Westzup

Voici le Rapport de Malwarebytes Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1247 Windows 5.1.2600 Service Pack 3 2008-10-09 12:09:50 mbam-log-2008-10-09 (12-09-50).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 143837 Temps écoulé: 1 hour(s), 13 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 25 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 70 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{73461C55-B485-B99F-56A3-04250DC159A5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\utilapiadm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winmonapp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\bsnmjib\UtilApiAdm.dll (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\system32\xebklanu.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS9ae4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS9cc8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS8384.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS83f1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\guillaume\Local Settings\Temp\TDSS8875.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\guillaume\Local Settings\Temp\TDSSa975.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Voici le deuxieme rapport , je fait le Malwarebytes' Anti-Malware (MBAM) sur le champ . --------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz ) BIOS : Ver 1.00PARTTBL USER : guillaume ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) C:\ (Local Disk) - NTFS - Total : 55 Go Free : 25 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [2] ( 2008-10-09|10:41 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\msgpl_b896.tmp Supprime! - C:\DOCUME~1\GUILLA~1\Cookies\guillaume@advertising[1].txt Supprime! - C:\DOCUME~1\GUILLA~1\Cookies\guillaume@adopt.euroclick[2].txt Supprime! - C:\WINDOWS\Tasks\A98AA28F937D5E33.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\blueli~1 - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [2008-01-16|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acoustica [2008-04-08|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [2007-12-01|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [2008-06-05|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [2008-01-14|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell [2008-10-09|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone [2007-12-01|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [2008-07-08|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [2007-12-05|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [2007-12-02|04:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [2007-05-22|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive [2007-05-22|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs [2008-04-08|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle [2008-04-08|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio [2008-03-19|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin [2008-01-16|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software [2008-04-08|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [2008-05-03|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [2005-04-19|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [2008-02-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [2007-12-22|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [2008-03-19|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin [2006-09-12|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [2008-08-24|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip [2008-05-04|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [2008-10-09|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zgtafeng [2005-04-19|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [2005-04-19|16:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust [2005-04-19|16:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [2005-04-19|17:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [2005-04-19|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba [2006-09-24|18:28] C:\DOCUME~1\GUILLA~1\APPLIC~1\3M [2008-01-16|04:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Acoustica [2008-05-03|14:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe [2007-02-05|11:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM [2008-06-20|13:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ahead [2007-12-01|22:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Apple Computer [2008-06-30|17:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\AVGTOOLBAR [2008-01-14|21:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Bell [2008-08-19|21:02] C:\DOCUME~1\GUILLA~1\APPLIC~1\Canneverbe_Limited [2006-12-14|09:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google [2008-10-08|06:58] C:\DOCUME~1\GUILLA~1\APPLIC~1\gtk-2.0 [2008-01-30|07:47] C:\DOCUME~1\GUILLA~1\APPLIC~1\Help [2005-04-19|12:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities [2008-04-09|08:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\InstallShield [2005-04-19|16:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterTrust [2007-12-02|20:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterVideo [2006-02-27|23:45] C:\DOCUME~1\GUILLA~1\APPLIC~1\iShell [2005-10-14|10:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia [2008-09-26|05:49] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft [2008-08-19|20:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\NeroVision [2008-01-16|08:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Propellerhead Software [2008-05-30|22:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\Real [2005-12-20|13:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun [2007-12-07|09:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec [2008-08-16|07:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Syntrillium [2005-04-19|16:39] C:\DOCUME~1\GUILLA~1\APPLIC~1\toshiba [2008-10-08|03:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\uTorrent [2007-12-21|01:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\WinRAR [2007-12-01|22:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\Yahoo! [2006-12-04|00:43] C:\DOCUME~1\INVIT~1\APPLIC~1\Google [2005-04-19|12:44] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [2005-04-19|16:24] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust [2006-09-11|12:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [2008-06-05|11:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [2005-04-19|17:01] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec [2005-04-19|16:39] C:\DOCUME~1\INVIT~1\APPLIC~1\toshiba [2008-06-05|11:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [2007-01-03|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec [2008-06-05|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [2005-09-29|19:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job [2004-08-05 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [2008-10-09 07:14][--ah-----] C:\WINDOWS\tasks\SA.DAT --------------------\\ Listing des dossiers dans C:\Program Files [2008-01-14|21:02] C:\Program Files\Acoustica MP3 Audio Mixer [2008-04-08|22:52] C:\Program Files\Adobe [2008-04-08|22:34] C:\Program Files\AdorageI-GfxDatas [2008-04-08|22:32] C:\Program Files\AdorageI-SAL [2008-08-19|20:49] C:\Program Files\Ahead [2005-04-19|16:15] C:\Program Files\Apoint2K [2008-01-16|11:27] C:\Program Files\Ares [2005-04-19|15:06] C:\Program Files\ATI Technologies [2007-12-16|17:17] C:\Program Files\Audacity [2008-06-05|11:56] C:\Program Files\AVG [2008-10-08|23:38] C:\Program Files\bsnmjib [2008-08-19|21:01] C:\Program Files\CDBurnerXP [2008-05-03|12:34] C:\Program Files\Codec Pack - All In 1 [2007-05-22|17:28] C:\Program Files\Common Files [2008-08-16|07:58] C:\Program Files\coolpro2 [2005-04-19|17:38] C:\Program Files\Datalode [2008-04-08|22:09] C:\Program Files\DivX [2005-04-19|16:17] C:\Program Files\DVD-RAM [2008-08-19|20:49] C:\Program Files\Fichiers communs [2008-01-16|11:29] C:\Program Files\FLStudio4 [2008-09-10|18:36] C:\Program Files\GIMP-2.0 [2007-12-02|04:52] C:\Program Files\Grisoft [2008-08-15|13:24] C:\Program Files\InstallShield Installation Information [2005-04-19|13:58] C:\Program Files\Intel [2008-08-13|04:53] C:\Program Files\Internet Explorer [2007-12-02|20:36] C:\Program Files\InterVideo [2005-04-19|16:43] C:\Program Files\Java [2008-05-03|12:39] C:\Program Files\K-Lite Codec Pack [2008-07-08|13:18] C:\Program Files\Lavasoft [2005-04-19|17:36] C:\Program Files\ltmoh [2008-08-24|03:02] C:\Program Files\Messenger [2008-10-05|23:47] C:\Program Files\Messenger Plus! Live [2007-12-19|04:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2005-04-19|12:44] C:\Program Files\microsoft frontpage [2005-10-04|15:32] C:\Program Files\Microsoft Office [2005-04-19|17:12] C:\Program Files\Microsoft.NET [2008-08-22|04:22] C:\Program Files\Movie Maker [2008-08-22|04:22] C:\Program Files\msn [2005-04-19|12:40] C:\Program Files\MSN Gaming Zone [2008-08-22|04:16] C:\Program Files\NetMeeting [2005-04-19|12:40] C:\Program Files\Online Services [2008-08-22|04:16] C:\Program Files\Outlook Express [2008-04-08|22:11] C:\Program Files\Pinnacle [2008-04-08|22:42] C:\Program Files\proDAD [2008-04-08|22:26] C:\Program Files\QuickTime [2007-12-02|03:02] C:\Program Files\Realtek AC97 [2005-04-19|12:42] C:\Program Files\Services en ligne [2008-06-26|23:48] C:\Program Files\sfArk [2008-01-16|11:29] C:\Program Files\Steinberg [2005-09-13|06:09] C:\Program Files\Toshiba [2005-04-19|12:48] C:\Program Files\Uninstall Information [2007-12-02|04:32] C:\Program Files\uTorrent [2007-12-02|20:49] C:\Program Files\Veoh Networks [2008-09-10|17:38] C:\Program Files\VirtuallTek [2008-08-24|17:59] C:\Program Files\WinAce [2007-12-17|18:06] C:\Program Files\Windows Live [2008-01-30|07:49] C:\Program Files\Windows Media Connect 2 [2008-08-22|04:16] C:\Program Files\Windows Media Player [2008-08-22|04:16] C:\Program Files\Windows NT [2005-04-19|12:42] C:\Program