[RESOLU]Win32:tratBHO et Trj Dldr.ConHook.Gen

[Ben13]

Désolé, j'ai refais le reg (j'avais oublié la première ligne )

Et j'ai suivi la procédure. (il n'était pas dans le regedit après l'avoir fusionner, donc c'est bon ?)

 

Pour ce fichier :

c:\users\maryse\appdata\local\temp\ursrq.dll

 

Non, il n'est plus la.

 

 

 

 

Voici le nouveau HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:56, on 2008-02-09

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Maryse\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 7342 bytes

Modifié le 9 février 2008 par Ben13

[pear]

Le log est propre.

 

On fait une vérification plus approfondie:

Télécharger DiagHelp.zip de Malekal_morte sur le bureau.

http://www.malekal.com/download/DiagHelp.zip

* Décompressez le, sur le bureau par exemple.

* Un nouveau dossier chercher va être créé DiagHelp.

* Ouvrez le et double-cliquez sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisir l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes, appuyez sur une touche quand on le demande

* Copier/coller le contenu entier du bloc-note qui s'ouvre et le joindre à la prochaine réponse.

Sinon, il est là:C:\resultats.txt

[Ben13]

Voila le résultat du scan avec DiagHelp :

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 2008-02-09 à 18:11:23.50

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\Windows\prefetch\CHCP.COM-61043047.pf -->2008-02-09 18:11:21

C:\Windows\prefetch\NOTEPAD.EXE-D8414F97.pf -->2008-02-09 18:10:15

C:\Windows\prefetch\WLLOGINPROXY.EXE-9E0DCEF8.pf -->2008-02-09 18:09:21

C:\Windows\prefetch\IEXPLORE.EXE-908C99F8.pf -->2008-02-09 18:09:21

C:\Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->2008-02-09 18:08:48

C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf -->2008-02-09 18:08:44

C:\Windows\prefetch\NTVDM.EXE-F6564EE5.pf -->2008-02-09 18:08:27

C:\Windows\prefetch\FIND.EXE-E2237F6D.pf -->2008-02-09 18:07:50

C:\Windows\prefetch\CONIME.EXE-9781FD5F.pf -->2008-02-09 18:07:29

C:\Windows\prefetch\CMD.EXE-4A81B364.pf -->2008-02-09 18:07:29

 

C:\Windows\System32\drivers\ComboFix.sys -->2008-02-09 16:36:22

C:\Windows\System32\drivers\avipbb.sys -->2008-02-08 15:32:43

C:\Windows\System32\drivers\tcpip.sys -->2008-01-10 11:55:00

C:\Windows\System32\drivers\netio.sys -->2008-01-10 11:55:00

C:\Windows\System32\drivers\volsnap.sys -->2008-01-10 11:53:33

C:\Windows\System32\drivers\pciidex.sys -->2008-01-10 11:53:33

C:\Windows\System32\drivers\pciide.sys -->2008-01-10 11:53:33

 

C:\Windows\System32\perfh00C.dat -->2008-02-09 17:53:28

C:\Windows\System32\perfh009.dat -->2008-02-09 17:53:28

C:\Windows\System32\perfc00C.dat -->2008-02-09 17:53:28

C:\Windows\System32\perfc009.dat -->2008-02-09 17:53:28

C:\Windows\System32\PerfStringBackup.INI -->2008-02-09 17:53:27

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-02-09 17:47:37

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-02-09 17:47:36

C:\Windows\System32\FNTCACHE.DAT -->2008-02-09 14:42:50

C:\Windows\System32\jupdate-1.6.0_03-b05.log -->2008-02-08 14:06:27

C:\Windows\System32\config.nt -->2008-02-08 13:09:12

C:\Windows\System32\tcpipcfg.dll -->2008-01-10 11:55:00

C:\Windows\System32\netiougc.exe -->2008-01-10 11:55:00

C:\Windows\System32\netcfg.exe -->2008-01-10 11:55:00

C:\Windows\System32\GameUXLegacyGDFs.dll -->2008-01-10 11:53:47

C:\Windows\System32\gameux.dll -->2008-01-10 11:53:46

C:\Windows\System32\sbunattend.exe -->2008-01-10 11:53:02

C:\Windows\System32\mrt.exe -->2008-01-02 19:21:36

C:\Windows\System32\coh.cache -->2007-12-28 17:26:56

C:\Windows\System32\riched32.dll -->2007-12-28 17:11:48

C:\Windows\System32\riched20.dll -->2007-12-28 17:11:48

C:\Windows\System32\kmddsp.tsp -->2007-12-28 17:11:44

C:\Windows\System32\rasser.dll -->2007-12-28 17:11:43

C:\Windows\System32\rasdiag.dll -->2007-12-28 17:11:43

C:\Windows\System32\rascfg.dll -->2007-12-28 17:11:43

C:\Windows\System32\rasmxs.dll -->2007-12-28 17:11:42

 

