\Program Files\Fichiers communs\SpeechEngines
[03/01/2007|19:29] C:\Program Files\Fichiers communs\Symantec Shared
[22/08/2008|08:15] C:\Program Files\Fichiers communs\System
[29/04/2008|12:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/11/2008|10:05] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/08/2008|11:06] C:\Program Files\Fichiers communs\xing shared

--------------------\ Process

( 72 Processes )

iexplore.exe ~ [PID:3808]

--------------------\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\jeff\LOCALS~1\Temp\nsq3.tmp
C:\DOCUME~1\jeff\LOCALS~1\Temp\ns_temp
C:\DOCUME~1\jeff\Cookies\jeff@advertising[2].txt
C:\DOCUME~1\jeff\Cookies\jeff@banner.cotedazurpalace[2].txt
C:\DOCUME~1\jeff\Cookies\jeff@cotedazurpalace[1].txt
C:\DOCUME~1\jeff\Cookies\jeff@pacificpoker[1].txt
C:\DOCUME~1\jeff\Cookies\jeff@partypoker[2].txt
C:\DOCUME~1\jeff\Cookies\jeff@vegas7casino[2].txt
C:\DOCUME~1\jeff\Cookies\jeff@www.vegas7casino[2].txt
C:\DOCUME~1\jeff\Cookies\jeff@www.vegasaffiliates[1].txt

--------------------\ Verification du Registre

… OK !

--------------------\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-23 15:02:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden files: 57

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\jeff\Application Data\uTorrent\Far_Cry_2-Razor1911_Crack_Only.torrent

[F:38][D:670]-> C:\DOCUME~1\jeff\LOCALS~1\Temp
[F:237][D:0]-> C:\DOCUME~1\jeff\Cookies
[F:17162][D:13]-> C:\DOCUME~1\jeff\LOCALS~1\TEMPOR~1\content.IE5

1 - “C:\Lop SD\LopR_1.txt” - 23/11/2008|15:03 - Option : [1]

--------------------\ Fin du rapport a 15:03:55

14

Re,

Relance Lop S&D

Choisis cette fois ci l’Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )

Et refait un hijackthis.

@+

15

--------------------\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : Default System BIOS
USER : jeff ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:46 Go)
D:\ (Local Disk) - NTFS - Total:71 Go (Free:37 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)

“C:\Lop SD” ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 23/11/2008|15:08 )

\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\jeff\LOCALS~1\Temp\nsq3.tmp
Supprime! - C:\DOCUME~1\jeff\LOCALS~1\Temp\ns_temp
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@advertising[2].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@partypoker[2].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@vegas7casino[2].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@www.vegas7casino[2].txt
Supprime! - C:\DOCUME~1\jeff\Cookies\jeff@www.vegasaffiliates[1].txt

[ Fichier Hosts ] … Restaure!

