bob2N

j'ai supprimer tout ceux que vous m'aviez dit, supprimer aussi ctfmon. je confirme que le gestionnaires des taches n'est toujours pas fonctionnel. merci encore pour l'aide

et voilà le scan hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:54:57, on 24/04/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Griez\Mes documents\alain.griez\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Dog Cool Send Play] C:\Documents and Settings\All Users\Application Data\Road Inter Dog Cool\Anti Vc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spam atom] C:\DOCUME~1\Griez\APPLIC~1\TRAYON~1\Databagslive.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 8137 bytes

rapport après suppression --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1 X86-based PC ( Uniprocessor Free : Processeur Intel Celeron ) BIOS : PhoenixBIOS 4.0 Release 6.0.6 USER : Griez ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:76 Go (Free:48 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 24/04/2010|20:07 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Anti Vc.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Anti Vc.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Cake Bash.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Mp3 comp.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Mp3 comp.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\user plus.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [12/12/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [21/10/2006|23:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/03/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure [11/02/2009|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [07/05/2009|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [17/08/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [26/05/2007|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [27/05/2006|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/05/2006|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan [18/03/2006|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson [11/02/2009|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [16/11/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [13/08/2006|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [20/05/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [02/04/2006|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [23/12/2005|20:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [16/06/2006|18:30] C:\DOCUME~1\Griez\APPLIC~1\ACD Systems [30/03/2008|16:17] C:\DOCUME~1\Griez\APPLIC~1\ACDInTouch [22/02/2008|19:34] C:\DOCUME~1\Griez\APPLIC~1\Adobe [02/04/2006|20:47] C:\DOCUME~1\Griez\APPLIC~1\Ahead [26/10/2006|16:12] C:\DOCUME~1\Griez\APPLIC~1\Apple Computer [06/12/2007|18:24] C:\DOCUME~1\Griez\APPLIC~1\F-Secure [30/09/2006|15:18] C:\DOCUME~1\Griez\APPLIC~1\Google [27/11/2008|20:14] C:\DOCUME~1\Griez\APPLIC~1\Grisoft [18/03/2006|22:15] C:\DOCUME~1\Griez\APPLIC~1\Help [23/12/2005|20:33] C:\DOCUME~1\Griez\APPLIC~1\Identities [07/06/2008|19:23] C:\DOCUME~1\Griez\APPLIC~1\InstallShield [02/12/2007|18:31] C:\DOCUME~1\Griez\APPLIC~1\ispnews [30/03/2008|16:22] C:\DOCUME~1\Griez\APPLIC~1\Leadertech [07/06/2008|19:44] C:\DOCUME~1\Griez\APPLIC~1\LG Electronics [18/06/2007|17:37] C:\DOCUME~1\Griez\APPLIC~1\Macromedia [17/08/2008|18:49] C:\DOCUME~1\Griez\APPLIC~1\Malwarebytes [24/04/2010|02:01] C:\DOCUME~1\Griez\APPLIC~1\Microsoft [11/02/2009|18:37] C:\DOCUME~1\Griez\APPLIC~1\Mozilla [03/02/2007|17:58] C:\DOCUME~1\Griez\APPLIC~1\MSN6 [07/03/2008|18:05] C:\DOCUME~1\Griez\APPLIC~1\PEX [01/03/2006|17:18] C:\DOCUME~1\Griez\APPLIC~1\PSWorks [14/05/2007|10:34] C:\DOCUME~1\Griez\APPLIC~1\Screenshot Sender [16/11/2008|05:15] C:\DOCUME~1\Griez\APPLIC~1\Simply Super Software [31/10/2006|16:51] C:\DOCUME~1\Griez\APPLIC~1\Sun [27/05/2006|16:08] C:\DOCUME~1\Griez\APPLIC~1\Template [16/04/2009|15:20] C:\DOCUME~1\Griez\APPLIC~1\Tray one deaf [11/05/2008|00:00] C:\DOCUME~1\Griez\APPLIC~1\TuneUp Software [23/08/2006|17:23] C:\DOCUME~1\Griez\APPLIC~1\vlc [10/11/2007|19:41] C:\DOCUME~1\Griez\APPLIC~1\WinRAR [24/04/2010|02:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/06/2006|16:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla [24/04/2010|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [24/04/2010 20:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job [22/04/2010 17:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [24/04/2010 19:06][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [23/01/2007|15:11] C:\Program Files\ABF software [12/12/2008|12:54] C:\Program Files\Adobe [25/01/2007|18:40] C:\Program Files\Apple Software Update [01/12/2008|02:56] C:\Program Files\CCleaner [30/09/2006|15:15] C:\Program Files\Common Files [08/04/2008|18:24] C:\Program Files\ElcomSoft [02/04/2006|10:50] C:\Program Files\Every Toolbar 1.1 [07/05/2009|14:24] C:\Program Files\Fichiers communs [29/09/2008|19:30] C:\Program Files\Free Audio Pack [11/02/2009|18:45] C:\Program Files\Google [04/10/2006|12:56] C:\Program Files\Infine [18/01/2009|20:28] C:\Program Files\InstallShield Installation Information [23/05/2009|02:32] C:\Program Files\Internet Explorer [07/05/2009|16:12] C:\Program Files\Java [07/06/2008|19:35] C:\Program Files\LG Electronics [07/06/2008|19:31] C:\Program Files\LG PC Suite 2 [09/12/2008|21:35] C:\Program Files\LimeWire [02/03/2009|07:05] C:\Program Files\Malwarebytes' Anti-Malware [24/12/2005|21:01] C:\Program Files\Messenger [13/12/2009|21:15] C:\Program Files\Messenger Plus! Live [23/12/2005|20:22] C:\Program Files\microsoft frontpage [23/05/2009|02:11] C:\Program Files\Microsoft Office [27/05/2006|15:58] C:\Program Files\Microsoft Works [23/12/2005|20:18] C:\Program Files\Movie Maker [24/04/2010|19:39] C:\Program Files\Mozilla Firefox [23/12/2005|20:15] C:\Program Files\MSN [23/12/2005|20:15] C:\Program Files\MSN Gaming Zone [16/09/2009|19:24] C:\Program Files\MSN Messenger [24/12/2005|21:26] C:\Program Files\NetMeeting [19/11/2007|13:53] C:\Program Files\Neuf [26/09/2006|18:12] C:\Program Files\Outlook Express [19/08/2006|18:13] C:\Program Files\PQDVD [25/01/2007|18:47] C:\Program Files\QuickTime [10/07/2008|21:55] C:\Program Files\QuickZip4 [21/09/2008|19:04] C:\Program Files\RegCleaner [29/05/2007|12:56] C:\Program Files\Samsung [23/12/2005|22:53] C:\Program Files\Securitoo [23/12/2005|20:19] C:\Program Files\Services en ligne [11/02/2009|18:51] C:\Program Files\Spybot - Search & Destroy [18/01/2009|20:29] C:\Program Files\Uninstall Information [23/08/2006|17:20] C:\Program Files\VideoLAN [19/08/2007|19:53] C:\Program Files\Windows Live [30/05/2007|16:04] C:\Program Files\Windows Live Toolbar [13/08/2006|14:43] C:\Program Files\Windows Media Player [23/12/2005|20:15] C:\Program Files\Windows NT [23/12/2005|23:10] C:\Program Files\WindowsUpdate [10/11/2007|19:35] C:\Program Files\WinRAR [09/03/2008|12:53] C:\Program Files\WinZip [23/12/2005|20:22] C:\Program Files\xerox [06/01/2009|01:52] C:\Program Files\XMoto [30/09/2006|15:15] C:\Program Files\Yahoo! --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [12/12/2008|12:54] C:\Program Files\Fichiers communs\Adobe [02/04/2006|19:51] C:\Program Files\Fichiers communs\Ahead [07/06/2008|19:33] C:\Program Files\Fichiers communs\InstallShield [24/12/2005|17:50] C:\Program Files\Fichiers communs\Java [23/05/2009|02:11] C:\Program Files\Fichiers communs\Microsoft Shared [23/12/2005|20:17] C:\Program Files\Fichiers communs\MSSoap [23/12/2005|20:03] C:\Program Files\Fichiers communs\ODBC [23/12/2005|20:17] C:\Program Files\Fichiers communs\Services [23/12/2005|20:03] C:\Program Files\Fichiers communs\SpeechEngines [13/08/2006|14:24] C:\Program Files\Fichiers communs\System [15/02/2006|17:57] C:\Program Files\Fichiers communs\Vbox --------------------\\ Process ( 26 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-24 20:10:03 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 447 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:1][D:5]-> C:\DOCUME~1\Griez\LOCALS~1\Temp [F:21][D:0]-> C:\DOCUME~1\Griez\Cookies [F:3][D:4]-> C:\DOCUME~1\Griez\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 24/04/2010|19:31 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 24/04/2010|20:12 - Option : [2] --------------------\\ Fin du rapport a 20:12:50

1é rapport lop S&D --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1 X86-based PC ( Uniprocessor Free : Processeur Intel Celeron ) BIOS : PhoenixBIOS 4.0 Release 6.0.6 USER : Griez ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:76 Go (Free:48 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 24/04/2010|19:27 ) --------------------\\ Listing des dossiers dans APPLIC~1 [12/12/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [21/10/2006|23:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/03/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure [11/02/2009|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [07/05/2009|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [17/08/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [26/05/2007|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [27/05/2006|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/05/2006|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [19/02/2009|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool [28/11/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan [18/03/2006|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson [11/02/2009|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [16/11/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [13/08/2006|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [20/05/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [02/04/2006|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [23/12/2005|20:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [16/06/2006|18:30] C:\DOCUME~1\Griez\APPLIC~1\ACD Systems [30/03/2008|16:17] C:\DOCUME~1\Griez\APPLIC~1\ACDInTouch [22/02/2008|19:34] C:\DOCUME~1\Griez\APPLIC~1\Adobe [02/04/2006|20:47] C:\DOCUME~1\Griez\APPLIC~1\Ahead [26/10/2006|16:12] C:\DOCUME~1\Griez\APPLIC~1\Apple Computer [06/12/2007|18:24] C:\DOCUME~1\Griez\APPLIC~1\F-Secure [30/09/2006|15:18] C:\DOCUME~1\Griez\APPLIC~1\Google [27/11/2008|20:14] C:\DOCUME~1\Griez\APPLIC~1\Grisoft [18/03/2006|22:15] C:\DOCUME~1\Griez\APPLIC~1\Help [23/12/2005|20:33] C:\DOCUME~1\Griez\APPLIC~1\Identities [07/06/2008|19:23] C:\DOCUME~1\Griez\APPLIC~1\InstallShield [02/12/2007|18:31] C:\DOCUME~1\Griez\APPLIC~1\ispnews [30/03/2008|16:22] C:\DOCUME~1\Griez\APPLIC~1\Leadertech [07/06/2008|19:44] C:\DOCUME~1\Griez\APPLIC~1\LG Electronics [18/06/2007|17:37] C:\DOCUME~1\Griez\APPLIC~1\Macromedia [17/08/2008|18:49] C:\DOCUME~1\Griez\APPLIC~1\Malwarebytes [24/04/2010|02:01] C:\DOCUME~1\Griez\APPLIC~1\Microsoft [11/02/2009|18:37] C:\DOCUME~1\Griez\APPLIC~1\Mozilla [03/02/2007|17:58] C:\DOCUME~1\Griez\APPLIC~1\MSN6 [07/03/2008|18:05] C:\DOCUME~1\Griez\APPLIC~1\PEX [01/03/2006|17:18] C:\DOCUME~1\Griez\APPLIC~1\PSWorks [14/05/2007|10:34] C:\DOCUME~1\Griez\APPLIC~1\Screenshot Sender [16/11/2008|05:15] C:\DOCUME~1\Griez\APPLIC~1\Simply Super Software [31/10/2006|16:51] C:\DOCUME~1\Griez\APPLIC~1\Sun [27/05/2006|16:08] C:\DOCUME~1\Griez\APPLIC~1\Template [16/04/2009|15:20] C:\DOCUME~1\Griez\APPLIC~1\Tray one deaf [11/05/2008|00:00] C:\DOCUME~1\Griez\APPLIC~1\TuneUp Software [23/08/2006|17:23] C:\DOCUME~1\Griez\APPLIC~1\vlc [10/11/2007|19:41] C:\DOCUME~1\Griez\APPLIC~1\WinRAR [24/04/2010|02:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/06/2006|16:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla [24/04/2010|02:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [24/04/2010 19:08][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job [22/04/2010 17:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [24/04/2010 19:06][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [23/01/2007|15:11] C:\Program Files\ABF software [12/12/2008|12:54] C:\Program Files\Adobe [25/01/2007|18:40] C:\Program Files\Apple Software Update [01/12/2008|02:56] C:\Program Files\CCleaner [30/09/2006|15:15] C:\Program Files\Common Files [08/04/2008|18:24] C:\Program Files\ElcomSoft [02/04/2006|10:50] C:\Program Files\Every Toolbar 1.1 [07/05/2009|14:24] C:\Program Files\Fichiers communs [29/09/2008|19:30] C:\Program Files\Free Audio Pack [11/02/2009|18:45] C:\Program Files\Google [04/10/2006|12:56] C:\Program Files\Infine [18/01/2009|20:28] C:\Program Files\InstallShield Installation Information [23/05/2009|02:32] C:\Program Files\Internet Explorer [07/05/2009|16:12] C:\Program Files\Java [07/06/2008|19:35] C:\Program Files\LG Electronics [07/06/2008|19:31] C:\Program Files\LG PC Suite 2 [09/12/2008|21:35] C:\Program Files\LimeWire [02/03/2009|07:05] C:\Program Files\Malwarebytes' Anti-Malware [24/12/2005|21:01] C:\Program Files\Messenger [13/12/2009|21:15] C:\Program Files\Messenger Plus! Live [23/12/2005|20:22] C:\Program Files\microsoft frontpage [23/05/2009|02:11] C:\Program Files\Microsoft Office [27/05/2006|15:58] C:\Program Files\Microsoft Works [23/12/2005|20:18] C:\Program Files\Movie Maker [24/04/2010|19:10] C:\Program Files\Mozilla Firefox [23/12/2005|20:15] C:\Program Files\MSN [23/12/2005|20:15] C:\Program Files\MSN Gaming Zone [16/09/2009|19:24] C:\Program Files\MSN Messenger [24/12/2005|21:26] C:\Program Files\NetMeeting [19/11/2007|13:53] C:\Program Files\Neuf [26/09/2006|18:12] C:\Program Files\Outlook Express [19/08/2006|18:13] C:\Program Files\PQDVD [25/01/2007|18:47] C:\Program Files\QuickTime [10/07/2008|21:55] C:\Program Files\QuickZip4 [21/09/2008|19:04] C:\Program Files\RegCleaner [29/05/2007|12:56] C:\Program Files\Samsung [23/12/2005|22:53] C:\Program Files\Securitoo [23/12/2005|20:19] C:\Program Files\Services en ligne [11/02/2009|18:51] C:\Program Files\Spybot - Search & Destroy [18/01/2009|20:29] C:\Program Files\Uninstall Information [23/08/2006|17:20] C:\Program Files\VideoLAN [19/08/2007|19:53] C:\Program Files\Windows Live [30/05/2007|16:04] C:\Program Files\Windows Live Toolbar [13/08/2006|14:43] C:\Program Files\Windows Media Player [23/12/2005|20:15] C:\Program Files\Windows NT [23/12/2005|23:10] C:\Program Files\WindowsUpdate [10/11/2007|19:35] C:\Program Files\WinRAR [09/03/2008|12:53] C:\Program Files\WinZip [23/12/2005|20:22] C:\Program Files\xerox [06/01/2009|01:52] C:\Program Files\XMoto [30/09/2006|15:15] C:\Program Files\Yahoo! --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [12/12/2008|12:54] C:\Program Files\Fichiers communs\Adobe [02/04/2006|19:51] C:\Program Files\Fichiers communs\Ahead [07/06/2008|19:33] C:\Program Files\Fichiers communs\InstallShield [24/12/2005|17:50] C:\Program Files\Fichiers communs\Java [23/05/2009|02:11] C:\Program Files\Fichiers communs\Microsoft Shared [23/12/2005|20:17] C:\Program Files\Fichiers communs\MSSoap [23/12/2005|20:03] C:\Program Files\Fichiers communs\ODBC [23/12/2005|20:17] C:\Program Files\Fichiers communs\Services [23/12/2005|20:03] C:\Program Files\Fichiers communs\SpeechEngines [13/08/2006|14:24] C:\Program Files\Fichiers communs\System [15/02/2006|17:57] C:\Program Files\Fichiers communs\Vbox --------------------\\ Process ( 26 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Anti Vc.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Anti Vc.