C:\Windows\WindowsUpdate.log -->2008-02-09 17:51:14

C:\Windows\bootstat.dat -->2008-02-09 17:47:27

C:\Windows\ntbtlog.txt -->2008-02-09 17:46:23

C:\Windows\PFRO.log -->2008-02-09 17:40:35

C:\Windows\PSEXESVC.EXE -->2008-02-09 17:38:06

C:\Windows\TMUPDATE.DLL -->2008-02-08 14:01:38

C:\Windows\UNZIP.DLL -->2008-02-08 14:01:37

C:\Windows\PATCH.EXE -->2008-02-08 14:01:37

C:\Windows\setupact.log -->2008-01-20 23:58:56

C:\Windows\msxml4-KB941833-enu.LOG -->2007-12-29 20:03:13

C:\Windows\WindowsShell.Manifest -->2007-12-28 17:17:40

C:\Windows\explorer.exe -->2007-12-28 17:10:17

C:\Windows\msxml4-KB936181-enu.LOG -->2007-12-28 16:47:19

C:\Windows\DPINST.LOG -->2007-12-28 14:00:57

C:\Windows\Kit.ini -->2007-12-28 12:24:31

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 280

Command line: C:\Windows\Explorer.EXE

 

Base Size Version Path

0x00740000 0x2cd000 6.00.6000.16549 C:\Windows\Explorer.EXE

0x77d50000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll

0x767b0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll

0x76890000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll

0x77670000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll

0x76750000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll

0x76960000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll

0x76610000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll

0x77e80000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll

0x76b20000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll

0x77a70000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll

0x77940000 0x8c000 6.00.6000.16386 C:\Windows\system32\OLEAUT32.dll

0x73380000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll

0x756b0000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll

0x75960000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll

0x741b0000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll

0x74e60000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll

0x75f40000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll

0x74c40000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll

0x73230000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll

0x76b00000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll

0x76a30000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll

0x75680000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll

0x77e70000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL

0x77f10000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll

0x753b0000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

0x74870000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll

0x73ee0000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll

0x764a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll

0x766c0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL

0x75a20000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll

0x72d90000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl

0x74d40000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL

0x76110000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll

0x76570000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL

0x75020000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll

0x72cd0000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll

0x764c0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll

0x72ca0000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll

0x75ae0000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll

0x72d70000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll

0x76440000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll

0x77740000 0x127000 7.00.6000.16575 C:\Windows\system32\urlmon.dll

0x779d0000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll

0x75980000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL

0x77a20000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll

0x76a00000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll

0x767a0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll

0x760f0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll

0x72520000 0x5cd000 7.00.6000.16575 C:\Windows\system32\ieframe.dll

0x75060000 0x33000 6.00.6000.16386 C:\Windows\system32\WINMM.dll

0x74c10000 0x30000 6.00.6000.16386 C:\Windows\system32\wdmaud.drv

0x75650000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll

0x757a0000 0x7000 6.00.6000.16386 C:\Windows\system32\AVRT.dll

0x757b0000 0x27000 6.00.6000.16386 C:\Windows\system32\MMDevAPI.DLL

0x77bc0000 0x188000 6.00.6000.16386 C:\Windows\system32\SETUPAPI.dll

0x756f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll

0x75f80000 0xf1000 6.00.6000.16425 C:\Windows\system32\CRYPT32.dll

0x760d0000 0x12000 6.00.6000.16386 C:\Windows\system32\MSASN1.dll

0x77ee0000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll

0x74b80000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll

0x74a50000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll

0x74bd0000 0x9000 6.00.6000.16386 C:\Windows\system32\msacm32.drv

0x74bb0000 0x15000 6.00.6000.16386 C:\Windows\system32\MSACM32.dll

0x74b70000 0x7000 6.00.6000.16386 C:\Windows\system32\midimap.dll

0x720c0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll

0x77870000 0xcf000 7.00.6000.16575 C:\Windows\system32\WININET.dll

0x76950000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll

0x72380000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll

0x75ca0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll

0x72e80000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll

0x71e50000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll

0x75790000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll

0x72af0000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll

0x717c0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll

0x75880000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll

0x75d90000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll

0x74930000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll

0x72ba0000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll

0x72420000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll

0x74b60000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL

0x70940000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll

0x75ee0000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL

0x75ea0000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL

0x76180000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll

0x75e90000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL

0x75e70000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL

0x75010000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll

0x75890000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll

0x713b0000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll

0x72be0000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll

0x75f00000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll

0x74210000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll

0x71ee0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll

0x74d00000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll

0x72c00000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll

0x6ffd0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll

0x75350000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll

0x74360000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL

0x74450000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll

0x74250000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll

0x75dc0000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll

0x6f250000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll

0x6ef90000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll

0x73ba0000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll

0x6ef50000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll

0x6ee80000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll

0x6ecf0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll

0x6e6f0000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll

0x6ecb0000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll

0x6f410000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll

0x6e9c0000 0x51000 6.00.6000.16386 C:\Windows\system32\imapi2.dll

0x6f100000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll

0x6ec30000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll

0x6fd60000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll

0x6e5f0000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl

0x76380000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL

0x76090000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll

0x75660000 0x14000 6.00.6000.16386 C:\Windows\system32\Cabinet.dll

0x6ef20000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll

0x73cb0000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll

0x6d3b0000 0x56000 6.00.6000.16386 C:\Windows\system32\zipfldr.dll

0x02b50000 0x2e000 C:\Program Files\WinRAR\rarext.dll

0x10000000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL

0x05400000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll

0x5d360000 0xf000 7.10.3077.0000 C:\Windows\system32\MFC71FRA.DLL

0x6e490000 0x2e000 6.00.6000.16386 C:\Windows\system32\syncui.dll

0x72080000 0x15000 6.00.6000.16386 C:\Windows\system32\SYNCENG.dll

0x75130000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll

0x6d610000 0x60000 6.00.6000.16386 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll

0x01d80000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x73090000 0x9b000 8.00.50727.0312 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCR80.dll

0x75620000 0x22000 1.01.1002.0000 C:\Windows\system32\xmllite.dll

0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 700

Command line: winlogon.exe

 

Base Size Version Path

0x00270000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe

0x77d50000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll

0x767b0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll

0x76890000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll

0x77670000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll

0x76960000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll

0x76750000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll

0x76610000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll

0x764a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll

0x75d90000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll

0x76570000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL

0x764c0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll

0x76b00000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL

0x76a30000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll

0x77e70000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL

0x77f10000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll

0x76440000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll

0x75980000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL

0x77a20000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll

0x76a00000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll

0x767a0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll

0x760f0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll

0x77a70000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll

0x749d0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll

0x756b0000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll

0x75a20000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll

0x74870000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll

0x76110000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll

0x75f40000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll

0x76090000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll

 

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Windows\system32

 

2006-11-02 10:45 7,680 csrss.exe

1 fichier(s) 7,680 octets

0 Rép(s) 106,017,398,784 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Windows\Downloaded Program Files

 

2008-02-08 14:06 <REP> .

2008-02-08 14:06 <REP> ..

2006-09-18 22:26 65 desktop.ini

2006-06-30 11:00 29,616 dwusplay.dll

2006-06-30 11:00 201,648 dwusplay.exe

2006-09-11 03:40 484,272 isusweb.dll

2007-09-25 01:33 1,055 jinstall-6u3.inf

2005-11-02 18:01 1,777 xscan.inf

2005-11-02 18:07 435,712 xscan53.ocx

7 fichier(s) 1,154,145 octets

 

Total des fichiers listés :

7 fichier(s) 1,154,145 octets

2 Rép(s) 106,017,398,784 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

dword:00000001 présent dans la clef HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - Possible infection Trojan.DNS/Wareout

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

 

 

 

exports des policies

REGEDIT4

 

[system]

"ConsentPromptBehaviorAdmin"=dword:00000002

"ConsentPromptBehaviorUser"=dword:00000001

"EnableInstallerDetection"=dword:00000001

"EnableLUA"=dword:00000000

"EnableSecureUIAPaths"=dword:00000001

"EnableVirtualization"=dword:00000001

"PromptOnSecureDesktop"=dword:00000001

"ValidateAdminCodeSignatures"=dword:00000000

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"scforceoption"=dword:00000000

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"FilterAdministratorToken"=dword:00000000

 

[system\UIPI]

 

[system\UIPI\Clipboard]

 

[system\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=dword:00000001

"CF_BITMAP"=dword:00000002

"CF_OEMTEXT"=dword:00000007

"CF_DIB"=dword:00000008

"CF_PALETTE"=dword:00000009

"CF_UNICODETEXT"=dword:0000000d

"CF_DIBV5"=dword:00000011

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-09 18:11:37

Windows 6.0.6000 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Sorry, this version supports only Win2K/XP

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Sorry, this version supports only Win2K/XP

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Program Files

 

2008-02-09 11:53 <REP> .