\\\\\\\\\\\\\\\

--------------------\ Listing des dossiers dans APPLIC~1

[21/08/2006|03:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[21/08/2006|03:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/10/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/04/2007|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[29/01/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/01/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/01/2007|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[03/01/2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23/11/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[22/11/2008|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/09/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/11/2008|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/10/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[31/07/2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/01/2007|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/04/2008|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/08/2006|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[21/08/2006|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[30/10/2008|18:55] C:\DOCUME~1\jeff\APPLIC~1\Adobe
[15/05/2008|17:58] C:\DOCUME~1\jeff\APPLIC~1\AdobeUM
[29/01/2008|21:39] C:\DOCUME~1\jeff\APPLIC~1\Apple Computer
[03/01/2007|22:56] C:\DOCUME~1\jeff\APPLIC~1\Azureus
[29/01/2007|18:31] C:\DOCUME~1\jeff\APPLIC~1\BSplayer
[30/10/2008|18:55] C:\DOCUME~1\jeff\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[02/01/2007|12:44] C:\DOCUME~1\jeff\APPLIC~1\CyberLink
[12/02/2008|18:30] C:\DOCUME~1\jeff\APPLIC~1\DAEMON Tools
[12/11/2008|23:05] C:\DOCUME~1\jeff\APPLIC~1\Dev-Cpp
[05/01/2007|17:41] C:\DOCUME~1\jeff\APPLIC~1\DivX
[31/10/2008|20:31] C:\DOCUME~1\jeff\APPLIC~1\Google
[21/08/2006|03:02] C:\DOCUME~1\jeff\APPLIC~1\Identities
[08/01/2007|18:36] C:\DOCUME~1\jeff\APPLIC~1\Macromedia
[22/11/2008|17:42] C:\DOCUME~1\jeff\APPLIC~1\Malwarebytes
[06/02/2008|16:52] C:\DOCUME~1\jeff\APPLIC~1\Media Player Classic
[19/03/2008|15:27] C:\DOCUME~1\jeff\APPLIC~1\Microsoft
[27/08/2008|09:39] C:\DOCUME~1\jeff\APPLIC~1\Mozilla
[29/10/2008|18:49] C:\DOCUME~1\jeff\APPLIC~1\Nvu
[29/10/2008|18:44] C:\DOCUME~1\jeff\APPLIC~1\OpenOffice.org
[03/01/2007|17:26] C:\DOCUME~1\jeff\APPLIC~1\Real
[28/05/2007|18:02] C:\DOCUME~1\jeff\APPLIC~1\Screenshot Sender
[23/11/2008|14:55] C:\DOCUME~1\jeff\APPLIC~1\Search Settings
[20/02/2008|00:16] C:\DOCUME~1\jeff\APPLIC~1\SecuROM
[25/02/2008|19:54] C:\DOCUME~1\jeff\APPLIC~1\Serif
[08/01/2007|18:42] C:\DOCUME~1\jeff\APPLIC~1\Sun
[16/01/2007|01:27] C:\DOCUME~1\jeff\APPLIC~1\Talkback
[14/11/2008|14:12] C:\DOCUME~1\jeff\APPLIC~1\U3
[22/11/2008|12:28] C:\DOCUME~1\jeff\APPLIC~1\uTorrent
[11/07/2008|11:03] C:\DOCUME~1\jeff\APPLIC~1\vlc
[16/11/2008|23:01] C:\DOCUME~1\jeff\APPLIC~1\Winamp
[23/11/2008|13:30] C:\DOCUME~1\jeff\APPLIC~1\WinRAR
[21/11/2008|21:29] C:\DOCUME~1\jeff\APPLIC~1\Wireshark

[21/08/2006|03:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/08/2006|03:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\ Tâches planifiées dans C:\WINDOWS\tasks

[04/11/2008 19:34][–ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[23/11/2008 13:27][–ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\ Listing des dossiers dans C:\Program Files

