01net    Web


Actuellement en ligne : 165 Utilisateurs dont 24 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Spam
> Redirection vers des pages de pubs
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
dark freestall
  
  :-)
      ?   @     Posté le 09/03/2008 09:47:12  
Voter pour ce message
Bonjour,

Depuis quelques semaines, en allant sur internet à la place de la page voulue s'affichent des pages de pubs pour gagner de l'argent et des sites hots.

Ces sites ne s'affichent pas dans des fenêtres à part comme les pops-up (j'utilise mozilla), mais se mettent à la place de ce que l'on voulait chercher, comme si l'on avait cliqué dessus.

J'ai remarqué dans la barre URL que les liens passaient de


http//www.google.fr/search...
à http//daytotals.com/rns/b-search/
puis à n'importe quel site du genre :http://fast-loans.org/mbo.cfm?pt=2&rpt=1&kt=1

J'ai effectué un rapport hijackthis,mais je ne le post pas tout de suite.

Merci de votre aide


-->Message édité par smilblick le 09/03/2008 09:56:49<--
naheulbeuk
  
  :-)
      ?   ^   @     Posté le 09/03/2008 10:00:48  
Voter pour ce message
bonjour, post ton rapport hijackthis stp ;)
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
dark freestall
  
  :-)
      ?   @     Posté le 09/03/2008 10:01:28  
Voter pour ce message
Voila ^^


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:54, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowsingEnhancer - {5ABBD91B-0215-2FE1-7A7E-753F05B40CB8} - C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{312C640B-36AB-4950-B22D-AF249550D687}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4B635F-D0BD-46A2-9710-455D41F8B444}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{86F4414B-9BC1-49FC-9026-7A13AA9F73E2}: NameServer = 192.168.1.1,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F6EEA27-4918-49C2-9B3A-33A76279318F}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FB6B44-EFED-4363-847B-9AD5DE88BA26}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{312C640B-36AB-4950-B22D-AF249550D687}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1024.jpg
O24 - Desktop Component 1: (no name) - http://www.verrens.ru/photos/050501/tn/DSC_1544.jpg
O24 - Desktop Component 2: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1033.jpg

--
End of file - 9177 bytes
naheulbeuk
  
  :-)
      ?   ^   @     Posté le 09/03/2008 10:03:35  
Voter pour ce message
re, détournement DNS <=> infection WareOut ;)

Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{312C640B-36AB-4950-B22D-AF249550D687}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4B635F-D0BD-46A2-9710-455D41F8B444}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F6EEA27-4918-49C2-9B3A-33A76279318F}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FB6B44-EFED-4363-847B-9AD5DE88BA26}: NameServer = 85.255.115.44,85.255.112.217
O17 - HKLM\System\CS1\Services\Tcpip\..\{312C640B-36AB-4950-B22D-AF249550D687}: NameServer = 85.255.115.44,85.255.112.217

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

:hello:
-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/
dark freestall
  
  :-)
      ?   @     Posté le 09/03/2008 10:20:45  
Voter pour ce message
Re,Pour le truc avec Hijackthis j'ai pu cocher que 2 cases car j'ai pas trouver les 3 autres.
Voici le rapport de FixWareout:

Username "philippe" - 09/03/2008 10:06:34 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdayy.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{312C640B-36AB-4950-B22D-AF249550D687}
"nameserver"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3F4B635F-D0BD-46A2-9710-455D41F8B444}
"nameserver"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{86F4414B-9BC1-49FC-9026-7A13AA9F73E2}
"nameserver"="192.168.1.1,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9F6EEA27-4918-49C2-9B3A-33A76279318F}
"nameserver"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D3FB6B44-EFED-4363-847B-9AD5DE88BA26}
"nameserver"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{312C640B-36AB-4950-B22D-AF249550D687}
"DhcpNameServer"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3F4B635F-D0BD-46A2-9710-455D41F8B444}
"DhcpNameServer"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9F6EEA27-4918-49C2-9B3A-33A76279318F}
"DhcpNameServer"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B3F64F9E-B622-48E2-BCA8-7B2E91262941}
"DhcpNameServer"="85.255.115.44,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D3FB6B44-EFED-4363-847B-9AD5DE88BA26}
"DhcpNameServer"="85.255.115.44,85.255.112.217" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdayy.ren 73792 13/06/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Et celui de HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:26, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BrowsingEnhancer - {5ABBD91B-0215-2FE1-7A7E-753F05B40CB8} - C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1024.jpg
O24 - Desktop Component 1: (no name) - http://www.verrens.ru/photos/050501/tn/DSC_1544.jpg
O24 - Desktop Component 2: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1033.jpg

--
End of file - 7915 bytes
naheulbeuk
  
  :-)
      ?   ^   @     Posté le 09/03/2008 11:57:51  
Voter pour ce message
Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)


