Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Des POP-UP s'ouvrent même lorsque je ne navigue pas

jonas_m18

Par jonas_m18
dans Analyses et éradication malwares

 Partager

Messages recommandés

jonas_m18 Junior Member

jonas_m18

Posté(e)
Posté(e)

Bonjours, j'ai un gros probleme avec mon ordinateur qui est devenu extremement lent dernierement et qui déclenche des fenêtre pop-up même lorsque je ne suis pas à l'ordinateur (il est ouvert en permanence) je vous envoie le rapport et je vous demande de m'aider svp.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:33, on 2008-11-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell sans fil\PRISMCFG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CIEX80L1\HiJackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://superiorads.biz/bc/123kah.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: dcads - {084c424f-2619-d15e-60e4-0e2d1fe75219} - C:\WINDOWS\system32\nsp299.dll (file missing)

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsb67.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\slow cool.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [97429356999662707574974332653523] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189460302140

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

--

End of file - 11837 bytes

 

Merci d'avance

angelique Devil Member !

angelique

Posté(e)
Posté(e)

1 • relance HijackThis " do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked:

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://superiorads.biz/bc/123kah.php

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: dcads - {084c424f-2619-d15e-60e4-0e2d1fe75219} - C:\WINDOWS\system32\nsp299.dll (file missing)

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsb67.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\slow cool.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [97429356999662707574974332653523] C:\Program Files\XP Antivirus\xpa.exe

 

 

==> clic Fixchecked

 

2 • Télécharge SmitfraudFix de S!Ri sur ton bureau :

 

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

 

installe le , un dossier de meme nom est crée sur ton bureau

 

Dans le menu, sélectionne 2 et poste le rapport

 

 

3 • Télécharge ToolBar-S&D de Eric_71, Angeldark, Sham_Rock et XmichouX, option 1 puis option 2 , tu postes le rapport de l'option 2

http://eric.71.mespages.googlepages.com/ToolBarSD.exe

tuto::

http://toolbarsd.googlepages.com/aideenimages

 

4 • Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.

 

http://eric.71.mespages.googlepages.com/LopSD.exe

 

*Double-cliquer sur Lop S&D.exe pour lancer l'installation,

*Puis double-cliquer sur le raccourci Lop S&D présent sur le Bureau,

*Séléctionner la langue souhaitée , puis choisir l'Option 1 (Recherche)

*A l'issue du scan, le bloc notes va s'ouvrir avec le résultat de la recherche,

 

 

*relancer LopSD et choisir l'option "2" (Suppression)

 

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

il sauvegardé automatiquement à la racine de la partition système : C:\LopR.txt

 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer.exe puis valide.

 

5 • reposte un nouveau rapport HijackThis avec tout le toutim

 

===poste tous les rapports dans une seule et meme réponse===

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Merci de poster tes rapports ici , et non par MP :P

 

-----------------------------------

 

Merci encore pour l'aide

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:57:55, on 2008-11-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell sans fil\PRISMCFG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\OCALHDDJ\HiJackThis[2].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dcads - {084c424f-2619-d15e-60e4-0e2d1fe75219} - C:\WINDOWS\system32\nsp299.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

--

End of file - 7904 bytes

 

 

SmitFraudFix v2.375

 

Rapport fait à 15:31:41,39, 2008-11-19

Executé à partir de C:\Documents and Settings\Jonathan\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

66.98.148.65 auto.search.msn.com

66.98.148.65 auto.search.msn.es

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

Problème suppression C:\Program Files\Google\googletoolbar1.dll

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets

DNS Server Search Order: 205.151.69.200

DNS Server Search Order: 205.151.68.200

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F4ED0EB-480F-4C50-AF51-6F1E8BDF5CBD}: DhcpNameServer=205.151.69.200 205.151.68.200

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F4ED0EB-480F-4C50-AF51-6F1E8BDF5CBD}: DhcpNameServer=205.151.69.200 205.151.68.200

HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F4ED0EB-480F-4C50-AF51-6F1E8BDF5CBD}: DhcpNameServer=205.151.69.200 205.151.68.200

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.151.69.200 205.151.68.200

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

 

C:\Program Files\Google\googletoolbar1.dll supprimé

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

-----------\\ ToolBar S&D 1.2.4 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : Jonathan ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

C:\ (Local Disk) - NTFS - Total:64 Go (Free:42 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - FAT32 - Total:9 Go (Free:4 Go)

 

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )

Option : [2] ( 2008-11-19|15:37 )

