salut tout le monde je pense kil ya du avoir au mois 500 000 post sur ce sujet mais bon g chopé plusieurs virus et comme je crois que chaque situation est différente je post mon résultat d'highjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:53, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
C:\Program Files\aawservice.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Piratrax\piratrax.exe
E:\Program Files\NETGEAR\WN121T\wn121t.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PVSW\Bin\WGE_SRV.EXE
E:\WINDOWS\system32\svchost.exe
E:\PVSW\BIN\W3dbsmgr.EXE
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Program Files\QuickTime\QuickTimePlayer.exe
E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp\sft_ver1.1454.0.exe
C:\divers\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dog about manager team] E:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\nurb type.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Netlog 24] "E:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Veoh] "E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [] E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [That Inside] E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = E:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - E:\PVSW\Bin\WGE_SRV.EXE
--
End of file - 10837 bytes
quelqu'un pourrais il m'aider ???
merci
bonsoir
Télécharge Lop S&D.exe sur ton bureau
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
- Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
ok g fais la manip ca me donne ca:
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-56 )
BIOS : Default System BIOS
USER : verbal king ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081010-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 178 Go Free : 77 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 7 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
"E:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 11/10/2008|19:20 )
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\{8258CAB4-1BAF-4288-81DD-E6AA50824656}
[18/09/2008|12:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/03/2008|02:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/03/2008|02:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/07/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[02/03/2008|15:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[18/09/2008|10:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[21/03/2008|02:46] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/07/2008|23:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/09/2008|21:00] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2008|15:07] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/03/2008|02:45] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/06/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/09/2008|21:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/05/2008|02:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[15/07/2008|00:23] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2008|14:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2008|02:56] E:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[02/03/2008|15:09] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/04/2008|13:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[14/09/2008|20:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/04/2008|21:31] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/04/2008|14:15] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[28/02/2008|23:03] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/02/2008|23:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08/09/2008|13:42] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/10/2008|19:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\1 SIGN 01
[08/10/2008|01:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Adobe
[20/03/2008|21:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\AdobeUM
[23/04/2008|19:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\Apple Computer
[01/04/2008|02:56] E:\DOCUME~1\VERBAL~1\APPLIC~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
[27/09/2008|05:28] E:\DOCUME~1\VERBAL~1\APPLIC~1\Computer Aces
[27/09/2008|05:54] E:\DOCUME~1\VERBAL~1\APPLIC~1\CoreFTP
[01/07/2008|02:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\DAEMON Tools Pro
[19/08/2008|02:18] E:\DOCUME~1\VERBAL~1\APPLIC~1\dvdcss
[22/03/2008|16:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\EBP
[11/06/2008|03:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\FileZilla
[07/10/2008|01:03] E:\DOCUME~1\VERBAL~1\APPLIC~1\Flickr
[28/02/2008|23:13] E:\DOCUME~1\VERBAL~1\APPLIC~1\Identities
[08/03/2008|21:26] E:\DOCUME~1\VERBAL~1\APPLIC~1\Macromedia