  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

    ;)
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    • dark freestall
      
      :-)
          ?   @     Posté le 09/03/2008 12:24:54  
    Voter pour ce message
    ComboFix 08-03-08.2 - philippe 2008-03-09 12:06:37.1 - FAT32x86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.113 [GMT 1:00]
    Endroit: C:\Documents and Settings\philippe\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\msmovies
    C:\Program Files\msupdate
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\WINDOWS\boot.ini
    C:\WINDOWS\dialerexe.ini
    C:\WINDOWS\msnimport.exe
    C:\WINDOWS\tmlpcert2007

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_NPF


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-09 09:43 . 2008-03-09 09:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-05 22:13 . 2008-03-05 22:13 <REP> d-------- C:\Program Files\Screamer Radio
    2008-03-05 13:57 . 2008-03-05 13:57 <REP> d-------- C:\Program Files\S2SaTstrat
    2008-03-04 18:29 . 2008-03-04 18:29 <REP> d-------- C:\Program Files\GoldWave
    2008-03-03 10:19 . 2008-03-03 10:19 <REP> d-------- C:\Documents and Settings\philippe\Application Data\AccurateRip
    2008-03-03 10:19 . 2008-03-04 15:00 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2008-02-29 13:24 . 2008-02-29 13:25 <REP> d-------- C:\Program Files\Xvid
    2008-02-29 13:24 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-02-29 13:24 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-02-29 13:24 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2008-02-28 18:18 . 2008-02-28 18:18 <REP> d-------- C:\Documents and Settings\philippe\amsn
    2008-02-28 18:17 . 2008-02-28 18:17 <REP> d-------- C:\Program Files\aMSN
    2008-02-27 18:22 . 2008-02-27 18:22 <REP> d-------- C:\Documents and Settings\philippe\AbiSuite
    2008-02-27 18:21 . 2008-02-27 18:21 <REP> d-------- C:\Program Files\AbiSuite2
    2008-02-20 14:10 . 2008-02-20 14:10 <REP> d-------- C:\Program Files\Lavalys
    2008-02-20 14:06 . 2008-02-20 14:06 30,996 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-02-18 06:39 . 2008-02-18 06:39 <REP> d--hs---- C:\FOUND.032
    2008-02-14 06:17 . 2008-02-14 06:17 <REP> d--hs---- C:\FOUND.031
    2008-02-10 10:19 . 2008-02-10 10:19 631,940 --a------ C:\WINDOWS\Revolution Script CS UnRevoCS.exe
    2008-02-09 15:50 . 2008-02-09 15:50 <REP> d-------- C:\Program Files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-03 10:02 --------- d-----w C:\Program Files\Steam
    2008-01-28 16:51 --------- d-----w C:\Program Files\Live_TV
    2008-01-28 16:47 --------- d-----w C:\Program Files\BrowsingEnhancer
    2008-01-26 18:17 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2008-01-20 12:28 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-01-20 12:25 --------- d-----w C:\Program Files\Fichiers communs\HP
    2008-01-20 12:22 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-01-19 19:03 --------- d-----w C:\Program Files\mIRC
    2007-12-13 06:19 557,447 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_12_22_02_09_full.dmp.zip
    2006-11-15 12:14 20 ----a-w C:\Documents and Settings\philippe\ZWIN.DLL
    2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2007-06-06 15:51 5 --sha-w C:\WINDOWS\system32\fbbbcbba9_s.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
    2007-12-27 00:32 1019904 --a------ C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-24 20:05 67128]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Redémarrer le gestionnaire de connexion.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Redémarrer le gestionnaire de connexion.lnk
    backup=C:\WINDOWS\pss\Redémarrer le gestionnaire de connexion.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\philippe\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^philippe^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
    path=C:\Documents and Settings\philippe\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
    backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BITSUP]
    C:\DOCUME~1\philippe\APPLIC~1\HOPEME~1\film dumb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeeEnEs]
    C:\DOCUME~1\philippe\LOCALS~1\Temp\Répertoire temporaire 2 pour Deenes
    [1].zip\Deenes\DeeEnEs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor]
    --a------ 2003-06-18 11:57 466944 C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWireless]
    C:\Program Files\HP Wireless Adapter\HPWLAN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-04 07:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jkbxtm]
    c:\windows\system32\jkbxtm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2006-03-28 17:38 94208 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2002-08-28 21:39 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
    C:\Norman\Bin\ZLH.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUDGEMANIA]
    C:\Program Files\NudgeMania\NudgeMania.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
    C:\Program Files\Octoshape Streaming Services\philippe\OctoshapeClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2002-08-28 21:39 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2002-08-28 21:39 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registre]
    --a------ 2007-06-23 20:05 192537 C:\Windows\AVG-Run.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REV]
    --a------ 2004-10-23 23:13 1204224 C:\Program Files\Steam\steamapps\loganou84\counter-strike\Revolution_Script.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    --a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
    --a------ 2006-10-08 18:59 122880 C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2007-12-03 13:21 3461120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP]
    C:\Documents and Settings\philippe\Local Settings\Temp\Rar$EX26.172\Mes Serveurs\serveur_01.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Valve\\Condition Zero\\czero.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\aMSN\\bin\\wish.exe"=
    "C:\\WINDOWS\\System32\\ftp.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Steam\\steamapps\\loganou84\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Steam\\steamapps\\loganou84\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Steam\\steamapps\\loganou84\\counter-strike\\hltv\\hltv.exe"=
    "C:\\Program Files\\Steam\\steamapps\\loganou84\\dedicated server\\hlds.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:Starcraft
    "6112:UDP"= 6112:UDP:Starcraft