C:\WINDOWS\iun6002.exe

C:\WINDOWS\System32\Dcads-remove.exe

C:\WINDOWS\system32\dcads_sidebar.dll

C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

C:\WINDOWS\System32\DcadsSocial-uninstall.exe

C:\WINDOWS\System32\f3PSSavr.scr

C:\WINDOWS\system32\superiorads-uninst.exe

C:\WINDOWS\System32\uninst.exe

C:\Program Files\Internet Explorer\msimg32.dll

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

C:\Program Files\MSN Messenger\riched20.dll

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\ICD1.tmp

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe

Supprime! - C:\Program Files\Dcads Games Collection\BobAndBill.exe

Supprime! - C:\Program Files\Dcads Games Collection\CrazyBlocks.exe

Supprime! - C:\Program Files\Dcads Games Collection\Lines.exe

Supprime! - C:\Program Files\Dcads Games Collection\uninstall.exe

Supprime! - C:\Program Files\Dcads Games Collection\VideoPool.exe

Supprime! - C:\Program Files\FunWebProducts\ScreenSaver

Supprime! - C:\Program Files\FunWebProducts\Shared

Echec ! - C:\Program Files\MyWebSearch\bar

Supprime! - C:\Program Files\MyWebSearch\SrchAstt

Supprime! - C:\DOCUME~1\Jonathan\Cookies\jonathan@mywebsearch[2].txt

Supprime! - C:\Program Files\PlayMP3z\uninstall.exe

Supprime! - C:\WINDOWS\iun6002.exe

Supprime! - C:\WINDOWS\System32\Dcads-remove.exe

Supprime! - C:\WINDOWS\system32\dcads_sidebar.dll

Supprime! - C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

Supprime! - C:\WINDOWS\System32\DcadsSocial-uninstall.exe

Supprime! - C:\WINDOWS\System32\f3PSSavr.scr

Supprime! - C:\WINDOWS\system32\superiorads-uninst.exe

Supprime! - C:\WINDOWS\System32\uninst.exe

Supprime! - C:\Program Files\Internet Explorer\msimg32.dll

Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

Supprime! - C:\Program Files\MSN Messenger\riched20.dll

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\ICD1.tmp

Supprime! - C:\Program Files\Dcads Games Collection

Supprime! - C:\Program Files\FunWebProducts

Echec ! - C:\Program Files\MyWebSearch

Supprime! - C:\Program Files\PlayMP3z

 

-----------\\ DEUXIEME PASSAGE

 

Echec ! - C:\Program Files\MyWebSearch\bar

Echec ! - C:\Program Files\MyWebSearch

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar

 

-----------\\ Extensions

 

(Steeve) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\windows\\system32\\blank.htm"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\windows\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-19|15:38 - Option : [2]

 

-----------\\ Fin du rapport a 15:38:50,90

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : Jonathan ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

C:\ (Local Disk) - NTFS - Total:64 Go (Free:42 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - FAT32 - Total:9 Go (Free:4 Go)

 

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )

Option : [2] ( 2008-11-19|15:46 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Ford wait.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\slow cool.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\inatgexk.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\koagxurb.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\nwoevfxz.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\odjovrrm.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\rronzfxq.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\ukbczmwr.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\vdqggdzr.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\vxwufkcp.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\wdsgxofd.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\xrtupadv.exe

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\yhngoqlw.exe

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsb9A.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsdB8.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nseCD.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsh11E.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsi11A.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsj4E.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsy95.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsz123.tmp

Supprime! - C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nszD1.tmp

Supprime! - C:\DOCUME~1\Jonathan\Cookies\jonathan@advertising[2].txt

Supprime! - C:\DOCUME~1\Jonathan\Cookies\jonathan@adopt.euroclick[1].txt

Supprime! - C:\DOCUME~1\Jonathan\Cookies\jonathan@partypoker[2].txt

Supprime! - C:\WINDOWS\Tasks\BF7AA5819AA55DE5.job

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

Supprime! - C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1

Supprime! - C:\DOCUME~1\Steeve\APPLIC~1\moreki~1

Supprime! - C:\Program Files\moreki~1

Supprime! - C:\Program Files\BitDownload

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2007-09-10|07:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[2008-10-05|19:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[2008-10-05|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2008-10-05|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8

[2008-10-05|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[2008-04-25|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache

[2008-10-19|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-11-18|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater

[2007-09-10|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[2008-04-25|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games

[2007-09-11|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

[2008-03-08|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2008-11-18|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[2008-04-27|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground

[2007-09-10|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[2008-04-25|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playtonium Games

[2007-09-10|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism

[2008-05-25|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2007-11-30|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

[2007-09-10|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2007-09-16|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[2008-03-08|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[2007-09-10|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[2008-07-06|19:21] C:\DOCUME~1\Jonathan\APPLIC~1\.wyzo

[2008-10-08|20:39] C:\DOCUME~1\Jonathan\APPLIC~1\Adobe

[2008-01-18|21:10] C:\DOCUME~1\Jonathan\APPLIC~1\DivX

[2007-12-24|18:00] C:\DOCUME~1\Jonathan\APPLIC~1\Google

[2007-11-18|18:23] C:\DOCUME~1\Jonathan\APPLIC~1\Identities

[2008-04-22|21:09] C:\DOCUME~1\Jonathan\APPLIC~1\iWinArcade

[2008-11-05|16:39] C:\DOCUME~1\Jonathan\APPLIC~1\LimeWire

[2008-04-22|21:11] C:\DOCUME~1\Jonathan\APPLIC~1\Macromedia

[2007-11-26|16:50] C:\DOCUME~1\Jonathan\APPLIC~1\Media Player Classic

[2008-10-05|19:11] C:\DOCUME~1\Jonathan\APPLIC~1\Microsoft

[2008-04-23|12:02] C:\DOCUME~1\Jonathan\APPLIC~1\Mozilla

[2007-12-21|19:48] C:\DOCUME~1\Jonathan\APPLIC~1\Sun

[2008-01-21|11:22] C:\DOCUME~1\Jonathan\APPLIC~1\U3

[2008-05-25|22:07] C:\DOCUME~1\Jonathan\APPLIC~1\URSoft

[2008-05-25|12:50] C:\DOCUME~1\Jonathan\APPLIC~1\vlc

[2007-11-30|11:44] C:\DOCUME~1\Jonathan\APPLIC~1\WinRAR

 