2008-02-09 11:53 <REP> ..

2007-09-27 20:35 <REP> Activation Assistant for the 2007 Microsoft Office suites

2008-01-09 13:07 <REP> Adobe

2008-02-08 13:08 <REP> Alwil Software

2007-09-27 20:01 <REP> AMD

2007-09-27 20:08 <REP> Atheros

2007-09-27 20:02 <REP> ATI

2007-09-27 20:06 <REP> ATI Technologies

2007-09-27 20:01 <REP> ATK Hotkey

2008-02-08 15:30 <REP> Avira

2008-02-08 14:03 <REP> Common Files

2007-09-27 20:23 <REP> CyberLink

2007-12-28 17:13 <REP> Google

2007-09-27 20:14 <REP> HDReg

2007-12-28 17:13 <REP> Internet Explorer

2008-02-08 14:06 <REP> Java

2007-12-28 17:05 <REP> Microsoft CAPICOM 2.1.0.2

2006-11-02 13:37 <REP> Microsoft Games

2007-09-27 20:33 <REP> Microsoft Office

2007-09-27 20:33 <REP> Microsoft Works

2007-09-27 20:33 <REP> Microsoft.NET

2007-09-28 05:19 <REP> Movie Maker

2008-02-09 15:17 <REP> Mozilla Firefox

2006-11-02 13:37 <REP> MSBuild

2006-11-02 13:37 <REP> MSN

2007-12-28 16:47 <REP> MSXML 4.0

2007-12-28 17:29 <REP> Norton 360

2008-01-09 12:08 <REP> OrangeHSS

2008-02-09 17:16 <REP> Packard Bell

2008-01-08 19:11 <REP> Picasa2

2008-02-08 12:54 <REP> Prevx1

2006-11-02 13:37 <REP> Reference Assemblies

2007-09-27 20:21 <REP> Roxio

2007-12-28 12:22 <REP> SAGEM

2007-12-28 11:04 <REP> Securitoo

2007-09-27 20:36 <REP> Skype

2007-09-27 20:03 <REP> Synaptics

2008-02-09 11:53 <REP> Trend Micro

2008-01-17 14:12 <REP> Valve

2007-12-28 12:24 <REP> Wanadoo

2007-12-28 17:14 <REP> Windows Calendar

2007-09-28 05:19 <REP> Windows Collaboration

2007-09-28 05:28 <REP> Windows Defender

2007-09-28 05:19 <REP> Windows Journal

2007-12-28 14:00 <REP> Windows Live

2008-01-10 12:00 <REP> Windows Mail

2007-12-28 17:13 <REP> Windows Media Player

2007-12-28 10:43 <REP> Windows NT

2007-09-28 05:19 <REP> Windows Photo Gallery

2008-01-10 12:00 <REP> Windows Sidebar

2007-12-30 15:08 <REP> WinRAR

0 fichier(s) 0 octets

52 Rép(s) 106,004,619,264 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Program Files\fichiers communs

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

2007-09-27 20:33 <REP> .

2007-09-27 20:33 <REP> ..

2007-09-27 20:30 <REP> 1036

2006-10-26 19:12 40,256 MSOSV.DLL

1 fichier(s) 40,256 octets

3 Rép(s) 106,004,619,264 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 3C38-DEFE

 

Répertoire de C:\Program Files\common files

 

2008-02-08 14:03 <REP> .

2008-02-08 14:03 <REP> ..

2008-01-09 13:07 <REP> Adobe

2007-09-27 20:33 <REP> DESIGNER

2007-09-27 20:23 <REP> InstallShield

2008-02-08 14:03 <REP> Java

2007-12-28 14:01 <REP> microsoft shared

2007-09-27 20:21 <REP> Roxio Shared

2006-11-02 12:18 <REP> Services

2007-09-27 20:36 <REP> Skype

2007-09-27 20:21 <REP> Sonic Shared

2006-11-02 12:18 <REP> SpeechEngines

2007-09-27 20:21 <REP> SureThing Shared

2007-12-28 17:30 <REP> Symantec Shared

2007-09-28 05:39 <REP> System

0 fichier(s) 0 octets

15 Rép(s) 106,004,619,264 octets libres

 

 

 

 

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_PC-de-Maryse.tar.gz a l'adresse http://upload.malekal.com

[pear]

C'est propre.

