probleme de page CID [Résolu]
Forum Sécurité - Virus : probleme de page CID [Résolu]
Bonjour je n'arrive pas a m'en sortir j'ai des multitudes de pages qui s'ouvre avec des messages pour effectuer des scan et acheter en ligne le soit avec le titre CID:
Merci pour votre aide
Voici mon log HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:48, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Antal boss\Bureau\HijackThis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\Run: [Video Driver] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\ANTAL\svchost.exe
O4 - HKLM\..\Run: [pfp.exe] C:\Program Files\Protect Files Pro\pfp.exe /T
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Office SturtUp] osa9.exe
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\Body Dart.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [For sign] C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1\Byte bags.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 0502448500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sandralabor.spaces.live.com [...] nPUpld.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7051 bytes
Message édité par antal06 le 12-02-2008 à 22:38:11
Bonjour,
Télécharge Lop S&D.exe sur ton Bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
- Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
&
Télécharge ewido anti-spyware micro scanner sur ton bureau.
- Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
- Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
- Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
- Clique sur Start Scan et laisse l'outil travailler.
- Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
- Poste le dans ta prochaine réponse.
Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
Répondre à Angeldark
-----------------------------[ Lop S&D 2.3.1 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Antal boss ] [ "C:\Program Files\Lop SD" ]
[ 10/02/2008 | 15:34:00,17 ] [ PC : ANTAL ]
[ MAJ : 09-02-2008 | 14:21 ]
-------------[ Listing des dossiers dans Application Data ]------------
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[21/05/2007|23:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/02/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[09/02/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[03/02/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[22/11/2007|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/06/2007|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/02/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[22/05/2007|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[21/01/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[16/01/2008|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[25/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[30/01/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/02/2008|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/12/2007|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[03/02/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[28/01/2008|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[23/10/2007|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[23/01/2008|03:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[10/02/2008|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ssdata
[09/02/2008|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/05/2007|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/12/2007|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[25/11/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[03/02/2008|17:39] C:\DOCUME~1\ANTALB~1\APPLIC~1\.
[03/02/2008|17:39] C:\DOCUME~1\ANTALB~1\APPLIC~1\..
[14/11/2007|22:53] C:\DOCUME~1\ANTALB~1\APPLIC~1\Adobe
[27/11/2007|22:12] C:\DOCUME~1\ANTALB~1\APPLIC~1\Ahead
[11/07/2007|12:48] C:\DOCUME~1\ANTALB~1\APPLIC~1\Ambient Design
[05/06/2007|00:09] C:\DOCUME~1\ANTALB~1\APPLIC~1\Apple Computer
[21/05/2007|23:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\ATI
[22/05/2007|01:12] C:\DOCUME~1\ANTALB~1\APPLIC~1\desktop.ini
[05/07/2007|12:15] C:\DOCUME~1\ANTALB~1\APPLIC~1\DivX
[08/02/2008|21:50] C:\DOCUME~1\ANTALB~1\APPLIC~1\Identities
[14/11/2007|22:53] C:\DOCUME~1\ANTALB~1\APPLIC~1\InterTrust
[31/01/2008|23:07] C:\DOCUME~1\ANTALB~1\APPLIC~1\iWin
[21/05/2007|23:59] C:\DOCUME~1\ANTALB~1\APPLIC~1\Macromedia
[24/09/2007|19:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\Media Player Classic
[18/01/2008|13:35] C:\DOCUME~1\ANTALB~1\APPLIC~1\Microsoft
[03/02/2008|15:51] C:\DOCUME~1\ANTALB~1\APPLIC~1\Pile Trans Wipe
[28/01/2008|22:18] C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst
[08/11/2007|00:32] C:\DOCUME~1\ANTALB~1\APPLIC~1\Real
[30/01/2008|20:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\Samsung
[05/12/2007|17:05] C:\DOCUME~1\ANTALB~1\APPLIC~1\Sun
[28/10/2007|19:08] C:\DOCUME~1\ANTALB~1\APPLIC~1\vlc
[20/12/2007|21:37] C:\DOCUME~1\ANTALB~1\APPLIC~1\WinRAR
[08/02/2008|21:50] C:\DOCUME~1\ANTALB~1\APPLIC~1\Zylom
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[21/05/2007|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[21/05/2007|23:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[21/05/2007|23:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[21/05/2007|23:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/05/2007|23:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[21/05/2007|23:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[21/05/2007|23:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[10/02/2008 15:00][--ah-----] C:\WINDOWS\tasks\AB86FD7B918572AF.job [--278--]
[10/02/2008 14:55][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[10/02/2008|15:33] C:\Program Files\.