    R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
    R3 hpnuhst;HP NUSB Host;C:\WINDOWS\system32\DRIVERS\hpnuhst.sys [2006-08-16 19:03]
    R3 HPNUHUB;HP NUSB Hub;C:\WINDOWS\system32\DRIVERS\hpnuhub.sys [2006-08-16 19:03]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\philippe\LOCALS~1\Temp\DMSKSSRh.sys []
    S3 HPNUCMP;HP NUSB Composite;C:\WINDOWS\system32\DRIVERS\hpnucmp.sys [2006-08-16 19:03]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 RTLWUSB;Wireless Adapter;C:\WINDOWS\system32\DRIVERS\hpl8187.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
    S3 x-tern;x-tern;C:\DOCUME~1\philippe\LOCALS~1\Temp\Rar$EX01.985\x-tern.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d3ad90-b068-11dc-beff-0017335a1ac9}]
    \Shell\AutoRun\command - J:\start.exe
    \Shell\iledefrance\command - J:\start.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 12:11:52
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-09 12:20:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-09 11:20:04
    .
    2008-02-14 05:24:56 --- E O F ---
    ___________________________________________________________________________
    Apparament il m'a mit Explorer comme internet par defaut,puis-je remetre mozzila?

    bon appétit
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 09/03/2008 13:48:11  
    Voter pour ce message
    re, oui remet Firefox t'as bien raison :super:

    désinstalle BrowsingEnhancer via ajout/suppr de programmes

    puis post moi un nouveau rapport hijackthis stp ;)

    @++ :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    dark freestall
      
      :-)
          ?   @     Posté le 09/03/2008 13:57:03  
    Voter pour ce message
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:55:29, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O24 - Desktop Component 0: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1024.jpg
    O24 - Desktop Component 1: (no name) - http://www.verrens.ru/photos/050501/tn/DSC_1544.jpg
    O24 - Desktop Component 2: (no name) - http://www.verrens.ru/photos/050312/tn/DSC_1033.jpg

    --
    End of file - 7813 bytes
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 09/03/2008 18:33:27  
    Voter pour ce message
    re, :)

    1/ Relance HijackThis, coche cette ligne :



    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK



    --> clic sur fix checked

    2/ Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

    Mais clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://mickael.barroux.free.fr/securite/antivir.php
    - Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
    - Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

    -- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    - Ouvre Antivir par le menu Démarrer / Programmes
    - Cliquez sur l'onglet Scanner.
    - Sélectionne Manual Selection
    - Sélectionne le disque C
    - Lance le scan - Mets en quarantaine tous les éléments détectés.
    - Une fois le scan terminé Enregistre le rapport.

    Redémarre en mode normal.

    Poste le rapport ici.

    :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    dark freestall
      
      :-)
          ?   @     Posté le 10/03/2008 19:44:44  
    Voter pour ce message
    Bonsoir,Merci pour AntiVir il a l'air beaucoup plus efficace que avast!
    Sinon je fais au moins une foi par moi des scan en mode sans échec avec:"AVG Anti-Spyware","AD-Aware SE personal","Spybot" et un nettoyage avec "CCleaner"

    Voici le rapport:

    AntiVir PersonalEdition Classic
    Report file date: lundi 10 mars 2008 18:42

    Scanning for 1141684 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: philippe
    Computer name: BELOCHKA

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:35:22
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:35:22
    ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 17:35:22
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 10/03/2008 17:35:22
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/03/2008 17:35:22
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 10 mars 2008 18:42

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '33' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\BGT.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [INFO] The file was moved to '48297581.qua'!
    C:\WINDOWS\system32\TFTP996
    [DETECTION] Contains suspicious code HEUR/Crypted
    [INFO] The file was moved to '4829762d.qua'!
    C:\WINDOWS\system32\1049\svchost.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Snacktube.B.5 Backdoor server programs
    [INFO] The file was moved to '483876e2.qua'!
    C:\WINDOWS\Temp\kdayy.ren
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '48367762.qua'!
    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP6\A0004892.EXE
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '48057e04.qua'!
    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005142.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [INFO] The file was moved to '48057e19.qua'!
    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005143.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Snacktube.B.5 Backdoor server programs
    [INFO] The file was moved to '48057e1d.qua'!
    C:\FOUND.012\FILE0000.chk
    [DETECTION] Contains detection pattern of the worm WORM/Eyeveg.m.5.B
    [INFO] The file was moved to '48217e3a.qua'!