[21/08/2006|03:03] C:\Program Files\Acer WLAN 11g USB Dongle
[30/10/2008|18:55] C:\Program Files\Adobe
[21/11/2008|14:25] C:\Program Files\AGEIA Technologies
[06/01/2007|16:49] C:\Program Files\Ahead
[23/10/2007|16:04] C:\Program Files\Alwil Software
[29/01/2008|21:37] C:\Program Files\Apple Software Update
[14/01/2007|18:36] C:\Program Files\Audacity
[06/02/2008|11:45] C:\Program Files\BitComet
[29/01/2008|21:39] C:\Program Files\Bonjour
[30/12/2006|16:24] C:\Program Files\comsummer
[21/08/2006|03:03] C:\Program Files\CyberLink
[12/02/2008|18:22] C:\Program Files\DAEMON Tools
[21/11/2008|13:29] C:\Program Files\directx
[06/02/2008|16:11] C:\Program Files\DivX
[29/06/2008|11:29] C:\Program Files\DVD Audio Extractor
[22/11/2008|11:17] C:\Program Files\eMule
[23/10/2007|16:38] C:\Program Files\ESET
[21/11/2008|14:25] C:\Program Files\Fichiers communs
[26/12/2007|21:31] C:\Program Files\Free Audio Pack
[21/08/2006|03:03] C:\Program Files\FrenchOtto
[21/08/2006|03:03] C:\Program Files\GemMasterFrench
[31/10/2008|20:30] C:\Program Files\Google
[22/11/2008|11:09] C:\Program Files\InstallShield Installation Information
[15/10/2008|16:39] C:\Program Files\Internet Explorer
[03/01/2007|09:49] C:\Program Files\Inventel
[09/04/2008|11:51] C:\Program Files\iPod
[09/04/2008|11:52] C:\Program Files\iTunes
[12/08/2008|11:09] C:\Program Files\Java
[29/10/2008|18:40] C:\Program Files\JRE
[17/11/2008|18:31] C:\Program Files\Lavalys
[23/11/2008|10:06] C:\Program Files\Lavasoft
[22/02/2007|20:22] C:\Program Files\LocalAutorun
[22/11/2008|17:42] C:\Program Files\Malwarebytes’ Anti-Malware
[06/02/2008|16:54] C:\Program Files\Media Player Classic
[22/08/2008|09:24] C:\Program Files\Messenger
[02/09/2008|10:09] C:\Program Files\Messenger Plus! Live
[03/01/2007|22:25] C:\Program Files\MessengerPlus! 3
[29/03/2008|15:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/08/2006|03:03] C:\Program Files\microsoft frontpage
[31/07/2007|17:12] C:\Program Files\Microsoft Office
[31/07/2007|17:13] C:\Program Files\Microsoft Visual Studio
[06/02/2008|19:16] C:\Program Files\Microsoft Xbox 360 Accessories
[22/08/2008|08:18] C:\Program Files\Movie Maker
[23/11/2008|14:40] C:\Program Files\Mozilla Firefox
[21/08/2006|03:03] C:\Program Files\MSN
[21/08/2006|03:03] C:\Program Files\MSN Gaming Zone
[12/11/2008|22:11] C:\Program Files\MSXML 4.0
[23/11/2008|14:40] C:\Program Files\Navilog1
[22/08/2008|08:16] C:\Program Files\NetMeeting
[21/08/2006|03:04] C:\Program Files\NewTech Infosystems
[06/01/2007|17:16] C:\Program Files\nLite
[31/10/2008|12:25] C:\Program Files\NOS
[18/11/2008|22:28] C:\Program Files\Nvu
[21/08/2006|03:04] C:\Program Files\Oca History Tool
[21/08/2006|03:04] C:\Program Files\Online Services
[29/10/2008|18:40] C:\Program Files\OpenOffice.org 3
[29/10/2008|18:39] C:\Program Files\OpenOffice.org 3.0 (fr) Installation Files
[22/08/2008|08:15] C:\Program Files\Outlook Express
[09/04/2008|11:50] C:\Program Files\QuickTime
[03/01/2007|17:12] C:\Program Files\Real
[21/08/2006|03:04] C:\Program Files\Realtek
[05/03/2008|21:34] C:\Program Files\Schneider Electric
[25/02/2008|19:51] C:\Program Files\Serif
[21/08/2006|03:04] C:\Program Files\Services en ligne
[06/02/2008|16:36] C:\Program Files\SLD Codec Pack
[28/01/2008|20:23] C:\Program Files\Spybot - Search & Destroy
[24/04/2007|21:02] C:\Program Files\Steam
[17/01/2007|22:11] C:\Program Files\Uninstall Information
[06/02/2008|11:46] C:\Program Files\uTorrent
[11/07/2008|11:02] C:\Program Files\VideoLAN
[29/01/2007|18:26] C:\Program Files\Webteh
[16/11/2008|19:00] C:\Program Files\Winamp
[29/04/2008|12:35] C:\Program Files\Windows Live
[20/11/2008|19:31] C:\Program Files\Windows Live Safety Center
[23/01/2007|21:38] C:\Program Files\Windows Media Connect 2
[22/08/2008|08:15] C:\Program Files\Windows Media Player
[22/08/2008|08:15] C:\Program Files\Windows NT
[21/08/2006|03:04] C:\Program Files\Windows Plus
[08/09/2006|11:55] C:\Program Files\WindowsUpdate
[14/11/2008|14:49] C:\Program Files\WinPcap
[01/01/2007|18:44] C:\Program Files\WinRAR
[14/11/2008|14:49] C:\Program Files\Wireshark
[21/08/2006|03:04] C:\Program Files\xerox

--------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/10/2008|18:54] C:\Program Files\Fichiers communs\Adobe
[30/10/2008|18:54] C:\Program Files\Fichiers communs\Adobe AIR
[17/04/2007|18:36] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/01/2007|16:49] C:\Program Files\Fichiers communs\Ahead
[29/01/2008|21:36] C:\Program Files\Fichiers communs\Apple
[31/07/2007|17:13] C:\Program Files\Fichiers communs\Designer
[21/08/2006|03:03] C:\Program Files\Fichiers communs\InstallShield
[30/12/2006|16:16] C:\Program Files\Fichiers communs\Java
[21/08/2006|03:03] C:\Program Files\Fichiers communs\LightScribe
[22/11/2008|10:41] C:\Program Files\Fichiers communs\Microsoft Shared
[21/08/2006|03:03] C:\Program Files\Fichiers communs\MSSoap
[21/08/2006|03:03] C:\Program Files\Fichiers communs\muvee Technologies
[21/08/2006|03:03] C:\Program Files\Fichiers communs\NewTech Infosystems
[21/08/2006|03:03] C:\Program Files\Fichiers communs\ODBC
[12/08/2008|11:06] C:\Program Files\Fichiers communs\Real
[21/08/2006|03:03] C:\Program Files\Fichiers communs\Services
[21/08/2006|03:03] C:\Program Files\Fichiers communs\SpeechEngines
[03/01/2007|19:29] C:\Program Files\Fichiers communs\Symantec Shared
[22/08/2008|08:15] C:\Program Files\Fichiers communs\System
[29/04/2008|12:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/11/2008|10:05] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/08/2008|11:06] C:\Program Files\Fichiers communs\xing shared

--------------------\ Process

( 69 Processes )

… OK !