[10/02/2008|15:33] C:\Program Files\..
[14/11/2007|22:53] C:\Program Files\Adobe
[29/01/2008|21:28] C:\Program Files\Alcohol Soft
[21/05/2007|23:38] C:\Program Files\AMD
[21/05/2007|23:40] C:\Program Files\Analog Devices
[21/05/2007|23:49] C:\Program Files\ATI Technologies
[03/02/2008|15:46] C:\Program Files\Avira
[29/01/2008|00:50] C:\Program Files\directx
[10/02/2008|12:14] C:\Program Files\eMule
[03/02/2008|15:58] C:\Program Files\Fichiers communs
[30/01/2008|20:48] C:\Program Files\InstallShield Installation Information
[16/01/2008|21:23] C:\Program Files\Internet Explorer
[25/11/2007|16:19] C:\Program Files\Java
[29/06/2007|13:44] C:\Program Files\K-Lite Codec Pack
[03/02/2008|16:09] C:\Program Files\Lavasoft
[29/12/2007|16:35] C:\Program Files\Logitech
[10/02/2008|15:34] C:\Program Files\Lop SD
[22/05/2007|00:10] C:\Program Files\Messenger
[17/01/2008|14:29] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/05/2007|23:28] C:\Program Files\microsoft frontpage
[13/06/2007|11:01] C:\Program Files\Microsoft Office
[21/05/2007|23:24] C:\Program Files\Movie Maker
[21/05/2007|23:21] C:\Program Files\MSN
[21/05/2007|23:22] C:\Program Files\MSN Gaming Zone
[22/05/2007|00:02] C:\Program Files\MSN Messenger
[28/11/2007|23:13] C:\Program Files\MSXML 4.0
[22/11/2007|23:29] C:\Program Files\Nero
[21/05/2007|23:25] C:\Program Files\NetMeeting
[09/02/2008|02:04] C:\Program Files\Oberon Media
[21/05/2007|23:23] C:\Program Files\Online Services
[13/06/2007|22:28] C:\Program Files\Outlook Express
[11/07/2007|12:53] C:\Program Files\Paint.NET
[29/06/2007|13:42] C:\Program Files\PDFCreator
[18/01/2008|14:39] C:\Program Files\Protect Files Pro
[26/10/2007|19:30] C:\Program Files\QuickTime
[07/11/2007|23:48] C:\Program Files\Real
[12/12/2007|11:20] C:\Program Files\Rico Software
[30/01/2008|20:47] C:\Program Files\Samsung
[21/05/2007|23:26] C:\Program Files\Services en ligne
[21/05/2007|23:33] C:\Program Files\Uninstall Information
[28/10/2007|19:07] C:\Program Files\VideoLAN
[30/11/2007|22:20] C:\Program Files\Windows Media Player
[21/05/2007|23:22] C:\Program Files\Windows NT
[21/05/2007|23:26] C:\Program Files\WindowsUpdate
[20/12/2007|23:02] C:\Program Files\WinRAR
[21/05/2007|23:28] C:\Program Files\xerox
[09/02/2008|02:00] C:\Program Files\Zylom Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/02/2008|15:58] C:\Program Files\Fichiers communs\.
[03/02/2008|15:58] C:\Program Files\Fichiers communs\..
[24/11/2007|02:10] C:\Program Files\Fichiers communs\Adobe
[27/11/2007|14:22] C:\Program Files\Fichiers communs\Ahead
[21/05/2007|23:50] C:\Program Files\Fichiers communs\ATI Technologies
[21/05/2007|23:44] C:\Program Files\Fichiers communs\InstallShield
[25/11/2007|16:17] C:\Program Files\Fichiers communs\Java
[29/12/2007|16:35] C:\Program Files\Fichiers communs\Logitech
[21/05/2007|23:33] C:\Program Files\Fichiers communs\Microsoft Shared
[21/05/2007|23:25] C:\Program Files\Fichiers communs\MSSoap
[01/02/2008|05:03] C:\Program Files\Fichiers communs\Oberon Media
[22/05/2007|01:13] C:\Program Files\Fichiers communs\ODBC
[07/11/2007|23:48] C:\Program Files\Fichiers communs\Real
[21/05/2007|23:25] C:\Program Files\Fichiers communs\Services
[22/05/2007|01:13] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|22:28] C:\Program Files\Fichiers communs\System
[03/02/2008|15:58] C:\Program Files\Fichiers communs\Wise Installation Wizard
[07/11/2007|23:48] C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\Body Dart.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\weddingdash
C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst
C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst\trijinx
C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst\weddingdash
C:\DOCUME~1\ANTALB~1\Cookies\antal boss@netpumper[1].txt
C:\WINDOWS\Tasks\AB86FD7B918572AF.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok Eggs Four Web"="C:\\Documents and Settings\\All Users\\Application Data\\part dead amok eggs\\Body Dart.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 72 ( 70 ## added by CiD )
/!\ 1 Not 127.0.0.1 !!
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 15:35:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
N'oublie pas le scan ewido 
Répondre à Angeldark
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@247realmedia[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@2o7[1].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@3.adbrite[2].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@4.adbrite[2].txt
Risk: Medium
Name: TrackingCookie.7search
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@7search[2].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@adbrite[1].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ads.adbrite[1].txt
Risk: Medium
Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ads.addynamix[1].txt
Risk: Medium
Name: TrackingCookie.Planetactive
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ads.planetactive[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ads.pointroll[1].txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@adtech[1].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Adviva
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@adviva[2].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@as1.falkag[1].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@autoscout24.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@bluestreak[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@bs.serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@canadiantourismcommission.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@care2.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@casalemedia[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@cmpmedica.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@damart.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Coremetrics
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@data.coremetrics[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@dealtime[1].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@e-2dj6wgkouldzgep.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@e-2dj6wjk4woajgao.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@e-2dj6wjkycgcjsap.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-bestwestern.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-citenumerique.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-cogemag.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-dig.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-mybc.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-nestlebebe.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-neuftelecom.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-telecomitalia.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-veohnetworksinc.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-yvesrocher.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ehg-zoomerang.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@enhance[1].txt
Risk: Medium
Name: TrackingCookie.Estat
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@estat[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@excedence.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@fastclick[1].txt
Risk: Medium
Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@fl01.ct2.comclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@fnac.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@fr.real[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@france.real[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@hertz.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@himedia.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@hit.gemius[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Msn
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ie.search.msn[1].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@iv2.bluestreak[1].txt
Risk: Medium
Name: TrackingCookie.Ivwbox
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ivwbox[2].txt
Risk: Medium
Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@m.webtrends[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@maisondevalerie.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@media.adrevolver[1].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@mediaplex[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@metacafe.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@micromania.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@mistergooddeal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@msnaccountservices.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@msnlivefavorites.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@notrefamille.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@numericable.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@overture[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@paypal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@philips.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@privateoutlet.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@questionmarket[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@real[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@redcats.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@revsci[2].txt
Risk: Medium
Name: TrackingCookie.Information
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@searchportal.information[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@server.iad.liveperson[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@smartadserver[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@sonyeurope.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Spylog
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@spylog[1].txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@ssl-hints.netflame[2].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@stat.dealtime[1].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@statcounter[1].txt
Risk: Medium
Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@statse.webtrendslive[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@tradedoubler[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@tribalfusion[1].txt
Risk: Medium
Name: TrackingCookie.Vegasred
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@vegasred[1].txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@weborama[2].txt
Risk: Medium
Name: TrackingCookie.Vegasred
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@www.vegasred[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Antal boss\Cookies\antal boss@zedo[1].txt
Risk: Medium
Name: Not-A-Virus.Monitor.Win32.007SpySoft.342
Path: [2040] C:\Program Files\System32\svchost.exe
Risk: Low
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@ad.yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@adrevolver[1].txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@adtech[1].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Adviva
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@adviva[2].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@bluestreak[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@bs.serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@ehg-telecomitalia.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Estat
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@estat[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@fastclick[1].txt
Risk: Medium
Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@fl01.ct2.comclick[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@media.adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@mediaplex[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@overture[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@smartadserver[1].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@statcounter[2].txt
Risk: Medium
Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@statse.webtrendslive[2].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@tradedoubler[2].txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\Antal boss\Local Settings\Temp\Cookies\antal boss@weborama[1].txt
Risk: Medium
Name: Adware.Casino
Path: C:\System Volume Information\_restore{56C98189-F142-498E-AD5F-2EDD9C3B4852}\RP138\A0023998.exe
Risk: Medium
Name: Not-A-Virus.Monitor.Win32.Hooker.d
Path: C:\WINDOWS\system32\keybhookpro.dll
Risk: Low
bonjour,
voila le scan exido, j'attend votre reponse quand vous avez le temp bien sur..., je n'ai pas fermé ewido
Re,
- Clique sur Remove infections
- Au message d'avertissement, clique sur Ok et laisse l'outil travailler.
- Quand l'outil à fini, clique sur Save Report et sauvegarde le rapport sur ton bureau.
- Poste le dans ta prochaine réponse.
&
Relance Lop S&D
- Choisis cette fois ci l'Option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
slt,
voila le rapport Lop S&D
-----------------------------[ Lop S&D 2.3.1 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Antal boss ] [ "C:\Program Files\Lop SD" ]
[ 11/02/2008 | 19:33:20,65 ] [ PC : ANTAL ]
[ MAJ : 09-02-2008 | 14:21 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\Body Dart.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst\weddingdash
Supprimé! - C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst\trijinx
Supprimé! - C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst\weddingdash
Supprimé! - C:\DOCUME~1\ANTALB~1\Cookies\antal boss@netpumper[1].txt
Supprimé! - C:\WINDOWS\Tasks\AB86FD7B918572AF.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
Supprimé! - C:\DOCUME~1\ANTALB~1\APPLIC~1\PlayFirst
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[22/05/2007|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[21/05/2007|23:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[11/02/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[11/02/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[03/02/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[22/11/2007|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/06/2007|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/02/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[22/05/2007|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[21/01/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[16/01/2008|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[25/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[30/01/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/02/2008|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/12/2007|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/11/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[23/10/2007|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[23/01/2008|03:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[11/02/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ssdata
[09/02/2008|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/05/2007|00:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/12/2007|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[25/11/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[11/02/2008|19:33] C:\DOCUME~1\ANTALB~1\APPLIC~1\.
[11/02/2008|19:33] C:\DOCUME~1\ANTALB~1\APPLIC~1\..
[14/11/2007|22:53] C:\DOCUME~1\ANTALB~1\APPLIC~1\Adobe
[27/11/2007|22:12] C:\DOCUME~1\ANTALB~1\APPLIC~1\Ahead
[11/07/2007|12:48] C:\DOCUME~1\ANTALB~1\APPLIC~1\Ambient Design
[05/06/2007|00:09] C:\DOCUME~1\ANTALB~1\APPLIC~1\Apple Computer
[21/05/2007|23:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\ATI
[22/05/2007|01:12] C:\DOCUME~1\ANTALB~1\APPLIC~1\desktop.ini
[05/07/2007|12:15] C:\DOCUME~1\ANTALB~1\APPLIC~1\DivX
[08/02/2008|21:50] C:\DOCUME~1\ANTALB~1\APPLIC~1\Identities
[14/11/2007|22:53] C:\DOCUME~1\ANTALB~1\APPLIC~1\InterTrust
[31/01/2008|23:07] C:\DOCUME~1\ANTALB~1\APPLIC~1\iWin
[21/05/2007|23:59] C:\DOCUME~1\ANTALB~1\APPLIC~1\Macromedia
[24/09/2007|19:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\Media Player Classic
[18/01/2008|13:35] C:\DOCUME~1\ANTALB~1\APPLIC~1\Microsoft
[03/02/2008|15:51] C:\DOCUME~1\ANTALB~1\APPLIC~1\Pile Trans Wipe
[08/11/2007|00:32] C:\DOCUME~1\ANTALB~1\APPLIC~1\Real
[30/01/2008|20:54] C:\DOCUME~1\ANTALB~1\APPLIC~1\Samsung
[05/12/2007|17:05] C:\DOCUME~1\ANTALB~1\APPLIC~1\Sun
[28/10/2007|19:08] C:\DOCUME~1\ANTALB~1\APPLIC~1\vlc
[20/12/2007|21:37] C:\DOCUME~1\ANTALB~1\APPLIC~1\WinRAR
[08/02/2008|21:50] C:\DOCUME~1\ANTALB~1\APPLIC~1\Zylom
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[22/05/2007|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[21/05/2007|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[21/05/2007|23:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[21/05/2007|23:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[21/05/2007|23:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[21/05/2007|23:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[21/05/2007|23:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[21/05/2007|23:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[10/02/2008 14:55][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[10/02/2008|15:33] C:\Program Files\.
[10/02/2008|15:33] C:\Program Files\..
[14/11/2007|22:53] C:\Program Files\Adobe
[29/01/2008|21:28] C:\Program Files\Alcohol Soft
[21/05/2007|23:38] C:\Program Files\AMD
[21/05/2007|23:40] C:\Program Files\Analog Devices
[21/05/2007|23:49] C:\Program Files\ATI Technologies
[03/02/2008|15:46] C:\Program Files\Avira
[29/01/2008|00:50] C:\Program Files\directx
[11/02/2008|14:49] C:\Program Files\eMule
[03/02/2008|15:58] C:\Program Files\Fichiers communs
[30/01/2008|20:48] C:\Program Files\InstallShield Installation Information
[16/01/2008|21:23] C:\Program Files\Internet Explorer
[25/11/2007|16:19] C:\Program Files\Java
[29/06/2007|13:44] C:\Program Files\K-Lite Codec Pack
[03/02/2008|16:09] C:\Program Files\Lavasoft
[29/12/2007|16:35] C:\Program Files\Logitech
[11/02/2008|19:33] C:\Program Files\Lop SD
[22/05/2007|00:10] C:\Program Files\Messenger
[17/01/2008|14:29] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/05/2007|23:28] C:\Program Files\microsoft frontpage
[13/06/2007|11:01] C:\Program Files\Microsoft Office
[21/05/2007|23:24] C:\Program Files\Movie Maker
[21/05/2007|23:21] C:\Program Files\MSN
[21/05/2007|23:22] C:\Program Files\MSN Gaming Zone
[22/05/2007|00:02] C:\Program Files\MSN Messenger
[28/11/2007|23:13] C:\Program Files\MSXML 4.0
[22/11/2007|23:29] C:\Program Files\Nero
[21/05/2007|23:25] C:\Program Files\NetMeeting
[09/02/2008|02:04] C:\Program Files\Oberon Media
[21/05/2007|23:23] C:\Program Files\Online Services
[13/06/2007|22:28] C:\Program Files\Outlook Express
[11/07/2007|12:53] C:\Program Files\Paint.NET
[29/06/2007|13:42] C:\Program Files\PDFCreator
[18/01/2008|14:39] C:\Program Files\Protect Files Pro
[26/10/2007|19:30] C:\Program Files\QuickTime
[07/11/2007|23:48] C:\Program Files\Real
[12/12/2007|11:20] C:\Program Files\Rico Software
[30/01/2008|20:47] C:\Program Files\Samsung
[21/05/2007|23:26] C:\Program Files\Services en ligne
[21/05/2007|23:33] C:\Program Files\Uninstall Information
[28/10/2007|19:07] C:\Program Files\VideoLAN
[30/11/2007|22:20] C:\Program Files\Windows Media Player
[21/05/2007|23:22] C:\Program Files\Windows NT
[21/05/2007|23:26] C:\Program Files\WindowsUpdate
[20/12/2007|23:02] C:\Program Files\WinRAR
[21/05/2007|23:28] C:\Program Files\xerox
[09/02/2008|02:00] C:\Program Files\Zylom Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/02/2008|15:58] C:\Program Files\Fichiers communs\.
[03/02/2008|15:58] C:\Program Files\Fichiers communs\..
[24/11/2007|02:10] C:\Program Files\Fichiers communs\Adobe
[27/11/2007|14:22] C:\Program Files\Fichiers communs\Ahead
[21/05/2007|23:50] C:\Program Files\Fichiers communs\ATI Technologies
[21/05/2007|23:44] C:\Program Files\Fichiers communs\InstallShield
[25/11/2007|16:17] C:\Program Files\Fichiers communs\Java
[29/12/2007|16:35] C:\Program Files\Fichiers communs\Logitech
[21/05/2007|23:33] C:\Program Files\Fichiers communs\Microsoft Shared
[21/05/2007|23:25] C:\Program Files\Fichiers communs\MSSoap
[01/02/2008|05:03] C:\Program Files\Fichiers communs\Oberon Media
[22/05/2007|01:13] C:\Program Files\Fichiers communs\ODBC
[07/11/2007|23:48] C:\Program Files\Fichiers communs\Real
[21/05/2007|23:25] C:\Program Files\Fichiers communs\Services
[22/05/2007|01:13] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|22:28] C:\Program Files\Fichiers communs\System
[03/02/2008|15:58] C:\Program Files\Fichiers communs\Wise Installation Wizard
[07/11/2007|23:48] C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:34:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:7904][Doss:48] C:\DOCUME~1\ANTALB~1\LOCALS~1\Temp
/!\ [Fich:1314][Doss:0] C:\DOCUME~1\ANTALB~1\Cookies
/!\ [Fich:15403][Doss:23] C:\DOCUME~1\ANTALB~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 19:35:28,76 ]----------------------
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:48, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Antal boss\Bureau\HijackThis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\Run: [Video Driver] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\ANTAL\svchost.exe
O4 - HKLM\..\Run: [pfp.exe] C:\Program Files\Protect Files Pro\pfp.exe /T
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Office SturtUp] osa9.exe
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [For sign] C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1\Byte bags.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 0502448500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sandralabor.spaces.live.com [...] nPUpld.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6987 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Re
Voilà le rapport combofix
ComboFix 08-02-12.1 - Antal boss 2008-02-11 22:58:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.994 [GMT 1:00]
Endroit: C:\Documents and Settings\Antal boss\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 15:33 . 2008-02-11 19:35 <REP> d-------- C:\Program Files\Lop SD
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-10 14:50 . 2007-05-21 23:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-10 14:50 . 2007-05-22 01:12 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-10 14:50 . 2008-02-10 14:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-09 02:02 . 2008-02-09 14:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 02:01 . 2008-02-09 02:04 <REP> d-------- C:\Program Files\Oberon Media
2008-02-04 12:39 . 2008-02-04 12:39 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-02-03 18:08 . 2008-02-03 18:08 <REP> d--hs---- C:\found.001
2008-02-03 15:59 . 2008-02-03 16:09 <REP> d-------- C:\Program Files\Lavasoft
2008-02-03 15:59 . 2008-02-03 15:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 15:58 . 2008-02-03 15:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-03 15:46 . 2008-02-03 15:46 <REP> d-------- C:\Program Files\Avira
2008-02-03 15:46 . 2008-02-03 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-03 15:40 . 2008-02-03 15:41 <REP> d-------- C:\Downloads
2008-02-03 15:40 . 2008-02-03 15:51 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\Pile Trans Wipe
2008-02-01 05:03 . 2008-02-01 05:03 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-01-31 23:07 . 2008-01-31 23:07 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\iWin
2008-01-30 20:54 . 2008-01-30 20:54 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\Samsung
2008-01-30 20:49 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-30 20:48 . 2008-01-30 20:48 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-30 20:48 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-01-30 20:48 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-01-30 20:48 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-01-30 20:48 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-01-30 20:48 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-01-30 20:48 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-01-30 20:48 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-01-30 20:48 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-30 20:48 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-30 20:47 . 2008-01-30 20:47 <REP> d-------- C:\Program Files\Samsung
2008-01-29 21:28 . 2008-01-29 21:28 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-29 21:25 . 2008-01-29 21:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 00:50 . 2008-01-29 00:50 <REP> d-------- C:\Program Files\directx
2008-01-28 18:56 . 2008-02-01 19:53 2,074 ---hs---- C:\himem.ram
2008-01-28 18:43 . 2008-02-03 15:48 34 --a------ C:\WINDOWS\Ya.com
2008-01-23 03:48 . 2008-01-23 03:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-01-21 15:26 . 2008-02-03 15:36 283 --a------ C:\WINDOWS\comm.bin
2008-01-21 15:23 . 2008-02-03 15:35 261 --a------ C:\WINDOWS\msdres.bin
2008-01-21 12:23 . 2008-02-08 21:50 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\Zylom
2008-01-21 12:23 . 2008-01-21 12:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-01-18 14:39 . 2008-01-18 14:39 <REP> d-------- C:\Program Files\Protect Files Pro
2008-01-18 14:39 . 2002-05-16 18:16 39,456 --a------ C:\WINDOWS\system32\drivers\AFPAnsi.sys
2008-01-18 14:39 . 2002-05-16 18:17 21,411 --a------ C:\WINDOWS\system32\AFPAnsi.vxd
2008-01-18 06:30 . 2008-01-18 06:30 441 --a------ C:\WINDOWS\system32\ssmon.lnk
2008-01-18 06:30 . 2008-02-10 14:55 189 --a------ C:\WINDOWS\system32\Sysmnt.dat
2008-01-17 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-17 09:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:23 . 2008-01-16 21:23 <REP> d--h----- C:\WINDOWS\PIF
2008-01-16 18:07 . 2008-01-16 18:08 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-16 18:07 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-16 18:07 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-16 17:58 . 2008-01-17 14:29 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 17:49 . 2008-01-17 14:25 18,558 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-01-14 19:32 . 2008-01-14 19:32 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:01 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
2008-02-11 21:28 --------- d-----w C:\Program Files\eMule
2008-02-11 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ssdata
2008-02-09 01:00 --------- d-----w C:\Program Files\Zylom Games
2008-01-30 19:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 15:35 --------- d-----w C:\Program Files\Logitech
2007-12-29 15:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-12-20 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-12 10:20 --------- d-----w C:\Program Files\Rico Software
2007-11-14 21:56 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"himem"="c:\windows\himem.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"For sign"="C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1\Byte bags.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinService32"="C:\Program Files\System32\svchost.exe" [ ]
"Video Driver"="C:\Program Files\Fichiers communs\Microsoft Shared\DAO\ANTAL\svchost.exe" [ ]
"pfp.exe"="C:\Program Files\Protect Files Pro\pfp.exe" [2007-10-11 12:29 1518080]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-07 23:48 185632]
"Office SturtUp"="osa9.exe" []
"gfxtray"="ctccw32.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-03 15:48 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 17:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 14:35 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-07 23:48 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
R0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-05-16 18:16]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 23:01:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-12 23:02:58
.
2008-01-18 03:51:23 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
re, voila le rapport combofix
ComboFix 08-02-12.1 - Antal boss 2008-02-13 13:41:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1085 [GMT 1:00]
Endroit: C:\Documents and Settings\Antal boss\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Antal boss\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE
C:\himem.ram
C:\Program Files\Fichiers communs\Microsoft Shared\DAO\ANTAL\svchost.exe
C:\WINDOWS\himem.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1
C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1\0
C:\DOCUME~1\ANTALB~1\APPLIC~1\PILETR~1\kgixwszo.exe
C:\found.000
C:\found.000\file0000.chk
C:\found.001
C:\found.001\dir0000.chk\144[1].jpg
C:\found.001\dir0000.chk\282007190882[4].gif
C:\found.001\dir0000.chk\65[1].jpg
C:\found.001\dir0000.chk\content_bottom_right[1].gif
C:\found.001\dir0000.chk\Dcoin[1].gif
C:\found.001\dir0000.chk\diffusion[1].htm
C:\found.001\dir0000.chk\dragon_perso_2_O[1].jpg
C:\found.001\dir0000.chk\entete[1].jpg
C:\found.001\dir0000.chk\get.bestcat[1].htm
C:\found.001\dir0000.chk\navig[1].css
C:\found.001\dir0000.chk\pas-trop-changee_index[1].htm
C:\found.001\dir0000.chk\pwd0[1].jpg
C:\found.001\dir0000.chk\styles[2].css
C:\himem.ram
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 15:33 . 2008-02-11 19:35 <REP> d-------- C:\Program Files\Lop SD
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-10 14:50 . 2007-05-21 23:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-10 14:50 . 2007-05-22 01:12 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-10 14:50 . 2008-02-10 14:51 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-10 14:50 . 2007-05-22 01:12 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-09 02:02 . 2008-02-09 14:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 02:01 . 2008-02-09 02:04 <REP> d-------- C:\Program Files\Oberon Media
2008-02-04 12:39 . 2008-02-04 12:39 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-02-03 15:59 . 2008-02-03 16:09 <REP> d-------- C:\Program Files\Lavasoft
2008-02-03 15:59 . 2008-02-03 15:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 15:58 . 2008-02-03 15:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-03 15:46 . 2008-02-03 15:46 <REP> d-------- C:\Program Files\Avira
2008-02-03 15:46 . 2008-02-03 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-03 15:40 . 2008-02-03 15:41 <REP> d-------- C:\Downloads
2008-02-01 05:03 . 2008-02-01 05:03 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-01-31 23:07 . 2008-01-31 23:07 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\iWin
2008-01-30 20:54 . 2008-01-30 20:54 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\Samsung