    End of the scan: lundi 10 mars 2008 19:32
    Used time: 50:03 min

    The scan has been done completely.

    6721 Scanning directories
    237380 Files were scanned
    7 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    8 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    237373 Files not concerned
    13884 Archives were scanned
    1 Warnings
    0 Notes
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 10/03/2008 20:13:41  
    Voter pour ce message
    bonsoir, c'est beaucoup mieux :super:

    Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
    (clique à gauche sur scan online).
    et post moi le rapport de ce scan ici une fois terminé !

    Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

    bonne soirée ;)
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    dark freestall
      
      :-)
          ?   @     Posté le 10/03/2008 20:36:33  
    Voter pour ce message
    Je suis entrain de faire le scan en ligne,mais il est serieux quand il dit que le temps éstimé du scan sera de 3heures environs?
    lol
    Ps:c'est pas grave si l'anti virus est activé pendant le scan?
    -->Message édité par dark freestall le 10/03/2008 20:42:18<--
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 10/03/2008 20:43:17  
    Voter pour ce message
    oui c'est long mais nécessaire, après je te lache :D

    pour l'antivirus tu peux le laisser ;)
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    dark freestall
      
      :-)
          ?   @     Posté le 10/03/2008 21:33:24  
    Voter pour ce message
    en sauvegardant le rapport je n'avais pas le choix,j'etais obliger de choisir HTLM,il y avait que sa comme truc.
    BitDefender Online Scanner







    Scan report generated at: Mon, Mar 10, 2008 - 21:22:15









    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;















    Statistics

    Time


    00:53:33

    Files


    208554

    Folders


    6726

    Boot Sectors


    2

    Archives


    14388

    Packed Files


    10202







    Results

    Identified Viruses


    1

    Infected Files


    2

    Suspect Files


    2

    Warnings


    0

    Disinfected


    0

    Deleted Files


    4







    Engines Info

    Virus Definitions


    986474

    Engine build


    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins


    16

    Archive plugins


    41

    Unpack plugins


    7

    E-mail plugins


    6

    System plugins


    5







    Scan Settings

    First Action


    Disinfect

    Second Action


    Delete

    Heuristics


    Yes

    Enable Warnings


    Yes

    Scanned Extensions


    *;

    Exclude Extensions




    Scan Emails


    Yes

    Scan Archives


    Yes

    Scan Packed


    Yes

    Scan Files


    Yes

    Scan Boot


    Yes








    Scanned File


    Status

    C:\WINDOWS\system32\1050\svchost.exe


    Infected with: Backdoor.Snacktube.B

    C:\WINDOWS\system32\1050\svchost.exe


    Disinfection failed

    C:\WINDOWS\system32\1050\svchost.exe


    Deleted

    C:\WINDOWS\icon_TMP\setup.bat


    Suspected of: BehavesLike:Bat.Malware

    C:\WINDOWS\icon_TMP\setup.bat


    Disinfection failed

    C:\WINDOWS\icon_TMP\setup.bat


    Deleted

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005153.exe


    Infected with: Backdoor.Snacktube.B

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005153.exe


    Disinfection failed

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005153.exe


    Deleted

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005154.bat


    Suspected of: BehavesLike:Bat.Malware

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005154.bat


    Disinfection failed

    C:\System Volume Information\_restore{727AA966-891D-4969-8924-AED2D7CAB259}\RP7\A0005154.bat


    Deleted
    naheulbeuk
      
      :-)
          ?   ^   @     Posté le 10/03/2008 21:55:37  
    Voter pour ce message
    re, :)

    supprime ces dossiers :

    C:\WINDOWS\system32\1050
    C:\WINDOWS\system32\1049
    C:\WINDOWS\icon_TMP

    puis vide ta corbeille

    tu n'as plus de souci ? bonne soirée :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    dark freestall
      
      :-)
          ?   @     Posté le 11/03/2008 06:54:29  
    Voter pour ce message
    Salut,
    je n'ai pas trouver les 2er dossiers.
    Enfaite dans le dossier windows il y a que system (pas system32),mon system32 se trouve dans un dossier qui s'appelle "$WIN_NT$.~BT" j'ai regarder dans les deux dossiers mais ils y sont pas.
    Sinon pour l'instant que je surf il n'y a plus de redirection sa ma l'aire ok :super:
    :hello:
    naheulbeuk