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Cake Bash.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Mp3 comp.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\Mp3 comp.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Road Inter Dog Cool\user plus.exe --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dog Cool Send Play"="C:\\Documents and Settings\\All Users\\Application Data\\Road Inter Dog Cool\\Anti Vc.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts MODIFIE 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 71 [ 70 ## added by CiD ] --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-24 19:29:21 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 447 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:1][D:5]-> C:\DOCUME~1\Griez\LOCALS~1\Temp [F:21][D:0]-> C:\DOCUME~1\Griez\Cookies [F:3][D:4]-> C:\DOCUME~1\Griez\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 24/04/2010|19:31 - Option : [1] --------------------\\ Fin du rapport a 19:31:48

impossible de ré ouvrir le document pour le gestionnaires :P le rapport AD-R après nettoyage . ======= RAPPORT D'AD-REMOVER 2.0.0.0,C | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 22/04/10 à 19:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 18:46:30 le 24/04/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 1 - X86 Nom du PC: GRIEZ-BX0K7RQPO Utilisateur actuel: Griez (Administrateur) . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dealio C:\Documents and Settings\Griez\Application Data\Dealio C:\Documents and Settings\Griez\Application Data\Search Settings C:\Program Files\Dealio C:\Program Files\Search Settings (!) -- Fichiers temporaires supprimés. . HKCU\Software\Dealio HKCU\Software\Search Settings HKCU\Software\SWEETIE HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} HKLM\Software\Dealio HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8} HKLM\Software\Search Settings HKU\.DEFAULT\Software\SWEETIE HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKLM\Software\Microsoft\Windows\CurrentVersion\Run|au HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\DealioAU.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\kb127\Dealio Deskbar.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\kb127\DealioRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb127\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe . (Orpheline) BHO: {53707962-6F74-2D53-2644-206D7942484F} (CLSID manquant) . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.9 (fr) * . C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Griez\\Mes documents\\alain.griez C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaultenginename: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage: hxxp://www.neufportail.fr C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9 C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - keyword.URL: hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . . * Internet Explorer Version 6.0.2800.1106 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\windows\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Griez\Mes documents\alain.griez\Patch Anti mise a jour WLM 8.1 finale[www.wikikou.fr]-454.exe C:\Documents and Settings\Griez\Mes documents\patch_netsky.exe . ======================================== . C:\DOCUME~1\Griez\LOCALS~1\Temp: 2 Fichier(s), 4 Dossier(s) C:\WINDOWS\temp: 2 Fichier(s), 0 Dossier(s) Temporary Internet Files: 2 Fichier(s), 5 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 13 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 5129 Octet(s) C:\Ad-Report-SCAN[1].txt - 5029 Octet(s) . Fin à: 19:03:34, 24/04/2010 . ============== E.O.F - CLEAN[1] ============== le reste arrive

le nettoyage est en cours, si le bureau ne réaparait pas après le scan lop S&D je ne pourrait pas le recuperer avec ctrl + alt +supr le gestionnaires est bloqué :s