[2008-10-05|19:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[2008-10-05|19:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[2008-11-02|20:08] C:\DOCUME~1\Steeve\APPLIC~1\Adobe

[2007-12-27|19:35] C:\DOCUME~1\Steeve\APPLIC~1\Google

[2007-09-11|21:22] C:\DOCUME~1\Steeve\APPLIC~1\Help

[2007-09-10|07:13] C:\DOCUME~1\Steeve\APPLIC~1\Identities

[2007-11-04|16:59] C:\DOCUME~1\Steeve\APPLIC~1\LimeWire

[2007-09-10|18:57] C:\DOCUME~1\Steeve\APPLIC~1\Macromedia

[2007-09-11|18:34] C:\DOCUME~1\Steeve\APPLIC~1\Media Player Classic

[2008-10-05|19:11] C:\DOCUME~1\Steeve\APPLIC~1\Microsoft

[2007-09-11|16:25] C:\DOCUME~1\Steeve\APPLIC~1\Mozilla

[2007-09-12|22:53] C:\DOCUME~1\Steeve\APPLIC~1\Sega

[2007-10-03|12:07] C:\DOCUME~1\Steeve\APPLIC~1\U3

[2007-09-10|17:12] C:\DOCUME~1\Steeve\APPLIC~1\WinRAR

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2008-11-19 15:02][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[2008-11-18 03:11][--ah-----] C:\WINDOWS\tasks\SA.DAT

[2001-08-24 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2008-10-08|20:37] C:\Program Files\Adobe

[2007-09-10|19:03] C:\Program Files\Alawar

[2007-09-12|19:50] C:\Program Files\Alwil Software

[2007-09-10|14:15] C:\Program Files\Analog Devices

[2008-06-21|12:42] C:\Program Files\AVG

[2008-10-05|19:32] C:\Program Files\Avira

[2008-04-25|09:18] C:\Program Files\bfgclient

[2007-11-27|11:05] C:\Program Files\Bonjour

[2007-09-10|07:00] C:\Program Files\ComPlus Applications

[2007-09-10|17:21] C:\Program Files\Dell

[2007-09-10|16:33] C:\Program Files\Dell sans fil

[2008-05-25|10:38] C:\Program Files\DivX

[2008-01-09|22:11] C:\Program Files\Dreamcatcher

[2007-09-11|15:10] C:\Program Files\EA Games

[2007-09-13|07:57] C:\Program Files\EA SPORTS

[2007-09-10|18:48] C:\Program Files\Eggsucker

[2008-05-25|22:23] C:\Program Files\eMule

[2007-09-11|21:44] C:\Program Files\EverestUE3.50

[2008-03-08|13:59] C:\Program Files\Fichiers communs

[2007-09-13|12:34] C:\Program Files\GameHouse

[2008-10-19|12:13] C:\Program Files\Google

[2007-10-16|16:05] C:\Program Files\Hardwood Solitaire III

[2007-11-30|11:48] C:\Program Files\Insaniquarium Deluxe

[2008-06-21|12:41] C:\Program Files\InstallShield Installation Information

[2007-09-10|16:32] C:\Program Files\Intel

[2008-11-19|15:38] C:\Program Files\Internet Explorer

[2008-04-27|13:45] C:\Program Files\iWin Games

[2008-04-22|21:10] C:\Program Files\iWin.com

[2008-05-25|12:06] C:\Program Files\Java

[2007-09-11|21:47] C:\Program Files\Kaspersky Lab

[2007-09-11|18:45] C:\Program Files\K-Lite Codec Pack

[2008-10-03|15:36] C:\Program Files\LimeWire

[2007-09-17|05:20] C:\Program Files\Logitech

[2008-10-05|02:00] C:\Program Files\Messenger

[2007-09-10|07:04] C:\Program Files\microsoft frontpage

[2007-09-11|21:42] C:\Program Files\Microsoft Office

[2007-09-11|21:41] C:\Program Files\Microsoft Visual Studio

[2007-09-11|21:42] C:\Program Files\Microsoft Works

[2008-10-03|16:11] C:\Program Files\Movie Maker

[2007-11-18|18:22] C:\Program Files\Mozilla Firefox

[2008-06-05|14:57] C:\Program Files\MP3 Player Utilities 4.13

[2007-09-11|21:42] C:\Program Files\MSBuild

[2008-10-03|16:11] C:\Program Files\msn

[2007-09-10|07:04] C:\Program Files\msn gaming zone

[2008-11-19|15:38] C:\Program Files\MSN Messenger

[2008-11-19|15:37] C:\Program Files\MyWebSearch

[2007-09-10|07:04] C:\Program Files\netmeeting

[2008-10-03|16:07] C:\Program Files\Outlook Express

[2007-11-30|11:17] C:\Program Files\PopCap Games

[2008-05-25|22:03] C:\Program Files\RegCleaner

[2007-09-12|22:47] C:\Program Files\Sega

[2007-09-10|07:02] C:\Program Files\Services en ligne

[2008-11-02|17:14] C:\Program Files\Star Defender 3

[2007-09-11|21:45] C:\Program Files\SuperCopier2

[2007-09-10|18:58] C:\Program Files\TryMedia

[2007-09-10|07:07] C:\Program Files\Uninstall Information

[2008-03-09|12:08] C:\Program Files\vanBasco's Karaoke Player

[2008-05-25|12:49] C:\Program Files\VideoLAN

[2007-11-23|16:54] C:\Program Files\Warcraft III

[2007-09-10|18:58] C:\Program Files\WildTangent

[2007-09-11|18:24] C:\Program Files\Winamp

[2008-03-08|14:00] C:\Program Files\Windows Live

[2007-11-30|03:00] C:\Program Files\Windows Live Favorites

[2007-11-30|03:01] C:\Program Files\Windows Live Toolbar

[2007-10-06|17:46] C:\Program Files\Windows Media Connect 2

[2008-10-03|16:07] C:\Program Files\Windows Media Player

[2007-09-10|07:04] C:\Program Files\Windows NT

[2007-09-10|07:02] C:\Program Files\WindowsUpdate

[2007-09-12|20:16] C:\Program Files\WinRAR

[2007-09-10|07:04] C:\Program Files\xerox

[2007-09-10|18:58] C:\Program Files\Yahoo! Games

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-10-05|19:30] C:\Program Files\Fichiers communs\Adobe

[2007-09-11|21:41] C:\Program Files\Fichiers communs\DESIGNER

[2007-09-11|15:21] C:\Program Files\Fichiers communs\DirectX

[2007-09-12|21:18] C:\Program Files\Fichiers communs\InstallShield

[2007-09-11|18:32] C:\Program Files\Fichiers communs\Java

[2007-09-16|22:56] C:\Program Files\Fichiers communs\Logitech

[2007-11-21|14:18] C:\Program Files\Fichiers communs\Macrovision Shared

[2008-08-22|02:06] C:\Program Files\Fichiers communs\Microsoft Shared

[2007-09-10|07:01] C:\Program Files\Fichiers communs\MSSoap

[2007-09-10|08:56] C:\Program Files\Fichiers communs\ODBC

[2007-09-10|07:01] C:\Program Files\Fichiers communs\Services

[2007-09-10|08:56] C:\Program Files\Fichiers communs\SpeechEngines

[2008-10-03|16:07] C:\Program Files\Fichiers communs\System

[2008-03-08|13:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 46 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-19 15:48:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 172

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:5429][D:261]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp

[F:184][D:0]-> C:\DOCUME~1\Jonathan\Cookies

[F:303][D:106]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5

[F:1][D:1]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 2008-11-19|15:43 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 2008-11-19|15:49 - Option : [2]

 

--------------------\\ Fin du rapport a 15:49:29

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A01

USER : Jonathan ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

C:\ (Local Disk) - NTFS - Total:64 Go (Free:42 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - FAT32 - Total:9 Go (Free:4 Go)

 

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )

Option : [1] ( 2008-11-19|15:41 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[2007-09-10|07:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[2008-10-05|19:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[2008-10-05|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[2008-10-05|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8

[2008-10-05|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[2008-04-25|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache

[2008-10-19|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[2008-11-18|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater

[2007-09-10|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[2008-04-25|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games

[2007-09-11|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

[2008-07-24|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

[2008-03-08|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[2008-11-18|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[2008-04-27|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground

[2007-09-10|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[2008-04-25|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playtonium Games

[2007-09-10|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism

[2008-05-25|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[2007-11-30|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

[2007-09-10|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2007-09-16|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[2008-03-08|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[2007-09-10|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[2008-07-06|19:21] C:\DOCUME~1\Jonathan\APPLIC~1\.wyzo

[2008-10-08|20:39] C:\DOCUME~1\Jonathan\APPLIC~1\Adobe

[2008-01-18|21:10] C:\DOCUME~1\Jonathan\APPLIC~1\DivX

[2007-12-24|18:00] C:\DOCUME~1\Jonathan\APPLIC~1\Google

[2007-11-18|18:23] C:\DOCUME~1\Jonathan\APPLIC~1\Identities

[2008-04-22|21:09] C:\DOCUME~1\Jonathan\APPLIC~1\iWinArcade

[2008-11-05|16:39] C:\DOCUME~1\Jonathan\APPLIC~1\LimeWire

[2008-04-22|21:11] C:\DOCUME~1\Jonathan\APPLIC~1\Macromedia

[2007-11-26|16:50] C:\DOCUME~1\Jonathan\APPLIC~1\Media Player Classic

[2008-10-05|19:11] C:\DOCUME~1\Jonathan\APPLIC~1\Microsoft

[2008-10-05|20:23] C:\DOCUME~1\Jonathan\APPLIC~1\more kind amok

[2008-04-23|12:02] C:\DOCUME~1\Jonathan\APPLIC~1\Mozilla

[2007-12-21|19:48] C:\DOCUME~1\Jonathan\APPLIC~1\Sun

[2008-01-21|11:22] C:\DOCUME~1\Jonathan\APPLIC~1\U3

[2008-05-25|22:07] C:\DOCUME~1\Jonathan\APPLIC~1\URSoft

[2008-05-25|12:50] C:\DOCUME~1\Jonathan\APPLIC~1\vlc

[2007-11-30|11:44] C:\DOCUME~1\Jonathan\APPLIC~1\WinRAR

 

[2008-10-05|19:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[2008-10-05|19:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[2008-11-02|20:08] C:\DOCUME~1\Steeve\APPLIC~1\Adobe

[2007-12-27|19:35] C:\DOCUME~1\Steeve\APPLIC~1\Google

[2007-09-11|21:22] C:\DOCUME~1\Steeve\APPLIC~1\Help

[2007-09-10|07:13] C:\DOCUME~1\Steeve\APPLIC~1\Identities

[2007-11-04|16:59] C:\DOCUME~1\Steeve\APPLIC~1\LimeWire

[2007-09-10|18:57] C:\DOCUME~1\Steeve\APPLIC~1\Macromedia

[2007-09-11|18:34] C:\DOCUME~1\Steeve\APPLIC~1\Media Player Classic

[2008-10-05|19:11] C:\DOCUME~1\Steeve\APPLIC~1\Microsoft

[2008-04-29|10:17] C:\DOCUME~1\Steeve\APPLIC~1\more kind amok

[2007-09-11|16:25] C:\DOCUME~1\Steeve\APPLIC~1\Mozilla

[2007-09-12|22:53] C:\DOCUME~1\Steeve\APPLIC~1\Sega

[2007-10-03|12:07] C:\DOCUME~1\Steeve\APPLIC~1\U3

[2007-09-10|17:12] C:\DOCUME~1\Steeve\APPLIC~1\WinRAR

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[2008-11-19 15:00][--ah-----] C:\WINDOWS\tasks\BF7AA5819AA55DE5.job

[2008-11-19 15:02][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[2008-11-18 03:11][--ah-----] C:\WINDOWS\tasks\SA.DAT

[2001-08-24 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( BF7AA5819AA55DE5.job )=( c:\docume~1\jonathan\applic~1\moreki~1\WINSKIPBAGS.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[2008-10-08|20:37] C:\Program Files\Adobe

[2007-09-10|19:03] C:\Program Files\Alawar

[2007-09-12|19:50] C:\Program Files\Alwil Software

[2007-09-10|14:15] C:\Program Files\Analog Devices

[2008-06-21|12:42] C:\Program Files\AVG

[2008-10-05|19:32] C:\Program Files\Avira

[2008-04-25|09:18] C:\Program Files\bfgclient

[2008-04-27|13:45] C:\Program Files\BitDownload

[2007-11-27|11:05] C:\Program Files\Bonjour

[2007-09-10|07:00] C:\Program Files\ComPlus Applications

[2007-09-10|17:21] C:\Program Files\Dell

[2007-09-10|16:33] C:\Program Files\Dell sans fil

[2008-05-25|10:38] C:\Program Files\DivX

[2008-01-09|22:11] C:\Program Files\Dreamcatcher

[2007-09-11|15:10] C:\Program Files\EA Games

[2007-09-13|07:57] C:\Program Files\EA SPORTS

[2007-09-10|18:48] C:\Program Files\Eggsucker

[2008-05-25|22:23] C:\Program Files\eMule

[2007-09-11|21:44] C:\Program Files\EverestUE3.50

[2008-03-08|13:59] C:\Program Files\Fichiers communs

[2007-09-13|12:34] C:\Program Files\GameHouse

[2008-10-19|12:13] C:\Program Files\Google

[2007-10-16|16:05] C:\Program Files\Hardwood Solitaire III

[2007-11-30|11:48] C:\Program Files\Insaniquarium Deluxe

[2008-06-21|12:41] C:\Program Files\InstallShield Installation Information

[2007-09-10|16:32] C:\Program Files\Intel

[2008-11-19|15:38] C:\Program Files\Internet Explorer

[2008-04-27|13:45] C:\Program Files\iWin Games

[2008-04-22|21:10] C:\Program Files\iWin.com

[2008-05-25|12:06] C:\Program Files\Java

[2007-09-11|21:47] C:\Program Files\Kaspersky Lab

[2007-09-11|18:45] C:\Program Files\K-Lite Codec Pack

[2008-10-03|15:36] C:\Program Files\LimeWire

[2007-09-17|05:20] C:\Program Files\Logitech

[2008-10-05|02:00] C:\Program Files\Messenger

[2007-09-10|07:04] C:\Program Files\microsoft frontpage

[2007-09-11|21:42] C:\Program Files\Microsoft Office

[2007-09-11|21:41] C:\Program Files\Microsoft Visual Studio

[2007-09-11|21:42] C:\Program Files\Microsoft Works

[2008-07-24|15:55] C:\Program Files\more kind amok

[2008-10-03|16:11] C:\Program Files\Movie Maker

[2007-11-18|18:22] C:\Program Files\Mozilla Firefox

[2008-06-05|14:57] C:\Program Files\MP3 Player Utilities 4.13

[2007-09-11|21:42] C:\Program Files\MSBuild

[2008-10-03|16:11] C:\Program Files\msn

[2007-09-10|07:04] C:\Program Files\msn gaming zone

[2008-11-19|15:38] C:\Program Files\MSN Messenger

[2008-11-19|15:37] C:\Program Files\MyWebSearch

[2007-09-10|07:04] C:\Program Files\netmeeting

[2008-10-03|16:07] C:\Program Files\Outlook Express

[2007-11-30|11:17] C:\Program Files\PopCap Games

[2008-05-25|22:03] C:\Program Files\RegCleaner

[2007-09-12|22:47] C:\Program Files\Sega

[2007-09-10|07:02] C:\Program Files\Services en ligne

[2008-11-02|17:14] C:\Program Files\Star Defender 3

[2007-09-11|21:45] C:\Program Files\SuperCopier2

[2007-09-10|18:58] C:\Program Files\TryMedia

[2007-09-10|07:07] C:\Program Files\Uninstall Information

[2008-03-09|12:08] C:\Program Files\vanBasco's Karaoke Player

[2008-05-25|12:49] C:\Program Files\VideoLAN

[2007-11-23|16:54] C:\Program Files\Warcraft III

[2007-09-10|18:58] C:\Program Files\WildTangent

[2007-09-11|18:24] C:\Program Files\Winamp

[2008-03-08|14:00] C:\Program Files\Windows Live

[2007-11-30|03:00] C:\Program Files\Windows Live Favorites

[2007-11-30|03:01] C:\Program Files\Windows Live Toolbar

[2007-10-06|17:46] C:\Program Files\Windows Media Connect 2

[2008-10-03|16:07] C:\Program Files\Windows Media Player

[2007-09-10|07:04] C:\Program Files\Windows NT

[2007-09-10|07:02] C:\Program Files\WindowsUpdate

[2007-09-12|20:16] C:\Program Files\WinRAR

[2007-09-10|07:04] C:\Program Files\xerox

[2007-09-10|18:58] C:\Program Files\Yahoo! Games

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[2008-10-05|19:30] C:\Program Files\Fichiers communs\Adobe

[2007-09-11|21:41] C:\Program Files\Fichiers communs\DESIGNER

[2007-09-11|15:21] C:\Program Files\Fichiers communs\DirectX

[2007-09-12|21:18] C:\Program Files\Fichiers communs\InstallShield

[2007-09-11|18:32] C:\Program Files\Fichiers communs\Java

[2007-09-16|22:56] C:\Program Files\Fichiers communs\Logitech

[2007-11-21|14:18] C:\Program Files\Fichiers communs\Macrovision Shared

[2008-08-22|02:06] C:\Program Files\Fichiers communs\Microsoft Shared

[2007-09-10|07:01] C:\Program Files\Fichiers communs\MSSoap

[2007-09-10|08:56] C:\Program Files\Fichiers communs\ODBC

[2007-09-10|07:01] C:\Program Files\Fichiers communs\Services

[2007-09-10|08:56] C:\Program Files\Fichiers communs\SpeechEngines

[2008-10-03|16:07] C:\Program Files\Fichiers communs\System

[2008-03-08|13:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 45 Processes )

 

iexplore.exe ~ [PID:3344]

 

--------------------\\ Recherche avec S_Lop

 

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\inatgexk.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\koagxurb.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\nwoevfxz.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\odjovrrm.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\rronzfxq.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\ukbczmwr.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\vdqggdzr.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\vxwufkcp.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\wdsgxofd.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\xrtupadv.exe

C:\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\yhngoqlw.exe

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Ford wait.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\slow cool.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\inatgexk.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\koagxurb.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\nwoevfxz.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\odjovrrm.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\rronzfxq.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\ukbczmwr.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\vdqggdzr.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\vxwufkcp.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\wdsgxofd.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\xrtupadv.exe

C:\DOCUME~1\Jonathan\APPLIC~1\moreki~1\yhngoqlw.exe

C:\DOCUME~1\Steeve\APPLIC~1\moreki~1

C:\Program Files\moreki~1

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsb9A.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsdB8.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nseCD.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsh11E.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsi11A.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsj4E.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsy95.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nsz123.tmp

C:\DOCUME~1\Jonathan\LOCALS~1\Temp\nszD1.tmp

C:\Program Files\BitDownload

C:\DOCUME~1\Jonathan\Cookies\jonathan@advertising[2].txt

C:\DOCUME~1\Jonathan\Cookies\jonathan@adopt.euroclick[1].txt

C:\DOCUME~1\Jonathan\Cookies\jonathan@partypoker[2].txt

C:\WINDOWS\Tasks\BF7AA5819AA55DE5.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChicAmenSecond]

"DisplayName"="CiD Help"

"UninstallString"="C:\\DOCUME~1\\Jonathan\\APPLIC~1\\MOREKI~1\\Blue exit.exe -uninstall"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 75 [ 70 ## added by CiD ]

 

/!\ 4 Not 127.0.0.1 !!

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-19 15:42:59

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 172

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:5502][D:270]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp

[F:187][D:0]-> C:\DOCUME~1\Jonathan\Cookies

[F:302][D:106]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5

[F:1][D:1]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 2008-11-19|15:43 - Option : [1]

 

--------------------\\ Fin du rapport a 15:43:54

 

Merci encore de l'aide

angelique Devil Member !

angelique

Posté(e)
Posté(e)

HijackThis est mal plaçé , il ne doit pas etre en temporaire!!

 

 

•creer un nouveau dossier en c:\ nommé HJT

telecharger HijackThis.exe dans ce nouveau dossier crée::

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

lDouble-clique dessus . Accepte la licence qui va apparaître par "I agree" .

 

Puis clique sur "Do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked::

 

 

O2 - BHO: dcads - {084c424f-2619-d15e-60e4-0e2d1fe75219} - C:\WINDOWS\system32\nsp299.dll (file missing)

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

 

==> clic Fixchecked

 

• desinstalle LOP S&D ainsi que Toolbar S&D

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:files
C:\Program Files\MyWebSearch
C:\Program Files\XP Antivirus
C:\Lop SD
C:\ToolBar SD

:commands
[emptytemp]

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

 

 

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

 

• Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

• fait un scan avec antivir à jour, quarantaine si éléments détectés et poste le rapport

 

=== reposte un nouveau rapport HijackThis avec tout le toutim :P ===

jonas_m18 Junior Member

jonas_m18

Posté(e)
  • Auteur
Posté(e)
HijackThis est mal plaçé , il ne doit pas etre en temporaire!!

 

 

•creer un nouveau dossier en c:\ nommé HJT

telecharger HijackThis.exe dans ce nouveau dossier crée::

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

lDouble-clique dessus . Accepte la licence qui va apparaître par "I agree" .

 

Puis clique sur "Do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked::

 

 

O2 - BHO: dcads - {084c424f-2619-d15e-60e4-0e2d1fe75219} - C:\WINDOWS\system32\nsp299.dll (file missing)

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

 

==> clic Fixchecked

 

• desinstalle LOP S&D ainsi que Toolbar S&D

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:files
C:\Program Files\MyWebSearch
C:\Program Files\XP Antivirus
C:\Lop SD
C:\ToolBar SD

:commands
[emptytemp]

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

 

 

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

 

• Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

 

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

• fait un scan avec antivir à jour, quarantaine si éléments détectés et poste le rapport

 

=== reposte un nouveau rapport HijackThis avec tout le toutim :P ===

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:55:52, on 2008-11-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell sans fil\PRISMCFG.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

c:\program files\avira\antivir personaledition classic\avcenter.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

--

End of file - 7459 bytes

========== FILES ==========

C:\Program Files\MyWebSearch\bar\1.bin moved successfully.

C:\Program Files\MyWebSearch\bar moved successfully.

C:\Program Files\MyWebSearch moved successfully.

File/Folder C:\Program Files\XP Antivirus not found.

C:\Lop SD\Backup-Lop\WINDOWS\Tasks moved successfully.

C:\Lop SD\Backup-Lop\WINDOWS moved successfully.

C:\Lop SD\Backup-Lop\Reg moved successfully.

C:\Lop SD\Backup-Lop\Hosts moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan\LOCALS~1\Temp moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan\LOCALS~1 moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan\Cookies moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1 moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1 moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\Jonathan moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1 moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1 moved successfully.

C:\Lop SD\Backup-Lop\DOCUME~1 moved successfully.

C:\Lop SD\Backup-Lop moved successfully.

C:\Lop SD moved successfully.

C:\ToolBar SD\Backup-TB\WINDOWS\system32 moved successfully.

C:\ToolBar SD\Backup-TB\WINDOWS moved successfully.

C:\ToolBar SD\Backup-TB\Reg moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\PlayMP3z moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\MyWebSearch moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox\plugins moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\Internet Explorer moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\FunWebProducts moved successfully.

C:\ToolBar SD\Backup-TB\Program Files\Dcads Games Collection moved successfully.

C:\ToolBar SD\Backup-TB\Program Files moved successfully.

C:\ToolBar SD\Backup-TB\DOCUME~1\Jonathan\LOCALS~1\Temp moved successfully.

C:\ToolBar SD\Backup-TB\DOCUME~1\Jonathan\LOCALS~1 moved successfully.

C:\ToolBar SD\Backup-TB\DOCUME~1\Jonathan\Cookies moved successfully.

C:\ToolBar SD\Backup-TB\DOCUME~1\Jonathan moved successfully.

C:\ToolBar SD\Backup-TB\DOCUME~1 moved successfully.

C:\ToolBar SD\Backup-TB moved successfully.

C:\ToolBar SD moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Jonathan\LOCALS~1\Temp\Perflib_Perfdata_544.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFD7EB.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFD8E9.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFF5E9.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFFA45.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11202008_234454

 

Files moved on Reboot...

File C:\DOCUME~1\Jonathan\LOCALS~1\Temp\Perflib_Perfdata_544.dat not found!

File C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFD7EB.tmp not found!

File C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFD8E9.tmp not found!

File C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFF5E9.tmp not found!

File C:\DOCUME~1\Jonathan\LOCALS~1\Temp\~DFFA45.tmp not found!

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be moved on reboot.

 

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1414

Windows 5.1.2600 Service Pack 3

 

2008-11-21 00:25:00

mbam-log-2008-11-21 (00-25-00).txt

 

Type de recherche: Examen rapide

Eléments examinés: 56200

Temps écoulé: 22 minute(s), 27 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 28

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ContextProgram (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DcadsSocial (Adware.RightOnAds) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Steeve\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jonathan\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.

 

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: STEEVE

 

Version information:

BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 00:36:50

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 21:00:52

ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 21:00:55

ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 2008-11-21 21:01:44

Engineversion : 8.2.0.35

AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-17 00:34:36

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-17 21:01:21

AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-17 21:01:19

AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-05 14:42:40

AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-17 21:01:17

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-17 21:01:14

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-17 21:01:12

AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-18 21:00:47

AEGEN.DLL : 8.1.1.5 323956 Bytes 2008-11-21 21:02:03

AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-17 00:34:24

AECORE.DLL : 8.1.5.1 172406 Bytes 2008-11-21 21:01:52

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-17 00:34:21

AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-06 00:34:00

AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 21 novembre 2008 16:22

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'PRISMCFG.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'apdproxy.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ico.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned

Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PRISMSVC.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

35 processes with 35 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '59' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Jonathan\Mes documents\LimeWire\Saved\hotel california parodie.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

C:\Documents and Settings\Steeve\Local Settings\Temp\tmp48.tmp.exe

[DETECTION] Is the TR/Agent.AFRM Trojan

[NOTE] The file was moved to '49972a38.qua'!

C:\Logiciels Karaoke\DART Karaoke Studio\brks149a-2006-05-28\keygen\keygen.exe

[DETECTION] Is the TR/Agent.62865 Trojan

[NOTE] The file was moved to '49a02a98.qua'!

C:\Program Files\Mozilla Firefox\components\nsBrowserCmp.dll

[DETECTION] Is the TR/Vapsup.lsp Trojan

[NOTE] The file was moved to '49692d48.qua'!

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

[DETECTION] Contains HEUR/Crypted suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '49692d49.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\inatgexk.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '49882fde.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\koagxurb.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '49882fe0.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\nwoevfxz.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '49962fe8.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\odjovrrm.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '49912fd5.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\vxwufkcp.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '499e2fea.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\wdsgxofd.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '499a2fd6.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\xrtupadv.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '499b2fe4.qua'!

C:\_OTMoveIt\MovedFiles\11202008_234454\Lop SD\Backup-Lop\DOCUME~1\Jonathan\APPLIC~1\MOREKI~1\yhngoqlw.exe

[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan

[NOTE] The file was moved to '49952fdb.qua'!

Begin scan in 'E:\' <SAUVEGARDE>

 

 

End of the scan: 21 novembre 2008 17:01

Used time: 38:58 Minute(s)

 

The scan has been done completely.

 

6875 Scanning directories

283368 Files were scanned

12 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

1 files were deleted

0 files were repaired

12 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

283354 Files not concerned

1763 Archives were scanned

1 Warnings

13 Notes

angelique Devil Member !

angelique

Posté(e)
Posté(e)

c'est ok.

 

• supprime ces 2 dossiers:

 

C:\Program Files\Alwil Software

C:\ _OTMoveIt

 

• vide la quarantaine de MBAM ainsi que celle d'antivir

 

• je te mets en garde contre Limewire ,client P2P le plus fourni en mp3 verolés, à la vu de ce fichier mis en quarantaine par antivir:

 

 

C:\Documents and Settings\Jonathan\Mes documents\LimeWire\Saved\hotel california parodie.mp3

 

ainsi que contre Keygen , cracks & Co:

 

C:\Logiciels Karaoke\DART Karaoke Studio\brks149a-2006-05-28\keygen\keygen.exe

 

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation de ce type de programmes.

Fais gaffe avec l'utilisation des logiciels P2P!! ce sont les principaux vecteurs d'infection avec les craks/keygens,musiques,videos infectés etc...! Pour t'en convaincre, lis ces deux topics très clairs:

le premier est de Malekal et concerne les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

le second de Tesgaz concerne le P2P en général => http://forum.zebulon.fr/prevention-le-p2p-...ces-t85544.html

Les infections véhiculées pas le p2p sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)?

 

Il existe des solutions alternatives avec des logiciels , applications qui sont gratuites...Faut se renseigner avant de telecharger n'importawak :P

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner:

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

Bye \o_

jonas_m18 Junior Member

jonas_m18

Posté(e)
  • Auteur
Posté(e)
c'est ok.

 

• supprime ces 2 dossiers:

 

C:\Program Files\Alwil Software

C:\ _OTMoveIt

 

• vide la quarantaine de MBAM ainsi que celle d'antivir

 

• je te mets en garde contre Limewire ,client P2P le plus fourni en mp3 verolés, à la vu de ce fichier mis en quarantaine par antivir:

 

 

 

 

ainsi que contre Keygen , cracks & Co:

 

 

 

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation de ce type de programmes.

Fais gaffe avec l'utilisation des logiciels P2P!! ce sont les principaux vecteurs d'infection avec les craks/keygens,musiques,videos infectés etc...! Pour t'en convaincre, lis ces deux topics très clairs:

le premier est de Malekal et concerne les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

le second de Tesgaz concerne le P2P en général => http://forum.zebulon.fr/prevention-le-p2p-...ces-t85544.html

Les infections véhiculées pas le p2p sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)?

 

Il existe des solutions alternatives avec des logiciels , applications qui sont gratuites...Faut se renseigner avant de telecharger n'importawak :P

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner:

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

Bye \o_

 

Merci encore pour tout !!!!!!!!! Jonathan

  • Tonton a modifié le titre en Des POP-UP s'ouvrent même lorsque je ne navigue pas

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...