--------------------\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Verification du Registre

… OK !

--------------------\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-23 15:09:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden files: 57

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\jeff\Application Data\uTorrent\Far_Cry_2-Razor1911_Crack_Only.torrent

[F:38][D:668]-> C:\DOCUME~1\jeff\LOCALS~1\Temp
[F:229][D:0]-> C:\DOCUME~1\jeff\Cookies
[F:17173][D:13]-> C:\DOCUME~1\jeff\LOCALS~1\TEMPOR~1\content.IE5

1 - “C:\Lop SD\LopR_1.txt” - 23/11/2008|15:03 - Option : [1]
2 - “C:\Lop SD\LopR_2.txt” - 23/11/2008|15:11 - Option : [2]

--------------------\ Fin du rapport a 15:11:38

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:33, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LSEPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\jeff\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gogole.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.aceradvantage.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PrinterSecurityLayer] C:\WINDOWS\LSEPRN.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools\daemon.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - zone.msn.com…
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - zone.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip…{0F2D1689-25DB-483C-954E-72E07B5E412A}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip…{437A7EDA-5D10-4178-B365-D4CB5620268B}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip…{90485B00-EF7B-46B0-A876-05EB0074B16C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


End of file - 13755 bytes

16

Re,

Relance hijack et clique sur “Do a system scan only”
Ensuite recherche ces lignes et coches les cases

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll (file missing)
O4 - HKLM…\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

Ensuite clique sur “Fix checked”

Ensuite fait ceci:

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifTélécharge et installe MalwareByte’s Anti-Malware
Malwarebyte

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifMets le à jour

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifDouble clique sur le raccourci de MalwareByte’s Anti-Malware qui est sur le bureau.

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSélectionne Exécuter un examen complet si ce n’est pas déjà fait

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifclique sur Rechercher

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifUne fois le scan terminé, une fenêtre s’ouvre, clique sur sur Ok

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSi MalwareByte’s n’a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSi MalwareByte’s a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifEnregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note :Si MalwareByte’s a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

17

Malwarebytes’ Anti-Malware 1.30
Version de la base de données: 1415
Windows 5.1.2600 Service Pack 3

23/11/2008 21:33:19
mbam-log-2008-11-23 (21-33-19).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 146076
Temps écoulé: 5 hour(s), 16 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

18

Re,

Fait un hijackthis .

merci.

A+

19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:50, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LSEPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\jeff\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gogole.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.aceradvantage.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PrinterSecurityLayer] C:\WINDOWS\LSEPRN.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools\daemon.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - zone.msn.com…
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - zone.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip…{0F2D1689-25DB-483C-954E-72E07B5E412A}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip…{437A7EDA-5D10-4178-B365-D4CB5620268B}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip…{90485B00-EF7B-46B0-A876-05EB0074B16C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip…{05A73B46-4538-4BC0-9927-466B1F04B2FF}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


End of file - 13485 bytes

merci à toi

20

Re,

supprime Navilog1.bat de ton bureau.

Télécharge AVG Anti-Spyware www.ewido.net…
installe AVG .
Une fois AVG lancé, clique sur Mise à jour
Ferme le programme.

Redémarre en mode sans échec
lance AVG puis choisis l’onglet “Analyse”
Puis l’onglet “Paramètres”
Sous la question *Comment réagir * clique sur Actions recommandéeset choisis Quarantaine
Re-clique sur l’onglet Analyse puis réalise une Analyse complète du système

  • Si un fichier est infecté en fin d’analyse *
    Clique sur *Appliquer toutes les actions *
    Clique sur “Enregistrer le rapport”
    Enregistre ce fichier texte sur ton bureau.
    Redémarre normalement
    Copie/Colle le rapport ici.

Redemarre ton pc en mode sans échec et fait ce qui suit:

Relance hijack et clique sur “Do a system scan only”
Ensuite recherche ces lignes et coches les cases

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”

Ensuite clique sur “Fix checked”

a2AntiMalwareSetup.exe
download3.emsisoft.com…
enregistre toi : tu resevras un numero par mail.mais a jour la base viral
Redémarre en mode sans échec
lance le program.
clique sur:
scanner l’ordinateur/scan detail/puis sur le boutoun scan
( sa risque de prendre un certaint temps )
coche tous se qu’il a trouver et mes en quarantaine et enregistre le rapport et edite le: