Aidez moi !!! virus
Forum Sécurité - Virus : Aidez moi !!! virus
Bonjour je suis infecté par quelques virus et chevals de troie mais je ne sais pas m'en débarasser.J'ai fait un scan avec ClamWin Free Antivirus et il ma détecté :
-win32:Tipa(Cryp)
-win32:Trojan-gen(other)
win32
sBot-k(Trj)
Je ne sait pas si ils sont dangereux et comment s'en débarasser, c'est pourquoi je suis venu sur ce forum.
Bonjour,
Tu as l'emplacement ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
J'ai deja le rapport de ClamWin Free Antivirus :
Scan Started Fri Aug 29 17:17:51 2008
-------------------------------------------------------------------------------
C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe: Trojan.Downloader-52290 FOUND
C:\Program Files\CDBurnerXP\unins000.exe: Trojan.Downloader-52290 FOUND
C:\Users\Lucas\AppData\Local\Mozilla\Firefox\Profiles\7nwnbreo.default\Cache\F59E1B58d01: Adware.Casino-17 FOUND
C:\Users\Lucas\Desktop\Everest Poker.exe: Adware.Casino-17 FOUND
C:\Users\Lucas\Desktop\Installation\daemon4301-lite.exe: Trojan.Zlob-7844 FOUND
--------------------------------------
Completed
--------------------------------------
Ce ne sont pas des infections.
Répondre à Angeldark
et c'est quoi alors ??
Des fausses alertes.
C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe >> gravure
C:\Program Files\CDBurnerXP >> idem
C:\Users\Lucas\Desktop\Everest Poker.exe >> poker
C:\Users\Lucas\Desktop\Installation\daemon4301-lite.exe >> Deamon Tools
Tu peux juste faire Firefox >> Outils >> Effacer mes traces >> Garde juste cache puis valide
Répondre à Angeldark
voila au cas le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:39, on 31/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Lucas\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Users\Lucas\Music\musique\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8501 bytes
Re,
Il y a une toolbar.
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
Répondre à Angeldark
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lucas ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [1] ( 02/09/2008|16:28 )
[ UAC => 0 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.xul
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.dtd
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.properties
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealiotoolbarplugin.css
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_large.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_small.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\search_dealio.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioFF.dll
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioProtocol.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.xpt
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Users\Public\Desktop\Piolet.lnk
C:\Windows\Prefetch\PIOLET.EXE-E51AEA20.pf
C:\Windows\Prefetch\PIOLET_TOOLBAR_UNINSTALLER_71-7A4D8A2E.pf
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Piolet
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@ads.piolet[2].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[2].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[3].txt
C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@www.piolet[2].txt
C:\Program Files\Piolet
C:\Program Files\Piolet\BGCheck.exe
C:\Program Files\Piolet\BGCheck.jpg
C:\Program Files\Piolet\BGCheck.sw2
C:\Program Files\Piolet\Cache.dat
C:\Program Files\Piolet\contacts.dat
C:\Program Files\Piolet\contactsR.dat
C:\Program Files\Piolet\default.m3u
C:\Program Files\Piolet\DOWNLD2.DAT
C:\Program Files\Piolet\downloads.dat
C:\Program Files\Piolet\EBCRYPT.DLL
C:\Program Files\Piolet\fmod.dll
C:\Program Files\Piolet\fmod_dsp_lowpass.dll
C:\Program Files\Piolet\loading.gif
C:\Program Files\Piolet\loading.htm
C:\Program Files\Piolet\msha256.dll
C:\Program Files\Piolet\My Shared Folder
C:\Program Files\Piolet\MyFiles3.dat
C:\Program Files\Piolet\MyFiles3.dat.lst
C:\Program Files\Piolet\MyFiles3.dat.vts
C:\Program Files\Piolet\NCTAudioBurner.dll
C:\Program Files\Piolet\NCTAudioFile.dll
C:\Program Files\Piolet\NCTAudioInformation.dll
C:\Program Files\Piolet\NCTAudioPlayer.DLL
C:\Program Files\Piolet\NCTAudioVisualization.dll
C:\Program Files\Piolet\NCTWMAFile.dll
C:\Program Files\Piolet\NetworkCache0.dat
C:\Program Files\Piolet\NetworkCache1.dat
C:\Program Files\Piolet\NetworkCache2.dat
C:\Program Files\Piolet\NetworkCache3.dat
C:\Program Files\Piolet\NetworkCache4.dat
C:\Program Files\Piolet\NetworkCache5.dat
C:\Program Files\Piolet\NetworkCache6.dat
C:\Program Files\Piolet\NetworkCache7.dat
C:\Program Files\Piolet\Piolet.exe
C:\Program Files\Piolet\Piolet.exe.Manifest
C:\Program Files\Piolet\Settings.ini
C:\Program Files\Piolet\SmartUI2.ocx
C:\Program Files\Piolet\Softwrap.dll
C:\Program Files\Piolet\SSubTmr6.dll
C:\Program Files\Piolet\uninstall.exe
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Bar"="http://www.google.com/ie"
"SEARCH PAGE"="http://www.google.com"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
"Start Page"="http://google.mini15.com"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Start Page"="http://fr.fr.acer.yahoo.com"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Lucas\AppData\Local\Temp\WellPhone_1.6.1.1_crack.torrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\BF2142_NO-CD-CRACK+OnlinePatch.zip.torrent
C:\Users\Lucas\image\rap\Fat Joe feat. Lil' Wayne - Crack House (87).mp3.jpg
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 02/09/2008|16:29 - Option : [1]
-----------\\ Fin du rapport a 16:29:00.67
Re,
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Répondre à Angeldark
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : Lucas ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [2] ( 02/09/2008|17:52 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
Supprime! - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\Users\Public\Desktop\Piolet.lnk
Supprime! - C:\Windows\Prefetch\PIOLET.EXE-E51AEA20.pf
Supprime! - C:\Windows\Prefetch\PIOLET_TOOLBAR_UNINSTALLER_71-7A4D8A2E.pf
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Piolet
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@ads.piolet[2].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[2].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@piolet[3].txt
Supprime! - C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\Cookies\lucas@www.piolet[2].txt
Supprime! - C:\Program Files\Piolet\BGCheck.exe
Supprime! - C:\Program Files\Piolet\BGCheck.jpg
Supprime! - C:\Program Files\Piolet\BGCheck.sw2
Supprime! - C:\Program Files\Piolet\Cache.dat
Supprime! - C:\Program Files\Piolet\contacts.dat
Supprime! - C:\Program Files\Piolet\contactsR.dat
Supprime! - C:\Program Files\Piolet\default.m3u
Supprime! - C:\Program Files\Piolet\DOWNLD2.DAT
Supprime! - C:\Program Files\Piolet\downloads.dat
Supprime! - C:\Program Files\Piolet\EBCRYPT.DLL
Supprime! - C:\Program Files\Piolet\fmod.dll
Supprime! - C:\Program Files\Piolet\fmod_dsp_lowpass.dll
Supprime! - C:\Program Files\Piolet\loading.gif
Supprime! - C:\Program Files\Piolet\loading.htm
Supprime! - C:\Program Files\Piolet\msha256.dll
Supprime! - C:\Program Files\Piolet\My Shared Folder
Supprime! - C:\Program Files\Piolet\MyFiles3.dat
Supprime! - C:\Program Files\Piolet\MyFiles3.dat.lst
Supprime! - C:\Program Files\Piolet\MyFiles3.dat.vts
Supprime! - C:\Program Files\Piolet\NCTAudioBurner.dll
Supprime! - C:\Program Files\Piolet\NCTAudioFile.dll
Supprime! - C:\Program Files\Piolet\NCTAudioInformation.dll
Supprime! - C:\Program Files\Piolet\NCTAudioPlayer.DLL
Supprime! - C:\Program Files\Piolet\NCTAudioVisualization.dll
Supprime! - C:\Program Files\Piolet\NCTWMAFile.dll
Supprime! - C:\Program Files\Piolet\NetworkCache0.dat
Supprime! - C:\Program Files\Piolet\NetworkCache1.dat
Supprime! - C:\Program Files\Piolet\NetworkCache2.dat
Supprime! - C:\Program Files\Piolet\NetworkCache3.dat
Supprime! - C:\Program Files\Piolet\NetworkCache4.dat
Supprime! - C:\Program Files\Piolet\NetworkCache5.dat
Supprime! - C:\Program Files\Piolet\NetworkCache6.dat
Supprime! - C:\Program Files\Piolet\NetworkCache7.dat
Supprime! - C:\Program Files\Piolet\Piolet.exe
Supprime! - C:\Program Files\Piolet\Piolet.exe.Manifest
Supprime! - C:\Program Files\Piolet\Settings.ini
Supprime! - C:\Program Files\Piolet\SmartUI2.ocx
Supprime! - C:\Program Files\Piolet\Softwrap.dll
Supprime! - C:\Program Files\Piolet\SSubTmr6.dll
Supprime! - C:\Program Files\Piolet\uninstall.exe
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Piolet
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Bar"="http://www.google.com/ie"
"SEARCH PAGE"="http://www.google.com"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
"Start Page"="http://google.mini15.com"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Lucas\AppData\Local\Temp\WellPhone_1.6.1.1_crack.torrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\BF2142_NO-CD-CRACK+OnlinePatch.zip.torrent
C:\Users\Lucas\image\rap\Fat Joe feat. Lil' Wayne - Crack House (87).mp3.jpg
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 02/09/2008|16:29 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/09/2008|17:55 - Option : [2]
-----------\\ Fin du rapport a 17:55:08.77
Re,
Supprime tes cracks.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 6.0.6000
02/09/2008 18:46:57
mbam-log-2008-09-02 (18-46-53).txt
Type de recherche: Examen complet (C:\|D:\|X:\|)
Eléments examinés: 214044
Temps écoulé: 38 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
X:\System Volume Information\_restore{E81846DC-015D-4F45-B1FB-EE61E39888C9}\RP45\A0011875.exe (Adware.Agent) -> No action taken.
X:\System Volume Information\_restore{E81846DC-015D-4F45-B1FB-EE61E39888C9}\RP45\A0011876.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\DSC01497.zip (Worm.DsBot) -> No action taken.
Tu as bien supprimé les infections ?
Répondre à Angeldark
Oui je les ai supprimé
C'est bon il n'y a plus d'infections sur mon ordi ?
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:39, on 31/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Lucas\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Users\Lucas\Music\musique\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8501 bytes
Un nouveau rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:39, on 31/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Lucas\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Users\Lucas\Music\musique\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8501 bytes
| Citation : Scan saved at 11:38:39, on 31/08/2008 |
Regarde la date.
Répondre à Angeldark
aide moi....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:09, on 17/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\System32\lphccwmj0ea65.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [lphccwmj0ea65] C:\Windows\system32\lphccwmj0ea65.exe
O4 - HKLM\..\Run: [SMrhc9wmj0ea65] C:\Program Files\rhc9wmj0ea65\rhc9wmj0ea65.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkHbXrq.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chakib\AppData\Local\Temp\fccaxutR.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\chakib\AppData\Local\Temp\hgGyaaYR.dll,#1
O4 - HKCU\..\Run: [lphccwmj0ea65] C:\Windows\system32\lphccwmj0ea65.exe
O4 - HKCU\..\Run: [c8556b58] rundll32.exe "C:\Users\chakib\AppData\Local\Temp\limjdhdl.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D0D05CAA-80C0-455A-B5C8-6433218CBA29} (Installer Class) - http://static.plaync.co.kr/activex [...] nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50604C8E-8BCD-4B5F-AA14-C0950DD4FB34}: NameServer = 41.221.20.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 3933 bytes
Il y a 2468 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