le rapport AD-R . ======= RAPPORT D'AD-REMOVER 2.0.0.0,C | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 22/04/10 à 19:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 18:08:31 le 24/04/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 1 - X86 Nom du PC: GRIEZ-BX0K7RQPO Utilisateur actuel: Griez (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dealio C:\Documents and Settings\Griez\Application Data\Dealio C:\Documents and Settings\Griez\Application Data\Search Settings C:\Program Files\Dealio C:\Program Files\Search Settings . HKCU\Software\Dealio HKCU\Software\Search Settings HKCU\Software\SWEETIE HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} HKLM\Software\Dealio HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8} HKLM\Software\Search Settings HKU\.DEFAULT\Software\SWEETIE HKU\S-1-5-18\Software\SWEETIE HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKLM\Software\Microsoft\Windows\CurrentVersion\Run|au HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\DealioAU.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\kb127\Dealio Deskbar.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio\kb127\DealioRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb127\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.9 (fr) * . C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Griez\\Mes documents\\alain.griez C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaultenginename: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage: hxxp://www.neufportail.fr C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9 C:\Documents and Settings\Griez\..\bdns9u7c.default\prefs.js - keyword.URL: hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . . * Internet Explorer Version 6.0.2800.1106 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\windows\system32\blank.htm Search bar: hxxp://search.msn.fr/spbasic.htm Search Page: hxxp://www.google.com Show_ToolBar: yes Start Page: hxxp://www.neufportail.fr/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://www.google.com/ie Delete_Temp_Files_On_Exit: yes Local Page: C:\windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Griez\Mes documents\alain.griez\Patch Anti mise a jour WLM 8.1 finale[www.wikikou.fr]-454.exe C:\Documents and Settings\Griez\Mes documents\patch_netsky.exe . ======================================== . C:\DOCUME~1\Griez\LOCALS~1\Temp: 39 Fichier(s), 4 Dossier(s) C:\WINDOWS\temp: 4 Fichier(s), 0 Dossier(s) Temporary Internet Files: 8 Fichier(s), 5 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 0 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 4905 Octet(s) . Fin à: 18:24:34, 24/04/2010 . ============== E.O.F - SCAN[1] ==============

bonsoir mon frère a encore flinguer son ordinateur et cette fois je cale l'antivirus ne s'ouvre plus. celui de neuf^^ le gestionnaires des taches et le registre bloqué par l'admin (une seul session sur l'ordi en admin). j'ai fait des analyse avec sybot et malwarebytes qui non rien trouver :/ j'ai aussi fait un scan hijackthis je suis aller voir sur le site ou on peut faire evalué le rapport mais j'ose pas toucher j'ai peur de faire des conneries. la bete est sous xp pro^^ le rapport : Logfile of HijackThis v1.99.1 Scan saved at 02:46:46, on 24/04/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Griez\Mes documents\alain.griez\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [Dog Cool Send Play] C:\Documents and Settings\All Users\Application Data\Road Inter Dog Cool\Anti Vc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spam atom] C:\DOCUME~1\Griez\APPLIC~1\TRAYON~1\Databagslive.exe O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\securitoo\av_fw\fsps\program\fslsp.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) merci, bob2N.