2008-01-30 20:49 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-30 20:48 . 2008-01-30 20:48 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-30 20:48 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-01-30 20:48 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-01-30 20:48 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-01-30 20:48 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-01-30 20:48 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-01-30 20:48 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-01-30 20:48 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-01-30 20:48 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-30 20:48 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-30 20:47 . 2008-01-30 20:47 <REP> d-------- C:\Program Files\Samsung
2008-01-29 21:28 . 2008-01-29 21:28 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-29 21:25 . 2008-01-29 21:25 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 00:50 . 2008-01-29 00:50 <REP> d-------- C:\Program Files\directx
2008-01-28 18:43 . 2008-02-03 15:48 34 --a------ C:\WINDOWS\Ya.com
2008-01-23 03:48 . 2008-01-23 03:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-01-21 15:26 . 2008-02-03 15:36 283 --a------ C:\WINDOWS\comm.bin
2008-01-21 15:23 . 2008-02-03 15:35 261 --a------ C:\WINDOWS\msdres.bin
2008-01-21 12:23 . 2008-02-08 21:50 <REP> d-------- C:\Documents and Settings\Antal boss\Application Data\Zylom
2008-01-21 12:23 . 2008-01-21 12:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-01-18 14:39 . 2008-01-18 14:39 <REP> d-------- C:\Program Files\Protect Files Pro
2008-01-18 14:39 . 2002-05-16 18:16 39,456 --a------ C:\WINDOWS\system32\drivers\AFPAnsi.sys
2008-01-18 14:39 . 2002-05-16 18:17 21,411 --a------ C:\WINDOWS\system32\AFPAnsi.vxd
2008-01-18 06:30 . 2008-01-18 06:30 441 --a------ C:\WINDOWS\system32\ssmon.lnk
2008-01-18 06:30 . 2008-02-13 13:27 189 --a------ C:\WINDOWS\system32\Sysmnt.dat
2008-01-17 09:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-17 09:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:23 . 2008-01-16 21:23 <REP> d--h----- C:\WINDOWS\PIF
2008-01-16 18:07 . 2008-01-16 18:08 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-16 18:07 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-16 18:07 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-16 17:58 . 2008-01-17 14:29 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 17:49 . 2008-01-17 14:25 18,558 --a------ C:\WINDOWS\Ascd_tmp.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 12:34 --------- d-----w C:\Program Files\eMule
2008-02-13 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ssdata
2008-02-09 01:00 --------- d-----w C:\Program Files\Zylom Games
2008-01-30 19:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 15:35 --------- d-----w C:\Program Files\Logitech
2007-12-29 15:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-12-20 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-14 21:56 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pfp.exe"="C:\Program Files\Protect Files Pro\pfp.exe" [2007-10-11 12:29 1518080]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-07 23:48 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-03 15:48 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 17:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 14:35 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-07 23:48 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
R0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-05-16 18:16]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 13:43:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 13:43:45
ComboFix-quarantined-files.txt 2008-02-13 12:43:24
ComboFix2.txt 2008-02-12 22:02:59
.
2008-01-18 03:51:23 --- E O F ---
et voila le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:23, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Antal boss\Bureau\HijackThis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [pfp.exe] C:\Program Files\Protect Files Pro\pfp.exe /T
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 0502448500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sandralabor.spaces.live.com [...] nPUpld.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6493 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
|
Répondre à Angeldark
re,
voila j'ai fixé le cadre ke tu m'as envoyé,
le probleme et reglé??
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:41, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Antal boss\Bureau\HijackThis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [pfp.exe] C:\Program Files\Protect Files Pro\pfp.exe /T
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 0502448500
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sandralabor.spaces.live.com [...] nPUpld.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6126 bytes
Des soucis ?
Répondre à Angeldark
nan nikel plus de pages CID
merci bcp bonne soirée
Bon surf 
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\Antal boss\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Antal boss\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Antal boss\Bureau\HijackThis: trouvé !
C:\Documents and Settings\Antal boss\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Documents and Settings\Antal boss\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Lop SD: trouvé !
C:\Program Files\Lop SD\Lop S&D.lnk: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Antal boss\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Antal boss\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Antal boss\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Lop SD\Lop S&D.lnk: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Antal boss\Bureau\HijackThis: supprimé !
C:\Documents and Settings\Antal boss\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Lop SD: supprimé !
Il y a 2221 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