 

faites un scan antivir en mode sans échec.

 

Télécharger puis installer AVG Anti-Spyware (AVG AS)

http://www.ewido.net/en/download/

Une fois AVG AS lancé, cliquer sur "Mise à jour"

Fermer le programme.

 

Redémarrer en mode sans échec

 

Relancer AVG AS puis choisir l'onglet "Analyse"

Puis l'onglet "Paramètres

Sous la question "Comment réagir ?", cliquer sur "Actions recommandées"et choisir"Quarantaine"

Re-cliquer sur l'onglet "Analyse" puis réaliser une "Analyse complète du système"

 

/!\ Si un fichier est infecté détécté en fin d'analyse /!\

Cliquer sur "Appliquer toutes les actions "

 

Cliquer sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"

Enregistrer ce fichier texte sur le bureau.

 

Redémarrer normalement

Copier/Coller le rapport ici.

[Ben13]

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 19:39 2008-02-09

 

+ Résultat de l'analyse:

 

 

 

:mozilla.137:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.

:mozilla.140:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.141:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.142:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.143:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.144:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.145:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.146:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.147:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.164:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.582:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.

:mozilla.456:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.

:mozilla.60:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.

:mozilla.89:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.90:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.91:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.92:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.93:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.22:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.

:mozilla.99:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.

:mozilla.63:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.

:mozilla.642:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise.

:mozilla.643:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise.

:mozilla.474:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.475:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.476:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.477:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.478:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.549:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise.

:mozilla.550:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise.

:mozilla.36:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

:mozilla.9:C:\Users\Maryse\AppData\Roaming\Mozilla\Firefox\Profiles\wn6ist1o.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

:mozilla.228:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.

:mozilla.241:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.

:mozilla.245:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.

:mozilla.246:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.

:mozilla.250:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.

:mozilla.251:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.

:mozilla.379:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.380:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.381:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.382:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.383:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.464:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.

:mozilla.479:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.

:mozilla.606:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.

:mozilla.667:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.

:mozilla.266:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.267:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.268:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.471:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.514:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.593:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@ehg-quechoisir.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.

:mozilla.453:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.

:mozilla.454:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Aucune action entreprise.

:mozilla.41:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.

:mozilla.7:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.

:mozilla.148:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.

:mozilla.149:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.

:mozilla.150:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.

:mozilla.200:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.

:mozilla.484:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.

:mozilla.485:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.

:mozilla.309:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.310:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.311:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.312:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.313:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.314:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.315:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

:mozilla.283:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.

:mozilla.386:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.

:mozilla.17:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.18:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.19:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.20:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.21:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.364:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.

:mozilla.365:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.

:mozilla.27:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.28:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.29:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.30:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.31:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.46:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.47:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.50:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.

:mozilla.644:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.

:mozilla.645:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.

:mozilla.238:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

:mozilla.239:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

:mozilla.240:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

:mozilla.244:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

:mozilla.247:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

:mozilla.248:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

 

 

Fin du rapport

[angelique]

clic droit sur ComboFix[sur ton bureau] "executer en tant qu'administrateur" !! nan ??un truc comme ça , je connais pas ce Vista

[Ben13]

J'ai essayé, mais ça n'a pas marché.

J'avais essayé aussi la compatibilité Windows Xp mais rien non plus.

[pear]

Bonsoir,

 

Il manque encore le rapport Antivir,

mais pour l'instant , ça va bien.

 

Pas de problèmes à signaler ?

[Ben13]

Désolé pour le retard...

 

Voici le rapport antivir

 

 

 

AntiVir PersonalEdition Classic

Report file date: 2008-02-10 16:55

 

Scanning for 1096761 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (plain) [6.0.6000]

Username: Maryse

Computer name: PC-DE-MARYSE

 

Version information:

BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 14:32:39

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 15:43:18

ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2008-02-08 15:43:18

AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-08 14:32:42

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-08 14:32:42

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 2008-02-10 16:55

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

17 processes with 17 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '13' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HDD>

C:\pagefile.sys

[WARNING] The file could not be opened!

 

 

End of the scan: 2008-02-10 17:31

Used time: 36:35 min

 

The scan has been done completely.

 

12035 Scanning directories

159578 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

159578 Files not concerned

1386 Archives were scanned

1 Warnings

0 Notes

[pear]

Bonsoir,

 

Avez vous encore des problèmes ?

Tout parait propre.