Files\WindowsUpdate [2008-08-24|17:32] C:\Program Files\WinZip [2008-01-18|15:52] C:\Program Files\XBCD [2005-04-19|12:44] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [2008-05-03|14:05] C:\Program Files\Fichiers communs\Adobe [2005-10-04|15:32] C:\Program Files\Fichiers communs\DESIGNER [2005-04-19|16:12] C:\Program Files\Fichiers communs\InstallShield [2005-04-19|16:43] C:\Program Files\Fichiers communs\Java [2008-06-10|03:05] C:\Program Files\Fichiers communs\Microsoft Shared [2007-05-22|17:28] C:\Program Files\Fichiers communs\Motive [2005-04-19|12:41] C:\Program Files\Fichiers communs\MSSoap [2005-04-19|07:34] C:\Program Files\Fichiers communs\ODBC [2005-04-19|12:41] C:\Program Files\Fichiers communs\Services [2005-04-19|07:34] C:\Program Files\Fichiers communs\SpeechEngines [2008-08-22|04:16] C:\Program Files\Fichiers communs\System [2008-05-04|08:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller [2008-09-26|08:22] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 59 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 10:42:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 72 --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv] Trojan ! .. C:\WINDOWS\system32\tdssservers.dat Trojan ! .. C:\WINDOWS\system32\tdssinit.dll Trojan ! .. C:\WINDOWS\system32\tdssadw.dll --------------------\\ Suspect .. C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssservers.dat --------------------\\ Cracks & Keygens .. C:\DOCUME~1\GUILLA~1\Local Settings\Temp\avg.7.0.keygen-efc87.exe [F:6291][D:237]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp [F:74][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies [F:2175][D:20]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|10:28 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 2008-10-09|10:44 - Option : [2] --------------------\\ Fin du rapport a 10:44:25

Merci de ton aide ! voici le rapport que tu a demander > --------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® M processor 1.50GHz ) BIOS : Ver 1.00PARTTBL USER : guillaume ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) C:\ (Local Disk) - NTFS - Total : 55 Go Free : 26 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [1] ( 2008-10-09|10:25 ) --------------------\\ Listing des dossiers dans APPLIC~1 [2008-01-16|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acoustica [2008-04-08|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [2007-12-01|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [2008-06-05|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [2008-01-14|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bell [2008-10-09|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone [2007-12-01|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [2008-07-08|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [2008-04-03|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB [2007-12-05|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [2007-12-02|04:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [2007-05-22|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive [2007-05-22|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs [2008-04-08|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle [2008-04-08|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio [2008-03-19|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin [2008-01-16|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software [2008-04-08|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [2008-05-03|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [2005-04-19|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [2008-02-19|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [2007-12-22|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [2008-03-19|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin [2006-09-12|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [2008-08-24|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip [2008-05-04|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [2008-10-09|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zgtafeng [2005-04-19|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [2005-04-19|16:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust [2005-04-19|16:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [2005-04-19|17:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [2005-04-19|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba [2006-09-24|18:28] C:\DOCUME~1\GUILLA~1\APPLIC~1\3M [2008-01-16|04:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Acoustica [2008-05-03|14:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe [2007-02-05|11:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM [2008-06-20|13:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ahead [2007-12-01|22:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Apple Computer [2008-06-30|17:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\AVGTOOLBAR [2008-01-14|21:20] C:\DOCUME~1\GUILLA~1\APPLIC~1\Bell [2008-04-04|08:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\BLUE LINK [2008-08-19|21:02] C:\DOCUME~1\GUILLA~1\APPLIC~1\Canneverbe_Limited [2006-12-14|09:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google [2008-10-08|06:58] C:\DOCUME~1\GUILLA~1\APPLIC~1\gtk-2.0 [2008-01-30|07:47] C:\DOCUME~1\GUILLA~1\APPLIC~1\Help [2005-04-19|12:44] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities [2008-04-09|08:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\InstallShield [2005-04-19|16:24] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterTrust [2007-12-02|20:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\InterVideo [2006-02-27|23:45] C:\DOCUME~1\GUILLA~1\APPLIC~1\iShell [2005-10-14|10:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia [2008-09-26|05:49] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft [2008-08-19|20:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\NeroVision [2008-01-16|08:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Propellerhead Software [2008-05-30|22:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\Real [2005-12-20|13:31] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun [2007-12-07|09:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec [2008-08-16|07:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Syntrillium [2005-04-19|16:39] C:\DOCUME~1\GUILLA~1\APPLIC~1\toshiba [2008-10-08|03:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\uTorrent [2007-12-21|01:32] C:\DOCUME~1\GUILLA~1\APPLIC~1\WinRAR [2007-12-01|22:33] C:\DOCUME~1\GUILLA~1\APPLIC~1\Yahoo! [2006-12-04|00:43] C:\DOCUME~1\INVIT~1\APPLIC~1\Google [2005-04-19|12:44] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [2005-04-19|16:24] C:\DOCUME~1\INVIT~1\APPLIC~1\InterTrust [2006-09-11|12:34] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [2008-06-05|11:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [2005-04-19|17:01] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec [2005-04-19|16:39] C:\DOCUME~1\INVIT~1\APPLIC~1\toshiba [2008-06-05|11:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [2007-01-03|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec [2008-06-05|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [2005-09-29|19:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [2008-10-09 10:00][--ah-----] C:\WINDOWS\tasks\A98AA28F937D5E33.job [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job [2005-09-13 02:07][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job [2004-08-05 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [2008-10-09 07:14][--ah-----] C:\WINDOWS\tasks\SA.DAT ( A98AA28F937D5E33.job )=( c:\docume~1\guilla~1\applic~1\blueli~1\Typemfcd1.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [2008-01-14|21:02] C:\Program Files\Acoustica MP3 Audio Mixer [2008-04-08|22:52] C:\Program Files\Adobe [2008-04-08|22:34] C:\Program Files\AdorageI-GfxDatas [2008-04-08|22:32] C:\Program Files\AdorageI-SAL [2008-08-19|20:49] C:\Program Files\Ahead [2005-04-19|16:15] C:\Program Files\Apoint2K [2008-01-16|11:27] C:\Program Files\Ares [2005-04-19|15:06] C:\Program Files\ATI Technologies [2007-12-16|17:17] C:\Program Files\Audacity [2008-06-05|11:56] C:\Program Files\AVG [2008-10-08|23:38] C:\Program Files\bsnmjib [2008-08-19|21:01] C:\Program Files\CDBurnerXP [2008-05-03|12:34] C:\Program Files\Codec Pack - All In 1 [2007-05-22|17:28] C:\Program Files\Common Files [2008-08-16|07:58] C:\Program Files\coolpro2 [2005-04-19|17:38] C:\Program Files\Datalode [2008-04-08|22:09] C:\Program Files\DivX [2005-04-19|16:17] C:\Program Files\DVD-RAM [2008-08-19|20:49] C:\Program Files\Fichiers communs [2008-01-16|11:29] C:\Program Files\FLStudio4 [2008-09-10|18:36] C:\Program Files\GIMP-2.0 [2007-12-02|04:52] C:\Program Files\Grisoft [2008-08-15|13:24] C:\Program Files\InstallShield Installation Information [2005-04-19|13:58] C:\Program Files\Intel [2008-08-13|04:53] C:\Program Files\Internet Explorer [2007-12-02|20:36] C:\Program Files\InterVideo [2005-04-19|16:43] C:\Program Files\Java [2008-05-03|12:39] C:\Program Files\K-Lite Codec Pack [2008-07-08|13:18] C:\Program Files\Lavasoft [2005-04-19|17:36] C:\Program Files\ltmoh [2008-08-24|03:02] C:\Program Files\Messenger [2008-10-05|23:47] C:\Program Files\Messenger Plus! Live [2007-12-19|04:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2005-04-19|12:44] C:\Program Files\microsoft frontpage [2005-10-04|15:32] C:\Program Files\Microsoft Office [2005-04-19|17:12] C:\Program Files\Microsoft.NET [2008-08-22|04:22] C:\Program Files\Movie Maker [2008-08-22|04:22] C:\Program Files\msn [2005-04-19|12:40] C:\Program Files\MSN Gaming Zone [2008-08-22|04:16] C:\Program Files\NetMeeting [2005-04-19|12:40] C:\Program Files\Online Services [2008-08-22|04:16] C:\Program Files\Outlook Express [2008-04-08|22:11] C:\Program Files\Pinnacle [2008-04-08|22:42] C:\Program Files\proDAD [2008-04-08|22:26] C:\Program Files\QuickTime [2007-12-02|03:02] C:\Program Files\Realtek AC97 [2005-04-19|12:42] C:\Program Files\Services en ligne [2008-06-26|23:48] C:\Program Files\sfArk [2008-01-16|11:29] C:\Program Files\Steinberg [2005-09-13|06:09] C:\Program Files\Toshiba [2005-04-19|12:48] C:\Program Files\Uninstall Information [2007-12-02|04:32] C:\Program Files\uTorrent [2007-12-02|20:49] C:\Program Files\Veoh Networks [2008-09-10|17:38] C:\Program Files\VirtuallTek [2008-08-24|17:59] C:\Program Files\WinAce [2007-12-17|18:06] C:\Program Files\Windows Live [2008-01-30|07:49] C:\Program Files\Windows Media Connect 2 [2008-08-22|04:16] C:\Program Files\Windows Media Player [2008-08-22|04:16] C:\Program Files\Windows NT [2005-04-19|12:42] C:\Program Files\WindowsUpdate [2008-08-24|17:32] C:\Program Files\WinZip [2008-01-18|15:52] C:\Program Files\XBCD [2005-04-19|12:44] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [2008-05-03|14:05] C:\Program Files\Fichiers communs\Adobe [2005-10-04|15:32] C:\Program Files\Fichiers communs\DESIGNER [2005-04-19|16:12] C:\Program Files\Fichiers communs\InstallShield [2005-04-19|16:43] C:\Program Files\Fichiers communs\Java [2008-06-10|03:05] C:\Program Files\Fichiers communs\Microsoft Shared [2007-05-22|17:28] C:\Program Files\Fichiers communs\Motive [2005-04-19|12:41] C:\Program Files\Fichiers communs\MSSoap [2005-04-19|07:34] C:\Program Files\Fichiers communs\ODBC [2005-04-19|12:41] C:\Program Files\Fichiers communs\Services [2005-04-19|07:34] C:\Program Files\Fichiers communs\SpeechEngines [2008-08-22|04:16] C:\Program Files\Fichiers communs\System [2008-05-04|08:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller [2008-09-26|08:22] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 61 Processes ) IEXPLORE.EXE ~ [PID:3916] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB C:\DOCUME~1\GUILLA~1\APPLIC~1\blueli~1 C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\msgpl_b896.tmp C:\DOCUME~1\GUILLA~1\Cookies\guillaume@advertising[1].txt C:\DOCUME~1\GUILLA~1\Cookies\guillaume@adopt.euroclick[2].txt C:\WINDOWS\Tasks\A98AA28F937D5E33.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "army dog"="C:\\DOCUME~1\\GUILLA~1\\APPLIC~1\\BLUELI~1\\poke show.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Option Bib Logo Log"="C:\\Documents and Settings\\All Users\\Application Data\\LICENSE ADMIN OPTION BIB\\dent draw.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts MODIFIE 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 7793 [ 70 ## added by CiD ] --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 10:26:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 72 --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv] Trojan ! .. C:\WINDOWS\system32\tdssservers.dat Trojan ! .. C:\WINDOWS\system32\tdssinit.dll Trojan ! .. C:\WINDOWS\system32\tdssadw.dll --------------------\\ Suspect .. C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssservers.dat --------------------\\ Cracks & Keygens .. C:\DOCUME~1\GUILLA~1\Local Settings\Temp\avg.7.0.keygen-efc87.exe [F:6291][D:240]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp [F:77][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies [F:2066][D:20]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|10:28 - Option : [1] --------------------\\ Fin du rapport a 10:28:38

Bonjour à tous , Jai quelques problemes depuit quelques temps avec mon pc , Chaque 5 min environ jai un pop-up avec Trojan-spy.win32.keyLogger.aa ( http://img375.imageshack.us/my.php?image=monproblemeay8.png ) et Trojan-downloader.win32.agent.bq ( http://img517.imageshack.us/my.php?image=pobleme2xw0.png ) et plus rarement d'autres trucs du genre ''green screen , et bank security (pas sure du nom exacte)''. J'aimerait que quelqun m'explique comment faire pour supprimer c'est Trucs svp . Merci . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:06:35, on 2008-10-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:06:35, on 2008-10-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\xebklanu.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe C:\WINDOWS\system32\xebklanu.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\dent draw.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [army dog] C:\DOCUME~1\GUILLA~1\APPLIC~1\BLUELI~1\poke show.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinMonApp] C:\WINDOWS\system32\xebklanu.exe O4 - HKLM\..\Policies\Explorer\Run: [zw12ZFYQ7k] C:\Documents and Settings\All Users\Application Data\zgtafeng\bgnotahq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: .security O4 - Global Startup: .security O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Documents and Settings\marilou hayes\Bureau\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O21 - SSODL: UtilApiAdm - {73461C55-B485-B99F-56A3-04250DC159A5} - C:\Program Files\bsnmjib\UtilApiAdm.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE (file missing) O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE (file missing) O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 10286 bytes