[30/09/2008|23:08] E:\DOCUME~1\VERBAL~1\APPLIC~1\Microsoft
[26/05/2008|21:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Move Networks
[10/03/2008|00:51] E:\DOCUME~1\VERBAL~1\APPLIC~1\Mozilla
[03/08/2008|17:19] E:\DOCUME~1\VERBAL~1\APPLIC~1\MySpace
[29/04/2008|17:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\Nero
[15/07/2008|00:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\Propellerhead Software
[22/09/2008|20:01] E:\DOCUME~1\VERBAL~1\APPLIC~1\Publish Providers
[02/03/2008|21:42] E:\DOCUME~1\VERBAL~1\APPLIC~1\Real
[02/08/2008|00:12] E:\DOCUME~1\VERBAL~1\APPLIC~1\ShoppingReport
[23/09/2008|00:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sony
[03/04/2008|20:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sun
[07/08/2008|17:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\U3
[06/06/2008|10:48] E:\DOCUME~1\VERBAL~1\APPLIC~1\vlc
[15/03/2008|00:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\WinRAR
[05/04/2008|14:15] E:\DOCUME~1\VERBAL~1\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans E:\WINDOWS\tasks
[11/10/2008 18:00][--ah-----] E:\WINDOWS\tasks\A92EEAC4906561CC.job
[11/10/2008 18:44][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/10/2008 02:14][--ah-----] E:\WINDOWS\tasks\MP Scheduled Scan.job
[10/10/2008 22:10][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/10/2008 21:54][--ah-----] E:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] E:\WINDOWS\tasks\desktop.ini
( A92EEAC4906561CC.job )=( e:\docume~1\verbal~1\applic~1\1sign0~1\boobflapdoes.exe )
--------------------\\ Listing des dossiers dans E:\Program Files
[18/09/2008|10:34] E:\Program Files\1 SIGN 01
[11/09/2008|02:07] E:\Program Files\Adobe
[08/03/2008|02:36] E:\Program Files\Apple Software Update
[25/04/2008|11:17] E:\Program Files\AVI Codec Pack
[08/03/2008|02:36] E:\Program Files\Bonjour
[28/02/2008|23:00] E:\Program Files\ComPlus Applications
[29/02/2008|01:09] E:\Program Files\DIFX
[29/02/2008|03:13] E:\Program Files\DivX
[17/07/2008|05:24] E:\Program Files\East West
[25/03/2008|20:56] E:\Program Files\EBP
[11/07/2008|23:02] E:\Program Files\Fichiers communs
[10/06/2008|22:44] E:\Program Files\FileZilla FTP Client
[18/07/2008|21:55] E:\Program Files\FriendBlasterPro
[08/05/2008|22:17] E:\Program Files\Hotspot Shield
[20/07/2008|22:29] E:\Program Files\Image-Line
[02/08/2008|01:47] E:\Program Files\InstallShield Installation Information
[14/08/2008|03:01] E:\Program Files\Internet Explorer
[12/03/2008|13:22] E:\Program Files\iPod
[01/04/2008|02:56] E:\Program Files\iTunes
[21/03/2008|23:56] E:\Program Files\Java
[14/08/2008|03:05] E:\Program Files\Messenger
[28/02/2008|23:04] E:\Program Files\microsoft frontpage
[14/09/2008|20:57] E:\Program Files\Microsoft SQL Server Compact Edition
[24/06/2008|13:49] E:\Program Files\Microsoft Visual Studio
[24/06/2008|13:50] E:\Program Files\Microsoft Works
[28/02/2008|23:01] E:\Program Files\Movie Maker
[11/10/2008|19:18] E:\Program Files\Mozilla Firefox
[01/08/2008|22:30] E:\Program Files\Mp3 Song Plays Increaser
[24/06/2008|13:50] E:\Program Files\MSBuild
[07/09/2008|22:06] E:\Program Files\MSECache
[20/09/2008|23:21] E:\Program Files\MSN
[28/02/2008|23:00] E:\Program Files\MSN Gaming Zone
[18/05/2008|20:14] E:\Program Files\mst software
[01/05/2008|11:22] E:\Program Files\MSXML 4.0
[03/08/2008|17:19] E:\Program Files\MySpace
[29/02/2008|13:36] E:\Program Files\NETGEAR
[15/09/2008|18:53] E:\Program Files\NetMeeting
[17/09/2008|21:13] E:\Program Files\NOS
[28/02/2008|23:00] E:\Program Files\Online Services
[03/03/2008|04:04] E:\Program Files\Outlook Express
[10/10/2008|23:57] E:\Program Files\PCHealthCenter
[08/03/2008|02:36] E:\Program Files\QuickTime
[02/03/2008|21:38] E:\Program Files\Real
[28/02/2008|23:02] E:\Program Files\Services en ligne
[07/07/2008|14:11] E:\Program Files\ShoppingReport
[22/09/2008|19:40] E:\Program Files\Sony
[21/03/2008|23:56] E:\Program Files\Sun
[28/02/2008|23:13] E:\Program Files\Uninstall Information
[08/10/2008|22:47] E:\Program Files\Veoh Networks
[22/09/2008|19:35] E:\Program Files\Vstplugins
[03/08/2008|17:34] E:\Program Files\Windows Defender
[16/09/2008|03:01] E:\Program Files\Windows Live
[14/09/2008|20:57] E:\Program Files\Windows Live Favorites
[14/09/2008|20:57] E:\Program Files\Windows Live Toolbar
[02/03/2008|15:11] E:\Program Files\Windows Media Connect 2
[01/04/2008|02:56] E:\Program Files\Windows Media Player
[28/02/2008|23:00] E:\Program Files\Windows NT
[28/02/2008|23:02] E:\Program Files\WindowsUpdate
[15/03/2008|00:49] E:\Program Files\WinRAR
[28/02/2008|23:04] E:\Program Files\xerox
[02/03/2008|15:34] E:\Program Files\Xvid
[03/04/2008|21:31] E:\Program Files\Yahoo!
[22/03/2008|00:00] E:\Program Files\Your Freedom
--------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs
[18/09/2008|12:36] E:\Program Files\Fichiers communs\Adobe
[08/03/2008|02:35] E:\Program Files\Fichiers communs\Apple
[11/07/2008|23:02] E:\Program Files\Fichiers communs\debugmode
[24/06/2008|13:49] E:\Program Files\Fichiers communs\DESIGNER
[22/03/2008|16:27] E:\Program Files\Fichiers communs\EBP
[01/07/2008|10:41] E:\Program Files\Fichiers communs\EZB Systems
[29/02/2008|00:55] E:\Program Files\Fichiers communs\InstallShield
[21/03/2008|23:49] E:\Program Files\Fichiers communs\Java
[22/09/2008|19:33] E:\Program Files\Fichiers communs\Microsoft Shared
[28/02/2008|23:01] E:\Program Files\Fichiers communs\MSSoap
[28/02/2008|23:41] E:\Program Files\Fichiers communs\ODBC
[21/03/2008|01:09] E:\Program Files\Fichiers communs\Pervasive Software Shared
[02/03/2008|21:38] E:\Program Files\Fichiers communs\Real
[28/02/2008|23:01] E:\Program Files\Fichiers communs\Services
[28/02/2008|23:41] E:\Program Files\Fichiers communs\SpeechEngines
[24/06/2008|13:46] E:\Program Files\Fichiers communs\System
[08/03/2008|21:24] E:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/07/2008|23:44] E:\Program Files\Fichiers communs\Wise Installation Wizard
[02/03/2008|21:38] E:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 55 Processes )
iexplore.exe ~ [PID:660]
iexplore.exe ~ [PID:1268]
iexplore.exe ~ [PID:556]
--------------------\\ Recherche avec S_Lop
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1SIGN0~1\zgixbtcp.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About\nurb type.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\boob flap does.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\dfwrvzfp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ewcopdng.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ghsqpdvl.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\gkokqksp.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\Skip mfcd.exe
E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\zgixbtcp.exe
E:\Program Files\1sign0~1
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@inside.winzix[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@advertising[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adin.bigpoint[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@fr1.darkorbit.bigpoint[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.casinoking[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@casinoking[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.cotedazurpalace[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@sr2.livemediasrv[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[3].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.32vegas[2].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.vegasaffiliates[1].txt
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.lop[1].txt
E:\WINDOWS\Tasks\A92EEAC4906561CC.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\deafaimpoll]
"DisplayName"="CiD Help"
"UninstallString"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
"That Inside"="E:\\DOCUME~1\\VERBAL~1\\APPLIC~1\\1SIGN0~1\\Skip mfcd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dog about manager team"="E:\\Documents and Settings\\All Users\\Application Data\\Drv Audio Dog About\\nurb type.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 19:21:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:381][D:21]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp
[F:274][D:0]-> E:\DOCUME~1\VERBAL~1\Cookies
[F:1740][D:15]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 11/10/2008|19:22 - Option : [1]
--------------------\\ Fin du rapport a 19:22:44
j'apprécie ton aide
bonsoir
Relance Lop S&D
- Choisis cette fois ci l'Option 2 ( Suppression )
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré ( C:\lopR.txt )
ajoute un nouveau log hijackthis stp
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-56 )
BIOS : Default System BIOS
USER : verbal king ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081011-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 178 Go Free : 77 Go
E:\ (Local Disk) - NTFS - Total : 7 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
"E:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 12/10/2008| 0:58 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About\nurb type.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\boob flap does.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\dfwrvzfp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ewcopdng.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\ghsqpdvl.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\gkokqksp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\Skip mfcd.exe
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1\zgixbtcp.exe
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@inside.winzix[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adultfriendfinder[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@advertising[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adin.bigpoint[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@bigpoint[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@fr1.darkorbit.bigpoint[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.casinoking[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@casinoking[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.cotedazurpalace[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@cotedazurpalace[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.cotedazurpalace[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[1].txt
Echec ! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@sr2.livemediasrv[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@pacificpoker[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@partypoker[3].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@32vegas[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@banner.32vegas[2].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.vegasaffiliates[1].txt
Supprime! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@www.lop[1].txt
Supprime! - E:\WINDOWS\Tasks\A92EEAC4906561CC.job
Supprime! - E:\DOCUME~1\ALLUSE~1\APPLIC~1\Drv Audio Dog About
Supprime! - E:\DOCUME~1\VERBAL~1\APPLIC~1\1sign0~1
Supprime! - E:\Program Files\1sign0~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE
Echec ! - E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\{8258CAB4-1BAF-4288-81DD-E6AA50824656}
[18/09/2008|12:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/03/2008|02:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/03/2008|02:36] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/07/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[02/03/2008|15:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[22/03/2008|16:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\EBP
[21/03/2008|02:46] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/07/2008|23:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/09/2008|21:00] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/09/2008|15:07] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/03/2008|02:45] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[10/06/2008|02:27] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/09/2008|21:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[13/05/2008|02:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[15/07/2008|00:23] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2008|14:13] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2008|02:56] E:\DOCUME~1\ALLUSE~1\APPLIC~1\uPlayMe
[02/03/2008|15:09] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/04/2008|13:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[14/09/2008|20:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/04/2008|21:31] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/04/2008|14:15] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[28/02/2008|23:03] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/02/2008|23:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[08/09/2008|13:42] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[08/10/2008|01:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Adobe
[20/03/2008|21:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\AdobeUM
[23/04/2008|19:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\Apple Computer
[01/04/2008|02:56] E:\DOCUME~1\VERBAL~1\APPLIC~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
[27/09/2008|05:28] E:\DOCUME~1\VERBAL~1\APPLIC~1\Computer Aces
[27/09/2008|05:54] E:\DOCUME~1\VERBAL~1\APPLIC~1\CoreFTP
[01/07/2008|02:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\DAEMON Tools Pro
[19/08/2008|02:18] E:\DOCUME~1\VERBAL~1\APPLIC~1\dvdcss
[22/03/2008|16:27] E:\DOCUME~1\VERBAL~1\APPLIC~1\EBP
[11/06/2008|03:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\FileZilla
[07/10/2008|01:03] E:\DOCUME~1\VERBAL~1\APPLIC~1\Flickr
[28/02/2008|23:13] E:\DOCUME~1\VERBAL~1\APPLIC~1\Identities
[08/03/2008|21:26] E:\DOCUME~1\VERBAL~1\APPLIC~1\Macromedia
[30/09/2008|23:08] E:\DOCUME~1\VERBAL~1\APPLIC~1\Microsoft
[26/05/2008|21:06] E:\DOCUME~1\VERBAL~1\APPLIC~1\Move Networks
[10/03/2008|00:51] E:\DOCUME~1\VERBAL~1\APPLIC~1\Mozilla
[03/08/2008|17:19] E:\DOCUME~1\VERBAL~1\APPLIC~1\MySpace
[29/04/2008|17:35] E:\DOCUME~1\VERBAL~1\APPLIC~1\Nero
[15/07/2008|00:23] E:\DOCUME~1\VERBAL~1\APPLIC~1\Propellerhead Software
[22/09/2008|20:01] E:\DOCUME~1\VERBAL~1\APPLIC~1\Publish Providers
[02/03/2008|21:42] E:\DOCUME~1\VERBAL~1\APPLIC~1\Real
[02/08/2008|00:12] E:\DOCUME~1\VERBAL~1\APPLIC~1\ShoppingReport
[23/09/2008|00:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sony
[03/04/2008|20:34] E:\DOCUME~1\VERBAL~1\APPLIC~1\Sun
[07/08/2008|17:46] E:\DOCUME~1\VERBAL~1\APPLIC~1\U3
[06/06/2008|10:48] E:\DOCUME~1\VERBAL~1\APPLIC~1\vlc
[15/03/2008|00:50] E:\DOCUME~1\VERBAL~1\APPLIC~1\WinRAR
[05/04/2008|14:15] E:\DOCUME~1\VERBAL~1\APPLIC~1\Yahoo!
--------------------\\ Tâches planifiées dans E:\WINDOWS\tasks
[12/10/2008 00:44][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/10/2008 02:14][--ah-----] E:\WINDOWS\tasks\MP Scheduled Scan.job
[10/10/2008 22:10][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/10/2008 21:54][--ah-----] E:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] E:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans E:\Program Files
[11/09/2008|02:07] E:\Program Files\Adobe
[08/03/2008|02:36] E:\Program Files\Apple Software Update
[25/04/2008|11:17] E:\Program Files\AVI Codec Pack
[08/03/2008|02:36] E:\Program Files\Bonjour
[28/02/2008|23:00] E:\Program Files\ComPlus Applications
[29/02/2008|01:09] E:\Program Files\DIFX
[29/02/2008|03:13] E:\Program Files\DivX
[17/07/2008|05:24] E:\Program Files\East West
[25/03/2008|20:56] E:\Program Files\EBP
[11/07/2008|23:02] E:\Program Files\Fichiers communs
[10/06/2008|22:44] E:\Program Files\FileZilla FTP Client
[18/07/2008|21:55] E:\Program Files\FriendBlasterPro
[08/05/2008|22:17] E:\Program Files\Hotspot Shield
[20/07/2008|22:29] E:\Program Files\Image-Line
[02/08/2008|01:47] E:\Program Files\InstallShield Installation Information
[14/08/2008|03:01] E:\Program Files\Internet Explorer
[12/03/2008|13:22] E:\Program Files\iPod
[01/04/2008|02:56] E:\Program Files\iTunes
[21/03/2008|23:56] E:\Program Files\Java
[14/08/2008|03:05] E:\Program Files\Messenger
[28/02/2008|23:04] E:\Program Files\microsoft frontpage
[14/09/2008|20:57] E:\Program Files\Microsoft SQL Server Compact Edition
[24/06/2008|13:49] E:\Program Files\Microsoft Visual Studio
[24/06/2008|13:50] E:\Program Files\Microsoft Works
[28/02/2008|23:01] E:\Program Files\Movie Maker
[12/10/2008|00:28] E:\Program Files\Mozilla Firefox
[01/08/2008|22:30] E:\Program Files\Mp3 Song Plays Increaser
[24/06/2008|13:50] E:\Program Files\MSBuild
[07/09/2008|22:06] E:\Program Files\MSECache
[20/09/2008|23:21] E:\Program Files\MSN
[28/02/2008|23:00] E:\Program Files\MSN Gaming Zone
[18/05/2008|20:14] E:\Program Files\mst software
[01/05/2008|11:22] E:\Program Files\MSXML 4.0
[03/08/2008|17:19] E:\Program Files\MySpace
[29/02/2008|13:36] E:\Program Files\NETGEAR
[15/09/2008|18:53] E:\Program Files\NetMeeting
[17/09/2008|21:13] E:\Program Files\NOS
[28/02/2008|23:00] E:\Program Files\Online Services
[03/03/2008|04:04] E:\Program Files\Outlook Express
[10/10/2008|23:57] E:\Program Files\PCHealthCenter
[08/03/2008|02:36] E:\Program Files\QuickTime
[02/03/2008|21:38] E:\Program Files\Real
[28/02/2008|23:02] E:\Program Files\Services en ligne
[07/07/2008|14:11] E:\Program Files\ShoppingReport
[22/09/2008|19:40] E:\Program Files\Sony
[21/03/2008|23:56] E:\Program Files\Sun
[28/02/2008|23:13] E:\Program Files\Uninstall Information
[08/10/2008|22:47] E:\Program Files\Veoh Networks
[22/09/2008|19:35] E:\Program Files\Vstplugins
[03/08/2008|17:34] E:\Program Files\Windows Defender
[16/09/2008|03:01] E:\Program Files\Windows Live
[14/09/2008|20:57] E:\Program Files\Windows Live Favorites
[14/09/2008|20:57] E:\Program Files\Windows Live Toolbar
[02/03/2008|15:11] E:\Program Files\Windows Media Connect 2
[01/04/2008|02:56] E:\Program Files\Windows Media Player
[28/02/2008|23:00] E:\Program Files\Windows NT
[28/02/2008|23:02] E:\Program Files\WindowsUpdate
[15/03/2008|00:49] E:\Program Files\WinRAR
[28/02/2008|23:04] E:\Program Files\xerox
[02/03/2008|15:34] E:\Program Files\Xvid
[03/04/2008|21:31] E:\Program Files\Yahoo!
[22/03/2008|00:00] E:\Program Files\Your Freedom
--------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs
[18/09/2008|12:36] E:\Program Files\Fichiers communs\Adobe
[08/03/2008|02:35] E:\Program Files\Fichiers communs\Apple
[11/07/2008|23:02] E:\Program Files\Fichiers communs\debugmode
[24/06/2008|13:49] E:\Program Files\Fichiers communs\DESIGNER
[22/03/2008|16:27] E:\Program Files\Fichiers communs\EBP
[01/07/2008|10:41] E:\Program Files\Fichiers communs\EZB Systems
[29/02/2008|00:55] E:\Program Files\Fichiers communs\InstallShield
[21/03/2008|23:49] E:\Program Files\Fichiers communs\Java
[22/09/2008|19:33] E:\Program Files\Fichiers communs\Microsoft Shared
[28/02/2008|23:01] E:\Program Files\Fichiers communs\MSSoap
[28/02/2008|23:41] E:\Program Files\Fichiers communs\ODBC
[21/03/2008|01:09] E:\Program Files\Fichiers communs\Pervasive Software Shared
[02/03/2008|21:38] E:\Program Files\Fichiers communs\Real
[28/02/2008|23:01] E:\Program Files\Fichiers communs\Services
[28/02/2008|23:41] E:\Program Files\Fichiers communs\SpeechEngines
[24/06/2008|13:46] E:\Program Files\Fichiers communs\System
[08/03/2008|21:24] E:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/07/2008|23:44] E:\Program Files\Fichiers communs\Wise Installation Wizard
[02/03/2008|21:38] E:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
E:\DOCUME~1\VERBAL~1\Cookies\verbal king@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 01:05:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
E:\WINDOWS\system32\CIOUtBeg.ini
E:\WINDOWS\system32\CIOUtBeg.ini2
==> VUNDO <==
[F:398][D:22]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp
[F:249][D:0]-> E:\DOCUME~1\VERBAL~1\Cookies
[F:1850][D:15]-> E:\DOCUME~1\VERBAL~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 11/10/2008|19:22 - Option : [1]
2 - "E:\Lop SD\LopR_2.txt" - 12/10/2008| 1:07 - Option : [2]
--------------------\\ Fin du rapport a 1:07:55
plus le log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:08, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
C:\Program Files\aawservice.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Piratrax\piratrax.exe
E:\Program Files\NETGEAR\WN121T\wn121t.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\PVSW\Bin\WGE_SRV.EXE
E:\WINDOWS\system32\svchost.exe
E:\PVSW\BIN\W3dbsmgr.EXE
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
E:\DOCUME~1\VERBAL~1\LOCALS~1\Temp\Répertoire temporaire 8 pour musiCutter0.7.1_fr.zip\musiCutter.exe
C:\Program Files\CDArch52.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\NOTEPAD.EXE
C:\divers\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - E:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [b0799d90] rundll32.exe "E:\WINDOWS\system32\jxwbvygr.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Netlog 24] "E:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Veoh] "E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [] E:\Documents and Settings\verbal king\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax_launch.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = E:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: tsusdj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - E:\PVSW\Bin\WGE_SRV.EXE
--
End of file - 9563 bytes
merci
bonjour
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 227 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
